diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2022-09-26 14:56:04 -0500 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2022-10-05 15:25:09 +0000 |
commit | 27d9725cf5272c63b412588a061e1dae0f65e682 (patch) | |
tree | c14538f5f1c27be8995c325fef49eecaa400d9ee /src/mongo/s/commands/cluster_drop_indexes_cmd.cpp | |
parent | fed2a61d2bfaaaa5183caa2d67df5b68d27e4080 (diff) | |
download | mongo-27d9725cf5272c63b412588a061e1dae0f65e682.tar.gz |
SERVER-70147 Migrate addRequiredPrivileges to checkAuthForOperation
Diffstat (limited to 'src/mongo/s/commands/cluster_drop_indexes_cmd.cpp')
-rw-r--r-- | src/mongo/s/commands/cluster_drop_indexes_cmd.cpp | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/src/mongo/s/commands/cluster_drop_indexes_cmd.cpp b/src/mongo/s/commands/cluster_drop_indexes_cmd.cpp index 45b20abae15..076b8a1d61d 100644 --- a/src/mongo/s/commands/cluster_drop_indexes_cmd.cpp +++ b/src/mongo/s/commands/cluster_drop_indexes_cmd.cpp @@ -30,6 +30,7 @@ #include "mongo/platform/basic.h" +#include "mongo/db/auth/authorization_session.h" #include "mongo/db/commands.h" #include "mongo/logv2/log.h" #include "mongo/rpc/get_status_from_command_result.h" @@ -62,12 +63,16 @@ public: return false; } - void addRequiredPrivileges(const std::string& dbname, - const BSONObj& cmdObj, - std::vector<Privilege>* out) const override { - ActionSet actions; - actions.addAction(ActionType::dropIndex); - out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); + Status checkAuthForOperation(OperationContext* opCtx, + const DatabaseName& dbName, + const BSONObj& cmdObj) const override { + auto* as = AuthorizationSession::get(opCtx->getClient()); + if (!as->isAuthorizedForActionsOnResource(parseResourcePattern(dbName.db(), cmdObj), + ActionType::dropIndex)) { + return {ErrorCodes::Unauthorized, "unauthorized"}; + } + + return Status::OK(); } void validateResult(const BSONObj& resultObj) final { |