diff options
| author | Billy Donahue <billy.donahue@mongodb.com> | 2018-02-05 14:31:11 -0500 |
|---|---|---|
| committer | Billy Donahue <billy.donahue@mongodb.com> | 2018-02-06 10:16:15 -0500 |
| commit | 09d4e0d92d5678a21de3cf6138631998c62d20fb (patch) | |
| tree | 16bec911c97f81bfd37ef58dbc76d6536e21885a /src | |
| parent | 1f376bcf8824df1a6122c297d5205daa1e6ff8a7 (diff) | |
| download | mongo-09d4e0d92d5678a21de3cf6138631998c62d20fb.tar.gz | |
SERVER-33136 const-ify the command auth accessors
Diffstat (limited to 'src')
172 files changed, 280 insertions, 274 deletions
diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp index 14466871bed..68ca51a83e5 100644 --- a/src/mongo/db/auth/sasl_commands.cpp +++ b/src/mongo/db/auth/sasl_commands.cpp @@ -68,7 +68,7 @@ public: virtual void addRequiredPrivileges(const std::string&, const BSONObj&, - std::vector<Privilege>*) {} + std::vector<Privilege>*) const {} void redactForLogging(mutablebson::Document* cmdObj) const override; @@ -96,7 +96,7 @@ public: virtual void addRequiredPrivileges(const std::string&, const BSONObj&, - std::vector<Privilege>*) {} + std::vector<Privilege>*) const {} virtual bool run(OperationContext* opCtx, const std::string& db, diff --git a/src/mongo/db/commands.cpp b/src/mongo/db/commands.cpp index 603e1faad33..de3deb40edb 100644 --- a/src/mongo/db/commands.cpp +++ b/src/mongo/db/commands.cpp @@ -349,20 +349,21 @@ Status Command::explain(OperationContext* opCtx, return {ErrorCodes::IllegalOperation, str::stream() << "Cannot explain cmd: " << getName()}; } -Status BasicCommand::checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) { +Status BasicCommand::checkAuthForRequest(OperationContext* opCtx, + const OpMsgRequest& request) const { uassertNoDocumentSequences(request); return checkAuthForOperation(opCtx, request.getDatabase().toString(), request.body); } Status BasicCommand::checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return checkAuthForCommand(opCtx->getClient(), dbname, cmdObj); } Status BasicCommand::checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { std::vector<Privilege> privileges; this->addRequiredPrivileges(dbname, cmdObj, &privileges); if (AuthorizationSession::get(client)->isAuthorizedForPrivileges(privileges)) @@ -458,7 +459,7 @@ void Command::generateHelpResponse(OperationContext* opCtx, replyBuilder->setMetadata(rpc::makeEmptyMetadata()); } -void BasicCommand::uassertNoDocumentSequences(const OpMsgRequest& request) { +void BasicCommand::uassertNoDocumentSequences(const OpMsgRequest& request) const { uassert(40472, str::stream() << "The " << getName() << " command does not support document sequences.", request.sequences.empty()); diff --git a/src/mongo/db/commands.h b/src/mongo/db/commands.h index b301df2d131..9876e96b1c3 100644 --- a/src/mongo/db/commands.h +++ b/src/mongo/db/commands.h @@ -310,7 +310,8 @@ public: * Checks if the client associated with the given OperationContext is authorized to run this * command. */ - virtual Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) = 0; + virtual Status checkAuthForRequest(OperationContext* opCtx, + const OpMsgRequest& request) const = 0; /** * Redacts "cmdObj" in-place to a form suitable for writing to logs. @@ -502,7 +503,7 @@ public: */ virtual Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj); + const BSONObj& cmdObj) const; private: // @@ -517,7 +518,7 @@ private: */ virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj); + const BSONObj& cmdObj) const; /** * Appends to "*out" the privileges required to run this command on database "dbname" with @@ -526,7 +527,7 @@ private: */ virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { // The default implementation of addRequiredPrivileges should never be hit. fassertFailed(16940); } @@ -545,9 +546,9 @@ private: /** * Calls checkAuthForOperation. */ - Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) final; + Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) const final; - void uassertNoDocumentSequences(const OpMsgRequest& request); + void uassertNoDocumentSequences(const OpMsgRequest& request) const; }; /** diff --git a/src/mongo/db/commands/apply_ops_cmd.cpp b/src/mongo/db/commands/apply_ops_cmd.cpp index f80e38bb0b5..8f34bb2243e 100644 --- a/src/mongo/db/commands/apply_ops_cmd.cpp +++ b/src/mongo/db/commands/apply_ops_cmd.cpp @@ -217,7 +217,7 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { OplogApplicationValidity validity = validateApplyOpsCommand(cmdObj); return OplogApplicationChecks::checkAuthForCommand(opCtx, dbname, cmdObj, validity); } diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp index 0b925c3d84c..a9d39eda35d 100644 --- a/src/mongo/db/commands/authentication_commands.cpp +++ b/src/mongo/db/commands/authentication_commands.cpp @@ -111,7 +111,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) final { + std::vector<Privilege>* out) const final { // No auth required since this command was explicitly part // of an authentication workflow. } @@ -264,7 +264,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required std::string help() const override { return "de-authenticate"; } diff --git a/src/mongo/db/commands/authentication_commands.h b/src/mongo/db/commands/authentication_commands.h index 5e886827256..c79dc4a6979 100644 --- a/src/mongo/db/commands/authentication_commands.h +++ b/src/mongo/db/commands/authentication_commands.h @@ -51,7 +51,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required CmdAuthenticate() : BasicCommand("authenticate") {} bool run(OperationContext* opCtx, diff --git a/src/mongo/db/commands/clone.cpp b/src/mongo/db/commands/clone.cpp index 0e50419a5df..e8f305b8b3b 100644 --- a/src/mongo/db/commands/clone.cpp +++ b/src/mongo/db/commands/clone.cpp @@ -71,7 +71,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { ActionSet actions; actions.addAction(ActionType::insert); actions.addAction(ActionType::createIndex); diff --git a/src/mongo/db/commands/clone_collection.cpp b/src/mongo/db/commands/clone_collection.cpp index 493ea75d044..abaafb799e0 100644 --- a/src/mongo/db/commands/clone_collection.cpp +++ b/src/mongo/db/commands/clone_collection.cpp @@ -77,7 +77,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { std::string ns = parseNs(dbname, cmdObj); ActionSet actions; diff --git a/src/mongo/db/commands/collection_to_capped.cpp b/src/mongo/db/commands/collection_to_capped.cpp index 56dad067123..6f5929b6aae 100644 --- a/src/mongo/db/commands/collection_to_capped.cpp +++ b/src/mongo/db/commands/collection_to_capped.cpp @@ -63,7 +63,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet sourceActions; sourceActions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), sourceActions)); @@ -162,7 +162,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::convertToCapped); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/compact.cpp b/src/mongo/db/commands/compact.cpp index 4a52700118c..4426d196e80 100644 --- a/src/mongo/db/commands/compact.cpp +++ b/src/mongo/db/commands/compact.cpp @@ -69,7 +69,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::compact); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/conn_pool_stats.cpp b/src/mongo/db/commands/conn_pool_stats.cpp index e799257d923..ac1a87973e8 100644 --- a/src/mongo/db/commands/conn_pool_stats.cpp +++ b/src/mongo/db/commands/conn_pool_stats.cpp @@ -63,7 +63,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::connPoolStats); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/conn_pool_sync.cpp b/src/mongo/db/commands/conn_pool_sync.cpp index ecf135bb7e6..cd3526bb885 100644 --- a/src/mongo/db/commands/conn_pool_sync.cpp +++ b/src/mongo/db/commands/conn_pool_sync.cpp @@ -48,7 +48,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::connPoolSync); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/connection_status.cpp b/src/mongo/db/commands/connection_status.cpp index 80b4fdd9e2c..1b0ebef49e9 100644 --- a/src/mongo/db/commands/connection_status.cpp +++ b/src/mongo/db/commands/connection_status.cpp @@ -49,7 +49,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required std::string help() const override { return "Returns connection-specific information such as logged-in users and their roles"; diff --git a/src/mongo/db/commands/copydb.cpp b/src/mongo/db/commands/copydb.cpp index 99178166050..1681f1883a1 100644 --- a/src/mongo/db/commands/copydb.cpp +++ b/src/mongo/db/commands/copydb.cpp @@ -105,7 +105,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return copydb::checkAuthForCopydbCommand(client, dbname, cmdObj); } diff --git a/src/mongo/db/commands/copydb_start_commands.cpp b/src/mongo/db/commands/copydb_start_commands.cpp index 6f675971ea0..1006c04600b 100644 --- a/src/mongo/db/commands/copydb_start_commands.cpp +++ b/src/mongo/db/commands/copydb_start_commands.cpp @@ -88,7 +88,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { // No auth required return Status::OK(); } diff --git a/src/mongo/db/commands/count_cmd.cpp b/src/mongo/db/commands/count_cmd.cpp index 336bcad29e0..61b057fd645 100644 --- a/src/mongo/db/commands/count_cmd.cpp +++ b/src/mongo/db/commands/count_cmd.cpp @@ -95,7 +95,7 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); if (!authSession->isAuthorizedToParseNamespaceElement(cmdObj.firstElement())) { diff --git a/src/mongo/db/commands/cpuload.cpp b/src/mongo/db/commands/cpuload.cpp index 587ee0af693..1b388967b32 100644 --- a/src/mongo/db/commands/cpuload.cpp +++ b/src/mongo/db/commands/cpuload.cpp @@ -57,7 +57,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required virtual bool run(OperationContext* txn, const string& badns, const BSONObj& cmdObj, diff --git a/src/mongo/db/commands/create_indexes.cpp b/src/mongo/db/commands/create_indexes.cpp index a38c935163c..830d7098f78 100644 --- a/src/mongo/db/commands/create_indexes.cpp +++ b/src/mongo/db/commands/create_indexes.cpp @@ -222,7 +222,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { ActionSet actions; actions.addAction(ActionType::createIndex); Privilege p(parseResourcePattern(dbname, cmdObj), actions); diff --git a/src/mongo/db/commands/current_op.cpp b/src/mongo/db/commands/current_op.cpp index c742e9fba31..04311da1d43 100644 --- a/src/mongo/db/commands/current_op.cpp +++ b/src/mongo/db/commands/current_op.cpp @@ -48,7 +48,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbName, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { AuthorizationSession* authzSession = AuthorizationSession::get(client); if (authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), ActionType::inprog)) { diff --git a/src/mongo/db/commands/dbcheck.cpp b/src/mongo/db/commands/dbcheck.cpp index 3cbc2abe362..e7411fb0962 100644 --- a/src/mongo/db/commands/dbcheck.cpp +++ b/src/mongo/db/commands/dbcheck.cpp @@ -515,7 +515,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { // For now, just use `find` permissions. const NamespaceString nss(parseNs(dbname, cmdObj)); diff --git a/src/mongo/db/commands/dbcommands.cpp b/src/mongo/db/commands/dbcommands.cpp index e469c641ec6..fb23ebb8dd4 100644 --- a/src/mongo/db/commands/dbcommands.cpp +++ b/src/mongo/db/commands/dbcommands.cpp @@ -153,7 +153,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::dropDatabase); out->push_back(Privilege(ResourcePattern::forDatabaseName(dbname), actions)); @@ -227,7 +227,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::repairDatabase); out->push_back(Privilege(ResourcePattern::forDatabaseName(dbname), actions)); @@ -314,7 +314,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { AuthorizationSession* authzSession = AuthorizationSession::get(client); if (cmdObj.firstElement().numberInt() == -1 && !cmdObj.hasField("slowms") && @@ -404,7 +404,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::dropCollection); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -470,7 +470,7 @@ public: } virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { const NamespaceString nss(parseNs(dbname, cmdObj)); return AuthorizationSession::get(client)->checkAuthForCreate(nss, cmdObj, false); } @@ -599,7 +599,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), ActionType::find)); } @@ -768,7 +768,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -910,7 +910,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::collStats); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -959,7 +959,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { const NamespaceString nss(parseNs(dbname, cmdObj)); return AuthorizationSession::get(client)->checkAuthForCollMod(nss, cmdObj, false); } @@ -992,7 +992,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::dbStats); out->push_back(Privilege(ResourcePattern::forDatabaseName(dbname), actions)); @@ -1085,7 +1085,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required virtual bool run(OperationContext* opCtx, const string& dbname, const BSONObj& cmdObj, @@ -1107,7 +1107,7 @@ public: } virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return Status::OK(); } diff --git a/src/mongo/db/commands/dbhash.cpp b/src/mongo/db/commands/dbhash.cpp index e16a3068d12..55d431b63f4 100644 --- a/src/mongo/db/commands/dbhash.cpp +++ b/src/mongo/db/commands/dbhash.cpp @@ -68,7 +68,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::dbHash); out->push_back(Privilege(ResourcePattern::forDatabaseName(dbname), actions)); diff --git a/src/mongo/db/commands/distinct.cpp b/src/mongo/db/commands/distinct.cpp index 99e42d567ae..1a4902b6158 100644 --- a/src/mongo/db/commands/distinct.cpp +++ b/src/mongo/db/commands/distinct.cpp @@ -100,7 +100,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/do_txn_cmd.cpp b/src/mongo/db/commands/do_txn_cmd.cpp index 20ea0938360..76b019c1b6f 100644 --- a/src/mongo/db/commands/do_txn_cmd.cpp +++ b/src/mongo/db/commands/do_txn_cmd.cpp @@ -146,7 +146,7 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { OplogApplicationValidity validity = validateDoTxnCommand(cmdObj); return OplogApplicationChecks::checkAuthForCommand(opCtx, dbname, cmdObj, validity); } diff --git a/src/mongo/db/commands/driverHelpers.cpp b/src/mongo/db/commands/driverHelpers.cpp index 9caef43f7b1..f6788ce5915 100644 --- a/src/mongo/db/commands/driverHelpers.cpp +++ b/src/mongo/db/commands/driverHelpers.cpp @@ -70,7 +70,7 @@ public: ObjectIdTest() : BasicDriverHelper("driverOIDTest") {} virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required virtual bool errmsgRun(OperationContext* opCtx, const string&, const BSONObj& cmdObj, diff --git a/src/mongo/db/commands/drop_indexes.cpp b/src/mongo/db/commands/drop_indexes.cpp index 11cbed2f00c..bf46dab3401 100644 --- a/src/mongo/db/commands/drop_indexes.cpp +++ b/src/mongo/db/commands/drop_indexes.cpp @@ -77,7 +77,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::dropIndex); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -107,7 +107,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::reIndex); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/end_sessions_command.cpp b/src/mongo/db/commands/end_sessions_command.cpp index 9397d39f841..032efaf0a67 100644 --- a/src/mongo/db/commands/end_sessions_command.cpp +++ b/src/mongo/db/commands/end_sessions_command.cpp @@ -58,7 +58,7 @@ public: } Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { // It is always ok to run this command, as long as you are authenticated // as some user, if auth is enabled. AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); diff --git a/src/mongo/db/commands/eval.cpp b/src/mongo/db/commands/eval.cpp index 0ae44555037..6d94aa40990 100644 --- a/src/mongo/db/commands/eval.cpp +++ b/src/mongo/db/commands/eval.cpp @@ -168,7 +168,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { RoleGraph::generateUniversalPrivileges(out); } diff --git a/src/mongo/db/commands/explain_cmd.cpp b/src/mongo/db/commands/explain_cmd.cpp index 0c5ffb15a06..a525ba4c0ce 100644 --- a/src/mongo/db/commands/explain_cmd.cpp +++ b/src/mongo/db/commands/explain_cmd.cpp @@ -100,7 +100,7 @@ public: */ virtual Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { if (Object != cmdObj.firstElement().type()) { return Status(ErrorCodes::BadValue, "explain command requires a nested object"); } diff --git a/src/mongo/db/commands/fail_point_cmd.cpp b/src/mongo/db/commands/fail_point_cmd.cpp index 940bc33e6a4..6bef1019d0c 100644 --- a/src/mongo/db/commands/fail_point_cmd.cpp +++ b/src/mongo/db/commands/fail_point_cmd.cpp @@ -83,7 +83,7 @@ public: // No auth needed because it only works when enabled via command line. virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} + std::vector<Privilege>* out) const {} std::string help() const override { return "modifies the settings of a fail point"; diff --git a/src/mongo/db/commands/find_and_modify.cpp b/src/mongo/db/commands/find_and_modify.cpp index d5ebaf935c5..b999b982835 100644 --- a/src/mongo/db/commands/find_and_modify.cpp +++ b/src/mongo/db/commands/find_and_modify.cpp @@ -237,7 +237,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { find_and_modify::addPrivilegesRequiredForFindAndModify(this, dbname, cmdObj, out); } diff --git a/src/mongo/db/commands/find_and_modify_common.cpp b/src/mongo/db/commands/find_and_modify_common.cpp index f61c205bb9c..5b3d6eb02d9 100644 --- a/src/mongo/db/commands/find_and_modify_common.cpp +++ b/src/mongo/db/commands/find_and_modify_common.cpp @@ -41,7 +41,7 @@ namespace mongo { namespace find_and_modify { -void addPrivilegesRequiredForFindAndModify(Command* commandTemplate, +void addPrivilegesRequiredForFindAndModify(const Command* commandTemplate, const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out) { diff --git a/src/mongo/db/commands/find_and_modify_common.h b/src/mongo/db/commands/find_and_modify_common.h index cd6c08e7c25..899cebda97e 100644 --- a/src/mongo/db/commands/find_and_modify_common.h +++ b/src/mongo/db/commands/find_and_modify_common.h @@ -40,7 +40,7 @@ class Command; namespace find_and_modify { -void addPrivilegesRequiredForFindAndModify(Command* commandTemplate, +void addPrivilegesRequiredForFindAndModify(const Command* commandTemplate, const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out); diff --git a/src/mongo/db/commands/find_cmd.cpp b/src/mongo/db/commands/find_cmd.cpp index 494542a3279..c337efc9389 100644 --- a/src/mongo/db/commands/find_cmd.cpp +++ b/src/mongo/db/commands/find_cmd.cpp @@ -113,7 +113,7 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); if (!authSession->isAuthorizedToParseNamespaceElement(cmdObj.firstElement())) { diff --git a/src/mongo/db/commands/fsync.cpp b/src/mongo/db/commands/fsync.cpp index 7c4a3799007..0aa673971c2 100644 --- a/src/mongo/db/commands/fsync.cpp +++ b/src/mongo/db/commands/fsync.cpp @@ -112,7 +112,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::fsync); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -283,7 +283,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::unlock); diff --git a/src/mongo/db/commands/generic.cpp b/src/mongo/db/commands/generic.cpp index 3d7115528f7..976a6e5f17a 100644 --- a/src/mongo/db/commands/generic.cpp +++ b/src/mongo/db/commands/generic.cpp @@ -86,7 +86,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required std::string help() const override { return "get version #, etc.\n" "{ buildinfo:1 }"; @@ -122,7 +122,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required virtual bool requiresAuth() const override { return false; } @@ -149,7 +149,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required virtual bool run(OperationContext* opCtx, const string& ns, const BSONObj& cmdObj, @@ -186,7 +186,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::hostInfo); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -232,7 +232,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::logRotate); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -266,7 +266,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required virtual bool run(OperationContext* opCtx, const string& ns, const BSONObj& cmdObj, @@ -315,7 +315,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::getLog); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -386,7 +386,7 @@ public: } Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { // No access control needed since this command is a testing-only command that must be // enabled at the command line. return Status::OK(); @@ -441,7 +441,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::getCmdLineOpts); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -464,7 +464,7 @@ int* volatile illegalAddress; // NOLINT - used for fail point only void CmdShutdown::addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::shutdown); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/geo_near_cmd.cpp b/src/mongo/db/commands/geo_near_cmd.cpp index 7cf8a3b7e02..6001eef5786 100644 --- a/src/mongo/db/commands/geo_near_cmd.cpp +++ b/src/mongo/db/commands/geo_near_cmd.cpp @@ -97,7 +97,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/get_last_error.cpp b/src/mongo/db/commands/get_last_error.cpp index 0eb1a9939a0..7828b3ecfdd 100644 --- a/src/mongo/db/commands/get_last_error.cpp +++ b/src/mongo/db/commands/get_last_error.cpp @@ -65,7 +65,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required bool requiresAuth() const override { return false; @@ -95,7 +95,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required bool requiresAuth() const override { return false; @@ -321,7 +321,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required CmdGetPrevError() : BasicCommand("getPrevError", "getpreverror") {} bool run(OperationContext* opCtx, const string& dbname, diff --git a/src/mongo/db/commands/getmore_cmd.cpp b/src/mongo/db/commands/getmore_cmd.cpp index 16e5261dbde..1e57c922448 100644 --- a/src/mongo/db/commands/getmore_cmd.cpp +++ b/src/mongo/db/commands/getmore_cmd.cpp @@ -140,7 +140,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { StatusWith<GetMoreRequest> parseStatus = GetMoreRequest::parseFromBSON(dbname, cmdObj); if (!parseStatus.isOK()) { return parseStatus.getStatus(); diff --git a/src/mongo/db/commands/group_cmd.cpp b/src/mongo/db/commands/group_cmd.cpp index 62f9ee7bbb3..c9f6d8311b8 100644 --- a/src/mongo/db/commands/group_cmd.cpp +++ b/src/mongo/db/commands/group_cmd.cpp @@ -95,7 +95,7 @@ private: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { const NamespaceString nss(parseNs(dbname, cmdObj)); if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnNamespace( diff --git a/src/mongo/db/commands/hashcmd.cpp b/src/mongo/db/commands/hashcmd.cpp index 021ccfd573a..3339c48e2d1 100644 --- a/src/mongo/db/commands/hashcmd.cpp +++ b/src/mongo/db/commands/hashcmd.cpp @@ -62,7 +62,7 @@ public: // No auth needed because it only works when enabled via command line. virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} + std::vector<Privilege>* out) const {} std::string help() const override { return "returns the hash of the first BSONElement val in a BSONObj"; } diff --git a/src/mongo/db/commands/haystack.cpp b/src/mongo/db/commands/haystack.cpp index 61ccbbb00bc..c8fa1d279f3 100644 --- a/src/mongo/db/commands/haystack.cpp +++ b/src/mongo/db/commands/haystack.cpp @@ -88,7 +88,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/index_filter_commands.cpp b/src/mongo/db/commands/index_filter_commands.cpp index 5bbae6c6de0..2f2a4fa3863 100644 --- a/src/mongo/db/commands/index_filter_commands.cpp +++ b/src/mongo/db/commands/index_filter_commands.cpp @@ -139,7 +139,7 @@ std::string IndexFilterCommand::help() const { Status IndexFilterCommand::checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); diff --git a/src/mongo/db/commands/index_filter_commands.h b/src/mongo/db/commands/index_filter_commands.h index 72f758806c5..d947f198573 100644 --- a/src/mongo/db/commands/index_filter_commands.h +++ b/src/mongo/db/commands/index_filter_commands.h @@ -80,7 +80,7 @@ public: */ virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj); + const BSONObj& cmdObj) const; /** * Subset of command arguments used by index filter commands diff --git a/src/mongo/db/commands/isself.cpp b/src/mongo/db/commands/isself.cpp index e3c7d077aae..b274a85e963 100644 --- a/src/mongo/db/commands/isself.cpp +++ b/src/mongo/db/commands/isself.cpp @@ -53,7 +53,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required bool run(OperationContext* opCtx, const string& dbname, const BSONObj& cmdObj, diff --git a/src/mongo/db/commands/kill_all_sessions_by_pattern_command.cpp b/src/mongo/db/commands/kill_all_sessions_by_pattern_command.cpp index 645c5e83c2c..583e1a71e44 100644 --- a/src/mongo/db/commands/kill_all_sessions_by_pattern_command.cpp +++ b/src/mongo/db/commands/kill_all_sessions_by_pattern_command.cpp @@ -71,7 +71,7 @@ public: } Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); if (!authSession->isAuthorizedForPrivilege( Privilege{ResourcePattern::forClusterResource(), ActionType::killAnySession})) { diff --git a/src/mongo/db/commands/kill_all_sessions_command.cpp b/src/mongo/db/commands/kill_all_sessions_command.cpp index 4605a5f1964..06d5d857fb2 100644 --- a/src/mongo/db/commands/kill_all_sessions_command.cpp +++ b/src/mongo/db/commands/kill_all_sessions_command.cpp @@ -71,7 +71,7 @@ public: } Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); if (!authSession->isAuthorizedForPrivilege( Privilege{ResourcePattern::forClusterResource(), ActionType::killAnySession})) { diff --git a/src/mongo/db/commands/kill_op.cpp b/src/mongo/db/commands/kill_op.cpp index 8cc2754e919..61be46cbf9b 100644 --- a/src/mongo/db/commands/kill_op.cpp +++ b/src/mongo/db/commands/kill_op.cpp @@ -105,7 +105,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { AuthorizationSession* authzSession = AuthorizationSession::get(client); if (authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), diff --git a/src/mongo/db/commands/kill_sessions_command.cpp b/src/mongo/db/commands/kill_sessions_command.cpp index 55f8dfc1a2d..3a4e5f08c9f 100644 --- a/src/mongo/db/commands/kill_sessions_command.cpp +++ b/src/mongo/db/commands/kill_sessions_command.cpp @@ -100,7 +100,7 @@ public: // Any user can kill their own sessions Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { return Status::OK(); } diff --git a/src/mongo/db/commands/killcursors_common.cpp b/src/mongo/db/commands/killcursors_common.cpp index 51c7909f107..17933cf2cad 100644 --- a/src/mongo/db/commands/killcursors_common.cpp +++ b/src/mongo/db/commands/killcursors_common.cpp @@ -41,7 +41,7 @@ namespace mongo { Status KillCursorsCmdBase::checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { const auto statusWithRequest = KillCursorsRequest::parseFromBSON(dbname, cmdObj); if (!statusWithRequest.isOK()) { return statusWithRequest.getStatus(); diff --git a/src/mongo/db/commands/killcursors_common.h b/src/mongo/db/commands/killcursors_common.h index 90541adc709..ce8d8e30141 100644 --- a/src/mongo/db/commands/killcursors_common.h +++ b/src/mongo/db/commands/killcursors_common.h @@ -67,7 +67,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final; + const BSONObj& cmdObj) const final; bool run(OperationContext* opCtx, const std::string& dbname, diff --git a/src/mongo/db/commands/list_collections.cpp b/src/mongo/db/commands/list_collections.cpp index b92c59034ba..fcc11f66297 100644 --- a/src/mongo/db/commands/list_collections.cpp +++ b/src/mongo/db/commands/list_collections.cpp @@ -213,7 +213,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { AuthorizationSession* authzSession = AuthorizationSession::get(client); if (authzSession->isAuthorizedToListCollections(dbname)) { diff --git a/src/mongo/db/commands/list_databases.cpp b/src/mongo/db/commands/list_databases.cpp index 99bc8166021..a2112a5eeaa 100644 --- a/src/mongo/db/commands/list_databases.cpp +++ b/src/mongo/db/commands/list_databases.cpp @@ -78,7 +78,7 @@ public: */ Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { return Status::OK(); } diff --git a/src/mongo/db/commands/list_indexes.cpp b/src/mongo/db/commands/list_indexes.cpp index cef7130a20c..cad5073ffe3 100644 --- a/src/mongo/db/commands/list_indexes.cpp +++ b/src/mongo/db/commands/list_indexes.cpp @@ -92,7 +92,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { AuthorizationSession* authzSession = AuthorizationSession::get(client); if (!authzSession->isAuthorizedToParseNamespaceElement(cmdObj.firstElement())) { diff --git a/src/mongo/db/commands/lock_info.cpp b/src/mongo/db/commands/lock_info.cpp index 3e16e220e39..437813b2447 100644 --- a/src/mongo/db/commands/lock_info.cpp +++ b/src/mongo/db/commands/lock_info.cpp @@ -67,7 +67,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::serverStatus); return isAuthorized ? Status::OK() : Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/commands/mr.cpp b/src/mongo/db/commands/mr.cpp index ce7d144bfcc..49e47dcbb2f 100644 --- a/src/mongo/db/commands/mr.cpp +++ b/src/mongo/db/commands/mr.cpp @@ -1376,7 +1376,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { addPrivilegesRequiredForMapReduce(this, dbname, cmdObj, out); } @@ -1702,7 +1702,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::internal); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/mr.h b/src/mongo/db/commands/mr.h index c46e0d9c48a..27cb8688f01 100644 --- a/src/mongo/db/commands/mr.h +++ b/src/mongo/db/commands/mr.h @@ -413,7 +413,7 @@ protected: BSONObj fast_emit(const BSONObj& args, void* data); BSONObj _bailFromJS(const BSONObj& args, void* data); -void addPrivilegesRequiredForMapReduce(Command* commandTemplate, +void addPrivilegesRequiredForMapReduce(const Command* commandTemplate, const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out); diff --git a/src/mongo/db/commands/mr_common.cpp b/src/mongo/db/commands/mr_common.cpp index 0ca08c82aa0..89e1d2309f5 100644 --- a/src/mongo/db/commands/mr_common.cpp +++ b/src/mongo/db/commands/mr_common.cpp @@ -99,7 +99,7 @@ Config::OutputOptions Config::parseOutputOptions(const std::string& dbname, cons return outputOptions; } -void addPrivilegesRequiredForMapReduce(Command* commandTemplate, +void addPrivilegesRequiredForMapReduce(const Command* commandTemplate, const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out) { diff --git a/src/mongo/db/commands/oplog_note.cpp b/src/mongo/db/commands/oplog_note.cpp index 2f1d06b79b5..408e73fe0d7 100644 --- a/src/mongo/db/commands/oplog_note.cpp +++ b/src/mongo/db/commands/oplog_note.cpp @@ -105,7 +105,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::appendOplogNote)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/commands/parallel_collection_scan.cpp b/src/mongo/db/commands/parallel_collection_scan.cpp index 8a79411fc44..7df60e020a7 100644 --- a/src/mongo/db/commands/parallel_collection_scan.cpp +++ b/src/mongo/db/commands/parallel_collection_scan.cpp @@ -73,7 +73,7 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); if (!authSession->isAuthorizedToParseNamespaceElement(cmdObj.firstElement())) { diff --git a/src/mongo/db/commands/parameters.cpp b/src/mongo/db/commands/parameters.cpp index 391a1ffded8..d46bb62cc23 100644 --- a/src/mongo/db/commands/parameters.cpp +++ b/src/mongo/db/commands/parameters.cpp @@ -78,7 +78,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::getParameter); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -129,7 +129,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::setParameter); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/pipeline_command.cpp b/src/mongo/db/commands/pipeline_command.cpp index ae607f2713f..90a9c5f1852 100644 --- a/src/mongo/db/commands/pipeline_command.cpp +++ b/src/mongo/db/commands/pipeline_command.cpp @@ -74,7 +74,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { const NamespaceString nss(AggregationRequest::parseNs(dbname, cmdObj)); return AuthorizationSession::get(client)->checkAuthForAggregate(nss, cmdObj, false); } diff --git a/src/mongo/db/commands/plan_cache_commands.cpp b/src/mongo/db/commands/plan_cache_commands.cpp index a76100a90c7..db7cb438d79 100644 --- a/src/mongo/db/commands/plan_cache_commands.cpp +++ b/src/mongo/db/commands/plan_cache_commands.cpp @@ -134,7 +134,7 @@ std::string PlanCacheCommand::help() const { Status PlanCacheCommand::checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); diff --git a/src/mongo/db/commands/plan_cache_commands.h b/src/mongo/db/commands/plan_cache_commands.h index c883a189820..993c3714c93 100644 --- a/src/mongo/db/commands/plan_cache_commands.h +++ b/src/mongo/db/commands/plan_cache_commands.h @@ -75,7 +75,7 @@ public: */ virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj); + const BSONObj& cmdObj) const; /** * Subset of command arguments used by plan cache commands * Override to provide command functionality. diff --git a/src/mongo/db/commands/reap_logical_session_cache_now.cpp b/src/mongo/db/commands/reap_logical_session_cache_now.cpp index f04ee086359..e17d961c4f7 100644 --- a/src/mongo/db/commands/reap_logical_session_cache_now.cpp +++ b/src/mongo/db/commands/reap_logical_session_cache_now.cpp @@ -63,7 +63,7 @@ public: // No auth needed because it only works when enabled via command line. Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { return Status::OK(); } diff --git a/src/mongo/db/commands/refresh_logical_session_cache_now.cpp b/src/mongo/db/commands/refresh_logical_session_cache_now.cpp index ff3e018eede..19004e92b61 100644 --- a/src/mongo/db/commands/refresh_logical_session_cache_now.cpp +++ b/src/mongo/db/commands/refresh_logical_session_cache_now.cpp @@ -64,7 +64,7 @@ public: // No auth needed because it only works when enabled via command line. Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { return Status::OK(); } diff --git a/src/mongo/db/commands/refresh_sessions_command.cpp b/src/mongo/db/commands/refresh_sessions_command.cpp index 0570821ca1e..699f66b2ef3 100644 --- a/src/mongo/db/commands/refresh_sessions_command.cpp +++ b/src/mongo/db/commands/refresh_sessions_command.cpp @@ -60,7 +60,7 @@ public: } Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { // It is always ok to run this command, as long as you are authenticated // as some user, if auth is enabled. AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); diff --git a/src/mongo/db/commands/refresh_sessions_command_internal.cpp b/src/mongo/db/commands/refresh_sessions_command_internal.cpp index fa52de2caec..5cb63de9ee7 100644 --- a/src/mongo/db/commands/refresh_sessions_command_internal.cpp +++ b/src/mongo/db/commands/refresh_sessions_command_internal.cpp @@ -60,7 +60,7 @@ public: } Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { // Must be authenticated as an internal cluster member. auto authSession = AuthorizationSession::get(opCtx->getClient()); if (!authSession->isAuthorizedForPrivilege( diff --git a/src/mongo/db/commands/rename_collection_cmd.cpp b/src/mongo/db/commands/rename_collection_cmd.cpp index 01cba8c386a..c0946c041fd 100644 --- a/src/mongo/db/commands/rename_collection_cmd.cpp +++ b/src/mongo/db/commands/rename_collection_cmd.cpp @@ -70,7 +70,7 @@ public: } virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return rename_collection::checkAuthForRenameCollectionCommand(client, dbname, cmdObj); } std::string help() const override { diff --git a/src/mongo/db/commands/repair_cursor.cpp b/src/mongo/db/commands/repair_cursor.cpp index 12c4cfa3528..cc895825d96 100644 --- a/src/mongo/db/commands/repair_cursor.cpp +++ b/src/mongo/db/commands/repair_cursor.cpp @@ -58,7 +58,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { ActionSet actions; actions.addAction(ActionType::find); Privilege p(parseResourcePattern(dbname, cmdObj), actions); diff --git a/src/mongo/db/commands/resize_oplog.cpp b/src/mongo/db/commands/resize_oplog.cpp index ef853e9bb17..1e945fa1371 100644 --- a/src/mongo/db/commands/resize_oplog.cpp +++ b/src/mongo/db/commands/resize_oplog.cpp @@ -72,7 +72,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { AuthorizationSession* authzSession = AuthorizationSession::get(client); if (authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), ActionType::replSetResizeOplog)) { diff --git a/src/mongo/db/commands/restart_catalog_command.cpp b/src/mongo/db/commands/restart_catalog_command.cpp index ff722516cd9..bca80a8b856 100644 --- a/src/mongo/db/commands/restart_catalog_command.cpp +++ b/src/mongo/db/commands/restart_catalog_command.cpp @@ -49,7 +49,7 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { // No auth checks as this is a testing-only command. return Status::OK(); } diff --git a/src/mongo/db/commands/server_status.cpp b/src/mongo/db/commands/server_status.cpp index 98aefce2f62..bb0ac579478 100644 --- a/src/mongo/db/commands/server_status.cpp +++ b/src/mongo/db/commands/server_status.cpp @@ -83,7 +83,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::serverStatus); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/set_feature_compatibility_version_command.cpp b/src/mongo/db/commands/set_feature_compatibility_version_command.cpp index ba82f10cc54..6383df1c6ce 100644 --- a/src/mongo/db/commands/set_feature_compatibility_version_command.cpp +++ b/src/mongo/db/commands/set_feature_compatibility_version_command.cpp @@ -95,7 +95,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::setFeatureCompatibilityVersion)) { diff --git a/src/mongo/db/commands/shutdown.h b/src/mongo/db/commands/shutdown.h index b000d6c27c2..ff6e3c99443 100644 --- a/src/mongo/db/commands/shutdown.h +++ b/src/mongo/db/commands/shutdown.h @@ -53,7 +53,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out); + std::vector<Privilege>* out) const; virtual bool supportsWriteConcern(const BSONObj& cmd) const override { return false; } diff --git a/src/mongo/db/commands/snapshot_management.cpp b/src/mongo/db/commands/snapshot_management.cpp index 096cdbf2582..97a0ce50a34 100644 --- a/src/mongo/db/commands/snapshot_management.cpp +++ b/src/mongo/db/commands/snapshot_management.cpp @@ -57,7 +57,7 @@ public: // No auth needed because it only works when enabled via command line. virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return Status::OK(); } @@ -105,7 +105,7 @@ public: // No auth needed because it only works when enabled via command line. virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return Status::OK(); } diff --git a/src/mongo/db/commands/start_session_command.cpp b/src/mongo/db/commands/start_session_command.cpp index a577cc01cb7..433831be3fc 100644 --- a/src/mongo/db/commands/start_session_command.cpp +++ b/src/mongo/db/commands/start_session_command.cpp @@ -65,7 +65,7 @@ public: } Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { return Status::OK(); } diff --git a/src/mongo/db/commands/test_commands.cpp b/src/mongo/db/commands/test_commands.cpp index c7c7c5db1a4..380804916e0 100644 --- a/src/mongo/db/commands/test_commands.cpp +++ b/src/mongo/db/commands/test_commands.cpp @@ -71,7 +71,7 @@ public: // No auth needed because it only works when enabled via command line. virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} + std::vector<Privilege>* out) const {} std::string help() const override { return "internal. for testing only."; } @@ -136,7 +136,7 @@ public: // No auth needed because it only works when enabled via command line. virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} + std::vector<Privilege>* out) const {} void _sleepInReadLock(mongo::OperationContext* opCtx, long long millis) { Lock::GlobalRead lk(opCtx); @@ -210,7 +210,7 @@ public: // No auth needed because it only works when enabled via command line. virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} + std::vector<Privilege>* out) const {} virtual bool run(OperationContext* opCtx, const string& dbname, const BSONObj& cmdObj, @@ -285,7 +285,7 @@ public: // No auth needed because it only works when enabled via command line. virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} + std::vector<Privilege>* out) const {} virtual bool run(OperationContext* opCtx, const string& dbname, diff --git a/src/mongo/db/commands/top_command.cpp b/src/mongo/db/commands/top_command.cpp index d7691005285..484c105b7a2 100644 --- a/src/mongo/db/commands/top_command.cpp +++ b/src/mongo/db/commands/top_command.cpp @@ -60,7 +60,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::top); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/touch.cpp b/src/mongo/db/commands/touch.cpp index 2423c3ae6bd..0459570129f 100644 --- a/src/mongo/db/commands/touch.cpp +++ b/src/mongo/db/commands/touch.cpp @@ -75,7 +75,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::touch); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index bd463217c76..4bc7275194b 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -625,7 +625,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForCreateUserCommand(client, dbname, cmdObj); } @@ -772,7 +772,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForUpdateUserCommand(client, dbname, cmdObj); } @@ -906,7 +906,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForDropUserCommand(client, dbname, cmdObj); } @@ -973,7 +973,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForDropAllUsersFromDatabaseCommand(client, dbname); } @@ -1029,7 +1029,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForGrantRolesToUserCommand(client, dbname, cmdObj); } @@ -1101,7 +1101,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForRevokeRolesFromUserCommand(client, dbname, cmdObj); } @@ -1173,7 +1173,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForUsersInfoCommand(client, dbname, cmdObj); } @@ -1295,7 +1295,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForCreateRoleCommand(client, dbname, cmdObj); } @@ -1416,7 +1416,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForUpdateRoleCommand(client, dbname, cmdObj); } @@ -1533,7 +1533,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForGrantPrivilegesToRoleCommand(client, dbname, cmdObj); } @@ -1643,7 +1643,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForRevokePrivilegesFromRoleCommand(client, dbname, cmdObj); } @@ -1755,7 +1755,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForGrantRolesToRoleCommand(client, dbname, cmdObj); } @@ -1844,7 +1844,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForRevokeRolesFromRoleCommand(client, dbname, cmdObj); } @@ -1931,7 +1931,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForDropRoleCommand(client, dbname, cmdObj); } @@ -2074,7 +2074,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForDropAllRolesFromDatabaseCommand(client, dbname); } @@ -2203,7 +2203,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForRolesInfoCommand(client, dbname, cmdObj); } @@ -2292,7 +2292,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForInvalidateUserCacheCommand(client); } @@ -2329,7 +2329,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForGetUserCacheGenerationCommand(client); } @@ -2376,7 +2376,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForMergeAuthzCollectionsCommand(client, cmdObj); } diff --git a/src/mongo/db/commands/validate.cpp b/src/mongo/db/commands/validate.cpp index 1ef643d87cf..4f9ad0a507d 100644 --- a/src/mongo/db/commands/validate.cpp +++ b/src/mongo/db/commands/validate.cpp @@ -84,7 +84,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::validate); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/write_commands/write_commands.cpp b/src/mongo/db/commands/write_commands/write_commands.cpp index 030c759102c..474c4e7e350 100644 --- a/src/mongo/db/commands/write_commands/write_commands.cpp +++ b/src/mongo/db/commands/write_commands/write_commands.cpp @@ -250,7 +250,7 @@ public: return "insert documents"; } - Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) final { + Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) const final { return checkAuthForWriteCommand( opCtx->getClient(), BatchedCommandRequest::BatchType_Insert, request); } @@ -281,7 +281,7 @@ public: return "update documents"; } - Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) final { + Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) const final { return checkAuthForWriteCommand( opCtx->getClient(), BatchedCommandRequest::BatchType_Update, request); } @@ -348,7 +348,7 @@ public: return "delete documents"; } - Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) final { + Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) const final { return checkAuthForWriteCommand( opCtx->getClient(), BatchedCommandRequest::BatchType_Delete, request); } diff --git a/src/mongo/db/exec/stagedebug_cmd.cpp b/src/mongo/db/exec/stagedebug_cmd.cpp index 642bdf4f5b1..596cd6f71c8 100644 --- a/src/mongo/db/exec/stagedebug_cmd.cpp +++ b/src/mongo/db/exec/stagedebug_cmd.cpp @@ -132,7 +132,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { // Command is testing-only, and can only be enabled at command line. Hence, no auth // check needed. } diff --git a/src/mongo/db/ftdc/ftdc_commands.cpp b/src/mongo/db/ftdc/ftdc_commands.cpp index c4067f6ca44..24de1e13625 100644 --- a/src/mongo/db/ftdc/ftdc_commands.cpp +++ b/src/mongo/db/ftdc/ftdc_commands.cpp @@ -67,7 +67,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::serverStatus)) { diff --git a/src/mongo/db/repl/master_slave.cpp b/src/mongo/db/repl/master_slave.cpp index dc656238318..8f771add152 100644 --- a/src/mongo/db/repl/master_slave.cpp +++ b/src/mongo/db/repl/master_slave.cpp @@ -376,7 +376,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::internal); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/repl/repl_set_command.cpp b/src/mongo/db/repl/repl_set_command.cpp index 4bf96c23df2..590defcce02 100644 --- a/src/mongo/db/repl/repl_set_command.cpp +++ b/src/mongo/db/repl/repl_set_command.cpp @@ -37,7 +37,7 @@ namespace repl { Status ReplSetCommand::checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), getAuthActionSet())) { return {ErrorCodes::Unauthorized, "Unauthorized"}; diff --git a/src/mongo/db/repl/repl_set_command.h b/src/mongo/db/repl/repl_set_command.h index ad97ff5e8b9..32548addf87 100644 --- a/src/mongo/db/repl/repl_set_command.h +++ b/src/mongo/db/repl/repl_set_command.h @@ -61,7 +61,7 @@ protected: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override; + const BSONObj& cmdObj) const override; virtual ActionSet getAuthActionSet() const { return ActionSet{ActionType::internal}; diff --git a/src/mongo/db/repl/repl_set_commands.cpp b/src/mongo/db/repl/repl_set_commands.cpp index c0b16b9e9b5..f436cbf881c 100644 --- a/src/mongo/db/repl/repl_set_commands.cpp +++ b/src/mongo/db/repl/repl_set_commands.cpp @@ -92,7 +92,7 @@ public: // No auth needed because it only works when enabled via command line. virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return Status::OK(); } CmdReplSetTest() : ReplSetCommand("replSetTest") {} diff --git a/src/mongo/db/repl/replication_info.cpp b/src/mongo/db/repl/replication_info.cpp index d69d6b36288..72c73baa863 100644 --- a/src/mongo/db/repl/replication_info.cpp +++ b/src/mongo/db/repl/replication_info.cpp @@ -230,7 +230,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required CmdIsMaster() : BasicCommand("isMaster", "ismaster") {} virtual bool run(OperationContext* opCtx, const string&, diff --git a/src/mongo/db/repl/resync.cpp b/src/mongo/db/repl/resync.cpp index 9b3fab10d2b..debaed421ce 100644 --- a/src/mongo/db/repl/resync.cpp +++ b/src/mongo/db/repl/resync.cpp @@ -60,7 +60,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::resync); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/s/check_sharding_index_command.cpp b/src/mongo/db/s/check_sharding_index_command.cpp index 04414dc9051..0089534af51 100644 --- a/src/mongo/db/s/check_sharding_index_command.cpp +++ b/src/mongo/db/s/check_sharding_index_command.cpp @@ -73,7 +73,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/s/cleanup_orphaned_cmd.cpp b/src/mongo/db/s/cleanup_orphaned_cmd.cpp index 9b338b0731e..7ef5f7b6408 100644 --- a/src/mongo/db/s/cleanup_orphaned_cmd.cpp +++ b/src/mongo/db/s/cleanup_orphaned_cmd.cpp @@ -174,7 +174,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::cleanupOrphaned)) { return Status(ErrorCodes::Unauthorized, "Not authorized for cleanupOrphaned command."); diff --git a/src/mongo/db/s/config/configsvr_add_shard_command.cpp b/src/mongo/db/s/config/configsvr_add_shard_command.cpp index 2e587bef4d3..368bf5b4f68 100644 --- a/src/mongo/db/s/config/configsvr_add_shard_command.cpp +++ b/src/mongo/db/s/config/configsvr_add_shard_command.cpp @@ -79,7 +79,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_add_shard_to_zone_command.cpp b/src/mongo/db/s/config/configsvr_add_shard_to_zone_command.cpp index 2f280dffc00..a9dc9828f46 100644 --- a/src/mongo/db/s/config/configsvr_add_shard_to_zone_command.cpp +++ b/src/mongo/db/s/config/configsvr_add_shard_to_zone_command.cpp @@ -79,7 +79,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_commit_chunk_migration_command.cpp b/src/mongo/db/s/config/configsvr_commit_chunk_migration_command.cpp index 0dd43e61c74..a9c0fc3d313 100644 --- a/src/mongo/db/s/config/configsvr_commit_chunk_migration_command.cpp +++ b/src/mongo/db/s/config/configsvr_commit_chunk_migration_command.cpp @@ -105,7 +105,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_control_balancer_command.cpp b/src/mongo/db/s/config/configsvr_control_balancer_command.cpp index 1dc8c20f2c1..958a86bb2ee 100644 --- a/src/mongo/db/s/config/configsvr_control_balancer_command.cpp +++ b/src/mongo/db/s/config/configsvr_control_balancer_command.cpp @@ -64,7 +64,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_create_database_command.cpp b/src/mongo/db/s/config/configsvr_create_database_command.cpp index 47740c174be..8bcd4017f36 100644 --- a/src/mongo/db/s/config/configsvr_create_database_command.cpp +++ b/src/mongo/db/s/config/configsvr_create_database_command.cpp @@ -82,7 +82,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_drop_collection_command.cpp b/src/mongo/db/s/config/configsvr_drop_collection_command.cpp index e923f753c7a..0c426950824 100644 --- a/src/mongo/db/s/config/configsvr_drop_collection_command.cpp +++ b/src/mongo/db/s/config/configsvr_drop_collection_command.cpp @@ -77,7 +77,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_drop_database_command.cpp b/src/mongo/db/s/config/configsvr_drop_database_command.cpp index b85a2eab87e..4ad5e4dad1a 100644 --- a/src/mongo/db/s/config/configsvr_drop_database_command.cpp +++ b/src/mongo/db/s/config/configsvr_drop_database_command.cpp @@ -71,7 +71,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_enable_sharding_command.cpp b/src/mongo/db/s/config/configsvr_enable_sharding_command.cpp index 50cbe6d15ea..844f642128c 100644 --- a/src/mongo/db/s/config/configsvr_enable_sharding_command.cpp +++ b/src/mongo/db/s/config/configsvr_enable_sharding_command.cpp @@ -80,7 +80,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName(parseNs(dbname, cmdObj)), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_merge_chunk_command.cpp b/src/mongo/db/s/config/configsvr_merge_chunk_command.cpp index ed49bba1b9d..c0c78d284cc 100644 --- a/src/mongo/db/s/config/configsvr_merge_chunk_command.cpp +++ b/src/mongo/db/s/config/configsvr_merge_chunk_command.cpp @@ -86,7 +86,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_move_chunk_command.cpp b/src/mongo/db/s/config/configsvr_move_chunk_command.cpp index f64994fcfba..09927779459 100644 --- a/src/mongo/db/s/config/configsvr_move_chunk_command.cpp +++ b/src/mongo/db/s/config/configsvr_move_chunk_command.cpp @@ -70,7 +70,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_move_primary_command.cpp b/src/mongo/db/s/config/configsvr_move_primary_command.cpp index 4bdeb30ad05..d74dba381ae 100644 --- a/src/mongo/db/s/config/configsvr_move_primary_command.cpp +++ b/src/mongo/db/s/config/configsvr_move_primary_command.cpp @@ -83,7 +83,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_remove_shard_command.cpp b/src/mongo/db/s/config/configsvr_remove_shard_command.cpp index 3ef3d0c6995..9c9484fd052 100644 --- a/src/mongo/db/s/config/configsvr_remove_shard_command.cpp +++ b/src/mongo/db/s/config/configsvr_remove_shard_command.cpp @@ -76,7 +76,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_remove_shard_from_zone_command.cpp b/src/mongo/db/s/config/configsvr_remove_shard_from_zone_command.cpp index 