diff options
| author | Jack Mulrow <jack.mulrow@mongodb.com> | 2020-01-09 17:51:42 +0000 |
|---|---|---|
| committer | evergreen <evergreen@mongodb.com> | 2020-01-09 17:51:42 +0000 |
| commit | 239faf80a16019dd5f5a84df0c858ce8937a9a91 (patch) | |
| tree | a585d70e5a2f0f6f90208a8396baf4658d22abb0 /src/mongo/s/commands/cluster_rwc_defaults_commands.cpp | |
| parent | f68734daa5e03a737bfea6703be9870769b0dbaf (diff) | |
| download | mongo-239faf80a16019dd5f5a84df0c858ce8937a9a91.tar.gz | |
SERVER-45038 Add privilege actions for getDefaultRWConcern and setDefaultRWConcern commands
Diffstat (limited to 'src/mongo/s/commands/cluster_rwc_defaults_commands.cpp')
| -rw-r--r-- | src/mongo/s/commands/cluster_rwc_defaults_commands.cpp | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/mongo/s/commands/cluster_rwc_defaults_commands.cpp b/src/mongo/s/commands/cluster_rwc_defaults_commands.cpp index 59f4449f239..9fef5fe6ecc 100644 --- a/src/mongo/s/commands/cluster_rwc_defaults_commands.cpp +++ b/src/mongo/s/commands/cluster_rwc_defaults_commands.cpp @@ -84,7 +84,11 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, const BSONObj& cmdObj) const override { - // TODO SERVER-45038: add and use privilege action + if (!AuthorizationSession::get(opCtx->getClient()) + ->isAuthorizedForPrivilege(Privilege{ResourcePattern::forClusterResource(), + ActionType::setDefaultRWConcern})) { + return Status(ErrorCodes::Unauthorized, "Unauthorized"); + } return Status::OK(); } @@ -141,8 +145,12 @@ public: return false; } - void doCheckAuthorization(OperationContext*) const override { - // TODO SERVER-45038: add and use privilege action + void doCheckAuthorization(OperationContext* opCtx) const override { + uassert(ErrorCodes::Unauthorized, + "Unauthorized", + AuthorizationSession::get(opCtx->getClient()) + ->isAuthorizedForPrivilege(Privilege{ResourcePattern::forClusterResource(), + ActionType::getDefaultRWConcern})); } NamespaceString ns() const override { |