diff options
-rw-r--r-- | src/mongo/db/s/vector_clock_persist_command.cpp | 14 | ||||
-rw-r--r-- | src/mongo/db/vector_clock_mongod.cpp | 2 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/mongo/db/s/vector_clock_persist_command.cpp b/src/mongo/db/s/vector_clock_persist_command.cpp index 9e491b367fc..9df463430c4 100644 --- a/src/mongo/db/s/vector_clock_persist_command.cpp +++ b/src/mongo/db/s/vector_clock_persist_command.cpp @@ -31,6 +31,8 @@ #include "mongo/platform/basic.h" +#include "mongo/db/auth/action_type.h" +#include "mongo/db/auth/authorization_session.h" #include "mongo/db/commands.h" #include "mongo/db/s/sharding_state.h" #include "mongo/db/vector_clock_mutable.h" @@ -45,6 +47,18 @@ class VectorClockPersistCommand : public BasicCommand { public: VectorClockPersistCommand() : BasicCommand("_vectorClockPersist") {} + Status checkAuthForCommand(Client* client, + const std::string& dbname, + const BSONObj& cmdObj) const override { + uassert(ErrorCodes::Unauthorized, + "Unauthorized", + AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( + ResourcePattern::forDatabaseName( + NamespaceString::kVectorClockNamespace.db().toString()), + ActionType::internal)); + return Status::OK(); + } + AllowedOnSecondary secondaryAllowed(ServiceContext*) const override { return AllowedOnSecondary::kNever; } diff --git a/src/mongo/db/vector_clock_mongod.cpp b/src/mongo/db/vector_clock_mongod.cpp index 7d66266aa42..90c7261bbb7 100644 --- a/src/mongo/db/vector_clock_mongod.cpp +++ b/src/mongo/db/vector_clock_mongod.cpp @@ -367,7 +367,7 @@ Future<void> VectorClockMongoD::_doWhileQueueNotEmptyOrError(ServiceContext* ser auto cmdResponse = uassertStatusOK(selfShard->runCommandWithFixedRetryAttempts( opCtx, ReadPreferenceSetting{ReadPreference::PrimaryOnly}, - NamespaceString::kVectorClockNamespace.toString(), + NamespaceString::kVectorClockNamespace.db().toString(), BSON("_vectorClockPersist" << 1), Seconds{30}, Shard::RetryPolicy::kIdempotent)); |