diff options
Diffstat (limited to 'src/mongo/db/commands.cpp')
-rw-r--r-- | src/mongo/db/commands.cpp | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/src/mongo/db/commands.cpp b/src/mongo/db/commands.cpp index 65560607e50..4b5b6c527ab 100644 --- a/src/mongo/db/commands.cpp +++ b/src/mongo/db/commands.cpp @@ -312,6 +312,12 @@ Status Command::parseCommandCursorOptions(const BSONObj& cmdObj, return Status::OK(); } +Status Command::checkAuthForOperation(OperationContext* txn, + const std::string& dbname, + const BSONObj& cmdObj) { + return checkAuthForCommand(txn->getClient(), dbname, cmdObj); +} + Status Command::checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { @@ -341,16 +347,17 @@ void Command::logIfSlow(const Timer& timer, const string& msg) { } static Status _checkAuthorizationImpl(Command* c, - ClientBasic* client, + OperationContext* txn, const std::string& dbname, const BSONObj& cmdObj) { namespace mmb = mutablebson; + auto client = txn->getClient(); if (c->adminOnly() && dbname != "admin") { return Status(ErrorCodes::Unauthorized, str::stream() << c->name << " may only be run against the admin database."); } if (AuthorizationSession::get(client)->getAuthorizationManager().isAuthEnabled()) { - Status status = c->checkAuthForCommand(client, dbname, cmdObj); + Status status = c->checkAuthForOperation(txn, dbname, cmdObj); if (status == ErrorCodes::Unauthorized) { mmb::Document cmdToLog(cmdObj, mmb::Document::kInPlaceDisabled); c->redactForLogging(&cmdToLog); @@ -370,16 +377,16 @@ static Status _checkAuthorizationImpl(Command* c, return Status::OK(); } -Status Command::_checkAuthorization(Command* c, - ClientBasic* client, - const std::string& dbname, - const BSONObj& cmdObj) { +Status Command::checkAuthorization(Command* c, + OperationContext* txn, + const std::string& dbname, + const BSONObj& cmdObj) { namespace mmb = mutablebson; - Status status = _checkAuthorizationImpl(c, client, dbname, cmdObj); + Status status = _checkAuthorizationImpl(c, txn, dbname, cmdObj); if (!status.isOK()) { - log(LogComponent::kAccessControl) << status << std::endl; + log(LogComponent::kAccessControl) << status; } - audit::logCommandAuthzCheck(client, dbname, cmdObj, c, status.code()); + audit::logCommandAuthzCheck(txn->getClient(), dbname, cmdObj, c, status.code()); return status; } |