02c5473173f..4a2037ae000 100644 --- a/src/mongo/db/s/config/configsvr_remove_shard_from_zone_command.cpp +++ b/src/mongo/db/s/config/configsvr_remove_shard_from_zone_command.cpp @@ -79,7 +79,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_shard_collection_command.cpp b/src/mongo/db/s/config/configsvr_shard_collection_command.cpp index 5a2053719de..cceb2eda0c3 100644 --- a/src/mongo/db/s/config/configsvr_shard_collection_command.cpp +++ b/src/mongo/db/s/config/configsvr_shard_collection_command.cpp @@ -698,7 +698,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_split_chunk_command.cpp b/src/mongo/db/s/config/configsvr_split_chunk_command.cpp index 474cf1b5e92..d35e974a4a6 100644 --- a/src/mongo/db/s/config/configsvr_split_chunk_command.cpp +++ b/src/mongo/db/s/config/configsvr_split_chunk_command.cpp @@ -84,7 +84,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/config/configsvr_update_zone_key_range_command.cpp b/src/mongo/db/s/config/configsvr_update_zone_key_range_command.cpp index afd3ebdf2d2..1c468e2b5cb 100644 --- a/src/mongo/db/s/config/configsvr_update_zone_key_range_command.cpp +++ b/src/mongo/db/s/config/configsvr_update_zone_key_range_command.cpp @@ -81,7 +81,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/flush_routing_table_cache_updates_command.cpp b/src/mongo/db/s/flush_routing_table_cache_updates_command.cpp index 36ea067ab63..e99aebb5576 100644 --- a/src/mongo/db/s/flush_routing_table_cache_updates_command.cpp +++ b/src/mongo/db/s/flush_routing_table_cache_updates_command.cpp @@ -84,7 +84,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); @@ -94,7 +94,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::internal); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/s/get_shard_version_command.cpp b/src/mongo/db/s/get_shard_version_command.cpp index 2e580a669f8..73607a65add 100644 --- a/src/mongo/db/s/get_shard_version_command.cpp +++ b/src/mongo/db/s/get_shard_version_command.cpp @@ -68,7 +68,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::getShardVersion)) { diff --git a/src/mongo/db/s/merge_chunks_command.cpp b/src/mongo/db/s/merge_chunks_command.cpp index d7a355e5f95..2c9d8b7db43 100644 --- a/src/mongo/db/s/merge_chunks_command.cpp +++ b/src/mongo/db/s/merge_chunks_command.cpp @@ -317,7 +317,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/migration_chunk_cloner_source_legacy_commands.cpp b/src/mongo/db/s/migration_chunk_cloner_source_legacy_commands.cpp index a6f9b86e501..ae29f3775ca 100644 --- a/src/mongo/db/s/migration_chunk_cloner_source_legacy_commands.cpp +++ b/src/mongo/db/s/migration_chunk_cloner_source_legacy_commands.cpp @@ -135,7 +135,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::internal); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -197,7 +197,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::internal); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -246,7 +246,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::internal); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/s/migration_destination_manager_legacy_commands.cpp b/src/mongo/db/s/migration_destination_manager_legacy_commands.cpp index 36122f38c4f..37cde498251 100644 --- a/src/mongo/db/s/migration_destination_manager_legacy_commands.cpp +++ b/src/mongo/db/s/migration_destination_manager_legacy_commands.cpp @@ -78,7 +78,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::internal); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -177,7 +177,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::internal); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -216,7 +216,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::internal); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -262,7 +262,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::internal); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/s/move_chunk_command.cpp b/src/mongo/db/s/move_chunk_command.cpp index e1cb32cf925..c707bacac6c 100644 --- a/src/mongo/db/s/move_chunk_command.cpp +++ b/src/mongo/db/s/move_chunk_command.cpp @@ -94,7 +94,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/set_shard_version_command.cpp b/src/mongo/db/s/set_shard_version_command.cpp index 1e4f734b16c..529cb952232 100644 --- a/src/mongo/db/s/set_shard_version_command.cpp +++ b/src/mongo/db/s/set_shard_version_command.cpp @@ -80,7 +80,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::internal); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/s/sharding_state_command.cpp b/src/mongo/db/s/sharding_state_command.cpp index 6fc0887021a..21c0b5dc864 100644 --- a/src/mongo/db/s/sharding_state_command.cpp +++ b/src/mongo/db/s/sharding_state_command.cpp @@ -58,7 +58,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::shardingState); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/s/split_chunk_command.cpp b/src/mongo/db/s/split_chunk_command.cpp index 3c61c3b1498..0b463c9b490 100644 --- a/src/mongo/db/s/split_chunk_command.cpp +++ b/src/mongo/db/s/split_chunk_command.cpp @@ -78,7 +78,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/s/split_vector_command.cpp b/src/mongo/db/s/split_vector_command.cpp index 2ee8ad88d7c..5eefe80a871 100644 --- a/src/mongo/db/s/split_vector_command.cpp +++ b/src/mongo/db/s/split_vector_command.cpp @@ -70,7 +70,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::splitVector)) { diff --git a/src/mongo/db/s/unset_sharding_command.cpp b/src/mongo/db/s/unset_sharding_command.cpp index a6e6e61d970..e2a65b9baec 100644 --- a/src/mongo/db/s/unset_sharding_command.cpp +++ b/src/mongo/db/s/unset_sharding_command.cpp @@ -66,7 +66,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::internal); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/storage/mmap_v1/journal_latency_test_cmd.cpp b/src/mongo/db/storage/mmap_v1/journal_latency_test_cmd.cpp index b8707efd3d1..90d9b1cbb5e 100644 --- a/src/mongo/db/storage/mmap_v1/journal_latency_test_cmd.cpp +++ b/src/mongo/db/storage/mmap_v1/journal_latency_test_cmd.cpp @@ -83,7 +83,7 @@ public: // No auth needed because it only works when enabled via command line. virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} + std::vector<Privilege>* out) const {} bool run(OperationContext* opCtx, const string& dbname, const BSONObj& cmdObj, diff --git a/src/mongo/s/client/shard_connection.cpp b/src/mongo/s/client/shard_connection.cpp index c977467dbb0..033c6e947ea 100644 --- a/src/mongo/s/client/shard_connection.cpp +++ b/src/mongo/s/client/shard_connection.cpp @@ -105,7 +105,7 @@ public: // Same privs as connPoolStats virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::connPoolStats); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/s/commands/cluster_add_shard_cmd.cpp b/src/mongo/s/commands/cluster_add_shard_cmd.cpp index 39225a4b854..833cc8c7bf2 100644 --- a/src/mongo/s/commands/cluster_add_shard_cmd.cpp +++ b/src/mongo/s/commands/cluster_add_shard_cmd.cpp @@ -65,7 +65,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::addShard); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/s/commands/cluster_add_shard_to_zone_cmd.cpp b/src/mongo/s/commands/cluster_add_shard_to_zone_cmd.cpp index 8289bef85b0..d4d7939df01 100644 --- a/src/mongo/s/commands/cluster_add_shard_to_zone_cmd.cpp +++ b/src/mongo/s/commands/cluster_add_shard_to_zone_cmd.cpp @@ -80,7 +80,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(ShardType::ConfigNS), ActionType::update)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/s/commands/cluster_available_query_options_cmd.cpp b/src/mongo/s/commands/cluster_available_query_options_cmd.cpp index 8eccb031358..f709922b6f2 100644 --- a/src/mongo/s/commands/cluster_available_query_options_cmd.cpp +++ b/src/mongo/s/commands/cluster_available_query_options_cmd.cpp @@ -49,7 +49,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { return Status::OK(); } diff --git a/src/mongo/s/commands/cluster_compact_cmd.cpp b/src/mongo/s/commands/cluster_compact_cmd.cpp index d5fd03ae39a..83ec78e1ece 100644 --- a/src/mongo/s/commands/cluster_compact_cmd.cpp +++ b/src/mongo/s/commands/cluster_compact_cmd.cpp @@ -47,7 +47,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::compact); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/s/commands/cluster_control_balancer_cmd.cpp b/src/mongo/s/commands/cluster_control_balancer_cmd.cpp index 5a60b6bb8d8..749a69d21bb 100644 --- a/src/mongo/s/commands/cluster_control_balancer_cmd.cpp +++ b/src/mongo/s/commands/cluster_control_balancer_cmd.cpp @@ -68,7 +68,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString("config", "settings")), _authorizationAction)) { diff --git a/src/mongo/s/commands/cluster_count_cmd.cpp b/src/mongo/s/commands/cluster_count_cmd.cpp index 2c407b61005..1ba8e3d7c1b 100644 --- a/src/mongo/s/commands/cluster_count_cmd.cpp +++ b/src/mongo/s/commands/cluster_count_cmd.cpp @@ -65,7 +65,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/s/commands/cluster_current_op.cpp b/src/mongo/s/commands/cluster_current_op.cpp index 4cc75ffc87b..9c9a1a08730 100644 --- a/src/mongo/s/commands/cluster_current_op.cpp +++ b/src/mongo/s/commands/cluster_current_op.cpp @@ -50,7 +50,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbName, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::inprog); diff --git a/src/mongo/s/commands/cluster_db_stats_cmd.cpp b/src/mongo/s/commands/cluster_db_stats_cmd.cpp index 35a24f7d81d..62fb611df40 100644 --- a/src/mongo/s/commands/cluster_db_stats_cmd.cpp +++ b/src/mongo/s/commands/cluster_db_stats_cmd.cpp @@ -53,7 +53,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::dbStats); out->push_back(Privilege(ResourcePattern::forDatabaseName(dbname), actions)); diff --git a/src/mongo/s/commands/cluster_drop_cmd.cpp b/src/mongo/s/commands/cluster_drop_cmd.cpp index a77abe079a6..017876f8206 100644 --- a/src/mongo/s/commands/cluster_drop_cmd.cpp +++ b/src/mongo/s/commands/cluster_drop_cmd.cpp @@ -59,7 +59,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::dropCollection); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/s/commands/cluster_drop_database_cmd.cpp b/src/mongo/s/commands/cluster_drop_database_cmd.cpp index 207db3d3c0d..4ba30e411ca 100644 --- a/src/mongo/s/commands/cluster_drop_database_cmd.cpp +++ b/src/mongo/s/commands/cluster_drop_database_cmd.cpp @@ -60,7 +60,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::dropDatabase); out->push_back(Privilege(ResourcePattern::forDatabaseName(dbname), actions)); diff --git a/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp b/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp index ba7bd608612..c1ecf49fc56 100644 --- a/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp +++ b/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp @@ -68,7 +68,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName(parseNs(dbname, cmdObj)), ActionType::enableSharding)) { diff --git a/src/mongo/s/commands/cluster_explain_cmd.cpp b/src/mongo/s/commands/cluster_explain_cmd.cpp index 3f435329d75..3a6f4d254f2 100644 --- a/src/mongo/s/commands/cluster_explain_cmd.cpp +++ b/src/mongo/s/commands/cluster_explain_cmd.cpp @@ -84,7 +84,7 @@ public: */ virtual Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { if (Object != cmdObj.firstElement().type()) { return Status(ErrorCodes::BadValue, "explain command requires a nested object"); } diff --git a/src/mongo/s/commands/cluster_find_and_modify_cmd.cpp b/src/mongo/s/commands/cluster_find_and_modify_cmd.cpp index 922d271e870..836f1dc0081 100644 --- a/src/mongo/s/commands/cluster_find_and_modify_cmd.cpp +++ b/src/mongo/s/commands/cluster_find_and_modify_cmd.cpp @@ -92,7 +92,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { find_and_modify::addPrivilegesRequiredForFindAndModify(this, dbname, cmdObj, out); } diff --git a/src/mongo/s/commands/cluster_find_cmd.cpp b/src/mongo/s/commands/cluster_find_cmd.cpp index 8b53c5b6f6b..4c3b343eba3 100644 --- a/src/mongo/s/commands/cluster_find_cmd.cpp +++ b/src/mongo/s/commands/cluster_find_cmd.cpp @@ -91,7 +91,7 @@ public: */ Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { const NamespaceString nss(parseNs(dbname, cmdObj)); auto hasTerm = cmdObj.hasField(kTermField); return AuthorizationSession::get(client)->checkAuthForFind(nss, hasTerm); diff --git a/src/mongo/s/commands/cluster_flush_router_config_cmd.cpp b/src/mongo/s/commands/cluster_flush_router_config_cmd.cpp index 2b76f374342..af1bdb31d44 100644 --- a/src/mongo/s/commands/cluster_flush_router_config_cmd.cpp +++ b/src/mongo/s/commands/cluster_flush_router_config_cmd.cpp @@ -58,7 +58,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::flushRouterConfig); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/s/commands/cluster_fsync_cmd.cpp b/src/mongo/s/commands/cluster_fsync_cmd.cpp index 3f578bc9ddb..3dd7ec1a1fc 100644 --- a/src/mongo/s/commands/cluster_fsync_cmd.cpp +++ b/src/mongo/s/commands/cluster_fsync_cmd.cpp @@ -61,7 +61,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::fsync); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/s/commands/cluster_ftdc_commands.cpp b/src/mongo/s/commands/cluster_ftdc_commands.cpp index 6942bec0bdb..5fd60d315b7 100644 --- a/src/mongo/s/commands/cluster_ftdc_commands.cpp +++ b/src/mongo/s/commands/cluster_ftdc_commands.cpp @@ -66,7 +66,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::serverStatus)) { diff --git a/src/mongo/s/commands/cluster_get_last_error_cmd.cpp b/src/mongo/s/commands/cluster_get_last_error_cmd.cpp index 3134fbb22c3..d1f927d22fe 100644 --- a/src/mongo/s/commands/cluster_get_last_error_cmd.cpp +++ b/src/mongo/s/commands/cluster_get_last_error_cmd.cpp @@ -205,7 +205,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { // No auth required for getlasterror } diff --git a/src/mongo/s/commands/cluster_get_prev_error_cmd.cpp b/src/mongo/s/commands/cluster_get_prev_error_cmd.cpp index d36e91916b8..a0a14dd054f 100644 --- a/src/mongo/s/commands/cluster_get_prev_error_cmd.cpp +++ b/src/mongo/s/commands/cluster_get_prev_error_cmd.cpp @@ -57,7 +57,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { // No auth required } diff --git a/src/mongo/s/commands/cluster_get_shard_map_cmd.cpp b/src/mongo/s/commands/cluster_get_shard_map_cmd.cpp index 6672c597a39..5703727bb77 100644 --- a/src/mongo/s/commands/cluster_get_shard_map_cmd.cpp +++ b/src/mongo/s/commands/cluster_get_shard_map_cmd.cpp @@ -61,7 +61,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::getShardMap); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp b/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp index 05f04d9249a..21a77e97e2a 100644 --- a/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp +++ b/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp @@ -65,7 +65,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::getShardVersion)) { diff --git a/src/mongo/s/commands/cluster_getmore_cmd.cpp b/src/mongo/s/commands/cluster_getmore_cmd.cpp index 4274efb7089..111f927a0e6 100644 --- a/src/mongo/s/commands/cluster_getmore_cmd.cpp +++ b/src/mongo/s/commands/cluster_getmore_cmd.cpp @@ -80,7 +80,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { StatusWith<GetMoreRequest> parseStatus = GetMoreRequest::parseFromBSON(dbname, cmdObj); if (!parseStatus.isOK()) { return parseStatus.getStatus(); diff --git a/src/mongo/s/commands/cluster_index_filter_cmd.cpp b/src/mongo/s/commands/cluster_index_filter_cmd.cpp index ba61748779f..6f632610f06 100644 --- a/src/mongo/s/commands/cluster_index_filter_cmd.cpp +++ b/src/mongo/s/commands/cluster_index_filter_cmd.cpp @@ -73,7 +73,9 @@ public: return _helpText; } - Status checkAuthForCommand(Client* client, const std::string& dbname, const BSONObj& cmdObj) { + Status checkAuthForCommand(Client* client, + const std::string& dbname, + const BSONObj& cmdObj) const { AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); diff --git a/src/mongo/s/commands/cluster_is_db_grid_cmd.cpp b/src/mongo/s/commands/cluster_is_db_grid_cmd.cpp index 297e4403c2f..13e93a8834e 100644 --- a/src/mongo/s/commands/cluster_is_db_grid_cmd.cpp +++ b/src/mongo/s/commands/cluster_is_db_grid_cmd.cpp @@ -49,7 +49,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { // No auth required } diff --git a/src/mongo/s/commands/cluster_is_master_cmd.cpp b/src/mongo/s/commands/cluster_is_master_cmd.cpp index 531f758859f..5b172978deb 100644 --- a/src/mongo/s/commands/cluster_is_master_cmd.cpp +++ b/src/mongo/s/commands/cluster_is_master_cmd.cpp @@ -64,7 +64,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { // No auth required } diff --git a/src/mongo/s/commands/cluster_kill_op.cpp b/src/mongo/s/commands/cluster_kill_op.cpp index 3418d4049be..545dfdddb6f 100644 --- a/src/mongo/s/commands/cluster_kill_op.cpp +++ b/src/mongo/s/commands/cluster_kill_op.cpp @@ -70,7 +70,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::killop); return isAuthorized ? Status::OK() : Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/s/commands/cluster_list_databases_cmd.cpp b/src/mongo/s/commands/cluster_list_databases_cmd.cpp index 10d9c802a46..d1574504104 100644 --- a/src/mongo/s/commands/cluster_list_databases_cmd.cpp +++ b/src/mongo/s/commands/cluster_list_databases_cmd.cpp @@ -72,7 +72,7 @@ public: */ Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { return Status::OK(); } diff --git a/src/mongo/s/commands/cluster_list_shards_cmd.cpp b/src/mongo/s/commands/cluster_list_shards_cmd.cpp index e3d65fabe99..1611c2b4dd1 100644 --- a/src/mongo/s/commands/cluster_list_shards_cmd.cpp +++ b/src/mongo/s/commands/cluster_list_shards_cmd.cpp @@ -57,7 +57,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::listShards); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/s/commands/cluster_map_reduce_cmd.cpp b/src/mongo/s/commands/cluster_map_reduce_cmd.cpp index 9eed7db5fa2..d89a51531ea 100644 --- a/src/mongo/s/commands/cluster_map_reduce_cmd.cpp +++ b/src/mongo/s/commands/cluster_map_reduce_cmd.cpp @@ -173,7 +173,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { mr::addPrivilegesRequiredForMapReduce(this, dbname, cmdObj, out); } diff --git a/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp b/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp index ecdfa931cd4..a3e8b08f9f4 100644 --- a/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp +++ b/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp @@ -63,7 +63,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::splitChunk)) { diff --git a/src/mongo/s/commands/cluster_move_chunk_cmd.cpp b/src/mongo/s/commands/cluster_move_chunk_cmd.cpp index 88549b9f70a..f486432e960 100644 --- a/src/mongo/s/commands/cluster_move_chunk_cmd.cpp +++ b/src/mongo/s/commands/cluster_move_chunk_cmd.cpp @@ -76,7 +76,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::moveChunk)) { diff --git a/src/mongo/s/commands/cluster_move_primary_cmd.cpp b/src/mongo/s/commands/cluster_move_primary_cmd.cpp index 34540a60b69..dfd7f9c9e6b 100644 --- a/src/mongo/s/commands/cluster_move_primary_cmd.cpp +++ b/src/mongo/s/commands/cluster_move_primary_cmd.cpp @@ -75,7 +75,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName(parseNs(dbname, cmdObj)), ActionType::moveChunk)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/s/commands/cluster_multicast.cpp b/src/mongo/s/commands/cluster_multicast.cpp index b26bdbe4e88..c3059ee7fd8 100644 --- a/src/mongo/s/commands/cluster_multicast.cpp +++ b/src/mongo/s/commands/cluster_multicast.cpp @@ -85,7 +85,7 @@ public: // no privs because it's a test command void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override {} + std::vector<Privilege>* out) const override {} bool run(OperationContext* opCtx, const std::string& dbname, diff --git a/src/mongo/s/commands/cluster_netstat_cmd.cpp b/src/mongo/s/commands/cluster_netstat_cmd.cpp index 5dd1e0b1a1a..6f70bcd78ef 100644 --- a/src/mongo/s/commands/cluster_netstat_cmd.cpp +++ b/src/mongo/s/commands/cluster_netstat_cmd.cpp @@ -59,7 +59,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::netstat); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/s/commands/cluster_pipeline_cmd.cpp b/src/mongo/s/commands/cluster_pipeline_cmd.cpp index 5983c0aa9c6..ae5f186ad66 100644 --- a/src/mongo/s/commands/cluster_pipeline_cmd.cpp +++ b/src/mongo/s/commands/cluster_pipeline_cmd.cpp @@ -61,7 +61,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { const NamespaceString nss(AggregationRequest::parseNs(dbname, cmdObj)); return AuthorizationSession::get(client)->checkAuthForAggregate(nss, cmdObj, true); } diff --git a/src/mongo/s/commands/cluster_plan_cache_cmd.cpp b/src/mongo/s/commands/cluster_plan_cache_cmd.cpp index 8fa4c1edfc2..a46cbc6ce1f 100644 --- a/src/mongo/s/commands/cluster_plan_cache_cmd.cpp +++ b/src/mongo/s/commands/cluster_plan_cache_cmd.cpp @@ -70,7 +70,9 @@ public: return CommandHelpers::parseNsCollectionRequired(dbname, cmdObj).ns(); } - Status checkAuthForCommand(Client* client, const std::string& dbname, const