diff options
Diffstat (limited to 'src/mongo/db/commands/current_op.cpp')
| -rw-r--r-- | src/mongo/db/commands/current_op.cpp | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/mongo/db/commands/current_op.cpp b/src/mongo/db/commands/current_op.cpp index f15f60807e7..3447b9a1150 100644 --- a/src/mongo/db/commands/current_op.cpp +++ b/src/mongo/db/commands/current_op.cpp @@ -68,9 +68,18 @@ public: Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) final { - bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), ActionType::inprog); - return isAuthorized ? Status::OK() : Status(ErrorCodes::Unauthorized, "Unauthorized"); + AuthorizationSession* authzSession = AuthorizationSession::get(client); + if (authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), + ActionType::inprog)) { + return Status::OK(); + } + + bool isAuthenticated = authzSession->getAuthenticatedUserNames().more(); + if (isAuthenticated && cmdObj["$ownOps"].trueValue()) { + return Status::OK(); + } + + return Status(ErrorCodes::Unauthorized, "Unauthorized"); } bool run(OperationContext* txn, @@ -80,6 +89,7 @@ public: std::string& errmsg, BSONObjBuilder& result) final { const bool includeAll = cmdObj["$all"].trueValue(); + const bool ownOpsOnly = cmdObj["$ownOps"].trueValue(); // Filter the output BSONObj filter; @@ -92,6 +102,8 @@ public: BSONElement e = i.next(); if (str::equals("$all", e.fieldName())) { continue; + } else if (str::equals("$ownOps", e.fieldName())) { + continue; } b.append(e); @@ -113,6 +125,12 @@ public: invariant(client); stdx::lock_guard<Client> lk(*client); + + if (ownOpsOnly && + !AuthorizationSession::get(txn->getClient())->isCoauthorizedWithClient(client)) { + continue; + } + const OperationContext* opCtx = client->getOperationContext(); if (!includeAll) { |