diff options
author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2017-07-12 09:22:58 -0400 |
---|---|---|
committer | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2017-07-12 09:22:58 -0400 |
commit | 02c46a3d4b270530335f542ad2926c50f1ba1b1f (patch) | |
tree | 9d8955d1077f529e9567da8f62d5aa07bddff652 /src/mongo/s/commands/cluster_ftdc_commands.cpp | |
parent | c92d85fea435f64aedec07a2b42cbc16833ede82 (diff) | |
download | mongo-02c46a3d4b270530335f542ad2926c50f1ba1b1f.tar.gz |
SERVER-28495 FTDC for MongoS
Diffstat (limited to 'src/mongo/s/commands/cluster_ftdc_commands.cpp')
-rw-r--r-- | src/mongo/s/commands/cluster_ftdc_commands.cpp | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/src/mongo/s/commands/cluster_ftdc_commands.cpp b/src/mongo/s/commands/cluster_ftdc_commands.cpp index f097353d1dc..61b35db405e 100644 --- a/src/mongo/s/commands/cluster_ftdc_commands.cpp +++ b/src/mongo/s/commands/cluster_ftdc_commands.cpp @@ -67,6 +67,28 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, const BSONObj& cmdObj) override { + + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( + ResourcePattern::forClusterResource(), ActionType::serverStatus)) { + return Status(ErrorCodes::Unauthorized, "Unauthorized"); + } + + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( + ResourcePattern::forClusterResource(), ActionType::replSetGetStatus)) { + return Status(ErrorCodes::Unauthorized, "Unauthorized"); + } + + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( + ResourcePattern::forClusterResource(), ActionType::connPoolStats)) { + return Status(ErrorCodes::Unauthorized, "Unauthorized"); + } + + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( + ResourcePattern::forExactNamespace(NamespaceString("local", "oplog.rs")), + ActionType::collStats)) { + return Status(ErrorCodes::Unauthorized, "Unauthorized"); + } + return Status::OK(); } @@ -76,9 +98,11 @@ public: std::string& errmsg, BSONObjBuilder& result) override { - errmsg = "getDiagnosticData not allowed through mongos"; + result.append( + "data", + FTDCController::get(opCtx->getServiceContext())->getMostRecentPeriodicDocument()); - return false; + return true; } }; |