BSONObj& cmdObj) { + Status checkAuthForCommand(Client* client, + const std::string& dbname, + const BSONObj& cmdObj) const { AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); diff --git a/src/mongo/s/commands/cluster_profile_cmd.cpp b/src/mongo/s/commands/cluster_profile_cmd.cpp index 5129922d3a5..457a341e4cd 100644 --- a/src/mongo/s/commands/cluster_profile_cmd.cpp +++ b/src/mongo/s/commands/cluster_profile_cmd.cpp @@ -52,7 +52,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::enableProfiler); out->push_back(Privilege(ResourcePattern::forDatabaseName(dbname), actions)); diff --git a/src/mongo/s/commands/cluster_remove_shard_cmd.cpp b/src/mongo/s/commands/cluster_remove_shard_cmd.cpp index 336f51d0437..b8f17cb5dfb 100644 --- a/src/mongo/s/commands/cluster_remove_shard_cmd.cpp +++ b/src/mongo/s/commands/cluster_remove_shard_cmd.cpp @@ -63,7 +63,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::removeShard); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/s/commands/cluster_remove_shard_from_zone_cmd.cpp b/src/mongo/s/commands/cluster_remove_shard_from_zone_cmd.cpp index 6ba4dc36278..faf1085f72d 100644 --- a/src/mongo/s/commands/cluster_remove_shard_from_zone_cmd.cpp +++ b/src/mongo/s/commands/cluster_remove_shard_from_zone_cmd.cpp @@ -87,7 +87,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(ShardType::ConfigNS), ActionType::update)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/s/commands/cluster_repl_set_get_status_cmd.cpp b/src/mongo/s/commands/cluster_repl_set_get_status_cmd.cpp index 0c70fdac88c..c1662319322 100644 --- a/src/mongo/s/commands/cluster_repl_set_get_status_cmd.cpp +++ b/src/mongo/s/commands/cluster_repl_set_get_status_cmd.cpp @@ -59,7 +59,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { // Require no auth since this command isn't supported in mongos return Status::OK(); } diff --git a/src/mongo/s/commands/cluster_reset_error_cmd.cpp b/src/mongo/s/commands/cluster_reset_error_cmd.cpp index 6df637aaf76..b1f97c6226d 100644 --- a/src/mongo/s/commands/cluster_reset_error_cmd.cpp +++ b/src/mongo/s/commands/cluster_reset_error_cmd.cpp @@ -55,7 +55,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { // No auth required } diff --git a/src/mongo/s/commands/cluster_restart_catalog_command.cpp b/src/mongo/s/commands/cluster_restart_catalog_command.cpp index bf34e154595..9be27795a6c 100644 --- a/src/mongo/s/commands/cluster_restart_catalog_command.cpp +++ b/src/mongo/s/commands/cluster_restart_catalog_command.cpp @@ -41,7 +41,7 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { // No auth checks as this is a testing-only command. return Status::OK(); } diff --git a/src/mongo/s/commands/cluster_set_feature_compatibility_version_cmd.cpp b/src/mongo/s/commands/cluster_set_feature_compatibility_version_cmd.cpp index 2e519bc73f9..a4439e1d6d4 100644 --- a/src/mongo/s/commands/cluster_set_feature_compatibility_version_cmd.cpp +++ b/src/mongo/s/commands/cluster_set_feature_compatibility_version_cmd.cpp @@ -81,7 +81,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::setFeatureCompatibilityVersion)) { diff --git a/src/mongo/s/commands/cluster_shard_collection_cmd.cpp b/src/mongo/s/commands/cluster_shard_collection_cmd.cpp index f9fc5442099..ac87faa6ff1 100644 --- a/src/mongo/s/commands/cluster_shard_collection_cmd.cpp +++ b/src/mongo/s/commands/cluster_shard_collection_cmd.cpp @@ -90,7 +90,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::enableSharding)) { diff --git a/src/mongo/s/commands/cluster_split_cmd.cpp b/src/mongo/s/commands/cluster_split_cmd.cpp index ec5fbe58d37..ff4d4214fb6 100644 --- a/src/mongo/s/commands/cluster_split_cmd.cpp +++ b/src/mongo/s/commands/cluster_split_cmd.cpp @@ -110,7 +110,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::splitChunk)) { diff --git a/src/mongo/s/commands/cluster_update_zone_key_range_cmd.cpp b/src/mongo/s/commands/cluster_update_zone_key_range_cmd.cpp index b573d937ddd..5f23b66b74a 100644 --- a/src/mongo/s/commands/cluster_update_zone_key_range_cmd.cpp +++ b/src/mongo/s/commands/cluster_update_zone_key_range_cmd.cpp @@ -90,7 +90,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(ShardType::ConfigNS), ActionType::find)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/s/commands/cluster_user_management_commands.cpp b/src/mongo/s/commands/cluster_user_management_commands.cpp index aa048b3b575..c1bb5ca1425 100644 --- a/src/mongo/s/commands/cluster_user_management_commands.cpp +++ b/src/mongo/s/commands/cluster_user_management_commands.cpp @@ -79,7 +79,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForCreateUserCommand(client, dbname, cmdObj); } @@ -119,7 +119,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForUpdateUserCommand(client, dbname, cmdObj); } @@ -171,7 +171,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForDropUserCommand(client, dbname, cmdObj); } @@ -218,7 +218,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForDropAllUsersFromDatabaseCommand(client, dbname); } @@ -261,7 +261,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForGrantRolesToUserCommand(client, dbname, cmdObj); } @@ -311,7 +311,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForRevokeRolesFromUserCommand(client, dbname, cmdObj); } @@ -360,7 +360,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForUsersInfoCommand(client, dbname, cmdObj); } @@ -392,7 +392,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForCreateRoleCommand(client, dbname, cmdObj); } @@ -428,7 +428,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForUpdateRoleCommand(client, dbname, cmdObj); } @@ -471,7 +471,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForGrantPrivilegesToRoleCommand(client, dbname, cmdObj); } @@ -513,7 +513,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForRevokePrivilegesFromRoleCommand(client, dbname, cmdObj); } @@ -555,7 +555,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForGrantRolesToRoleCommand(client, dbname, cmdObj); } @@ -597,7 +597,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForRevokeRolesFromRoleCommand(client, dbname, cmdObj); } @@ -642,7 +642,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForDropRoleCommand(client, dbname, cmdObj); } @@ -689,7 +689,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForDropAllRolesFromDatabaseCommand(client, dbname); } @@ -731,7 +731,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForRolesInfoCommand(client, dbname, cmdObj); } @@ -768,7 +768,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForInvalidateUserCacheCommand(client); } @@ -816,7 +816,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForMergeAuthzCollectionsCommand(client, cmdObj); } diff --git a/src/mongo/s/commands/cluster_whats_my_uri_cmd.cpp b/src/mongo/s/commands/cluster_whats_my_uri_cmd.cpp index 7cd621302ba..5dba5ce10c9 100644 --- a/src/mongo/s/commands/cluster_whats_my_uri_cmd.cpp +++ b/src/mongo/s/commands/cluster_whats_my_uri_cmd.cpp @@ -53,7 +53,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { // No auth required } diff --git a/src/mongo/s/commands/cluster_write_cmd.cpp b/src/mongo/s/commands/cluster_write_cmd.cpp index 779b3993c99..79cab4816ef 100644 --- a/src/mongo/s/commands/cluster_write_cmd.cpp +++ b/src/mongo/s/commands/cluster_write_cmd.cpp @@ -147,7 +147,7 @@ public: return true; } - Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) final { + Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) const final { Status status = auth::checkAuthForWriteCommand( AuthorizationSession::get(opCtx->getClient()), _writeType, request); diff --git a/src/mongo/s/commands/commands_public.cpp b/src/mongo/s/commands/commands_public.cpp index 32ce21b65ea..354f6edaa41 100644 --- a/src/mongo/s/commands/commands_public.cpp +++ b/src/mongo/s/commands/commands_public.cpp @@ -256,7 +256,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::dropIndex); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -300,7 +300,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::createIndex); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -349,7 +349,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::reIndex); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -393,7 +393,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { const NamespaceString nss(CommandHelpers::parseNsCollectionRequired(dbname, cmdObj)); return AuthorizationSession::get(client)->checkAuthForCollMod(nss, cmdObj, true); } @@ -428,7 +428,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::validate); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -504,7 +504,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { const NamespaceString nss(CommandHelpers::parseNsCollectionRequired(dbname, cmdObj)); return AuthorizationSession::get(client)->checkAuthForCreate(nss, cmdObj, true); } @@ -532,7 +532,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return rename_collection::checkAuthForRenameCollectionCommand(client, dbname, cmdObj); } @@ -593,7 +593,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { return copydb::checkAuthForCopydbCommand(client, dbname, cmdObj); } @@ -663,7 +663,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::collStats); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -843,7 +843,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -929,7 +929,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::convertToCapped); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -951,7 +951,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -1033,7 +1033,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::splitVector)) { @@ -1070,7 +1070,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -1297,7 +1297,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), ActionType::find)); } @@ -1446,7 +1446,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -1581,7 +1581,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { // $eval can do pretty much anything, so require all privileges. RoleGraph::generateUniversalPrivileges(out); } @@ -1613,7 +1613,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { AuthorizationSession* authzSession = AuthorizationSession::get(client); // Check for the listCollections ActionType on the database @@ -1658,7 +1658,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { AuthorizationSession* authzSession = AuthorizationSession::get(client); // Check for the listIndexes ActionType on the database, or find on system.indexes for pre |