diff options
author | Lynne Wang <lynne.wang@mongodb.com> | 2022-07-27 19:07:28 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2022-07-27 21:50:28 +0000 |
commit | bdba8656b3601907264ffd089b0b55c171971272 (patch) | |
tree | 73469ead2ba205f78e251d15f2986886dc9f5685 /src/mongo/s/commands/cluster_analyze_cmd.cpp | |
parent | ded3208f1b21529a5bee4d322c1d16d858864587 (diff) | |
download | mongo-bdba8656b3601907264ffd089b0b55c171971272.tar.gz |
SERVER-67656 Implement authorization checks for the analyze command
Diffstat (limited to 'src/mongo/s/commands/cluster_analyze_cmd.cpp')
-rw-r--r-- | src/mongo/s/commands/cluster_analyze_cmd.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/mongo/s/commands/cluster_analyze_cmd.cpp b/src/mongo/s/commands/cluster_analyze_cmd.cpp index 6d529282762..04dae01aadf 100644 --- a/src/mongo/s/commands/cluster_analyze_cmd.cpp +++ b/src/mongo/s/commands/cluster_analyze_cmd.cpp @@ -28,6 +28,7 @@ */ #include "mongo/bson/bsonobj.h" +#include "mongo/db/auth/authorization_session.h" #include "mongo/db/commands.h" #include "mongo/db/query/analyze_command_gen.h" #include "mongo/db/query/query_feature_flags_gen.h" @@ -104,7 +105,12 @@ public: private: void doCheckAuthorization(OperationContext* opCtx) const override { - // TODO SERVER-67656 + auto* authzSession = AuthorizationSession::get(opCtx->getClient()); + const NamespaceString& ns = request().getNamespace(); + + uassert(ErrorCodes::Unauthorized, + str::stream() << "Not authorized to call analyze on collection " << ns, + authzSession->isAuthorizedForActionsOnNamespace(ns, ActionType::analyze)); } }; } clusterAnalyzeCmd; |