diff options
Diffstat (limited to 'src/mongo/db/commands')
80 files changed, 132 insertions, 132 deletions
diff --git a/src/mongo/db/commands/apply_ops_cmd.cpp b/src/mongo/db/commands/apply_ops_cmd.cpp index f80e38bb0b5..8f34bb2243e 100644 --- a/src/mongo/db/commands/apply_ops_cmd.cpp +++ b/src/mongo/db/commands/apply_ops_cmd.cpp @@ -217,7 +217,7 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { OplogApplicationValidity validity = validateApplyOpsCommand(cmdObj); return OplogApplicationChecks::checkAuthForCommand(opCtx, dbname, cmdObj, validity); } diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp index 0b925c3d84c..a9d39eda35d 100644 --- a/src/mongo/db/commands/authentication_commands.cpp +++ b/src/mongo/db/commands/authentication_commands.cpp @@ -111,7 +111,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) final { + std::vector<Privilege>* out) const final { // No auth required since this command was explicitly part // of an authentication workflow. } @@ -264,7 +264,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required std::string help() const override { return "de-authenticate"; } diff --git a/src/mongo/db/commands/authentication_commands.h b/src/mongo/db/commands/authentication_commands.h index 5e886827256..c79dc4a6979 100644 --- a/src/mongo/db/commands/authentication_commands.h +++ b/src/mongo/db/commands/authentication_commands.h @@ -51,7 +51,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required CmdAuthenticate() : BasicCommand("authenticate") {} bool run(OperationContext* opCtx, diff --git a/src/mongo/db/commands/clone.cpp b/src/mongo/db/commands/clone.cpp index 0e50419a5df..e8f305b8b3b 100644 --- a/src/mongo/db/commands/clone.cpp +++ b/src/mongo/db/commands/clone.cpp @@ -71,7 +71,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { ActionSet actions; actions.addAction(ActionType::insert); actions.addAction(ActionType::createIndex); diff --git a/src/mongo/db/commands/clone_collection.cpp b/src/mongo/db/commands/clone_collection.cpp index 493ea75d044..abaafb799e0 100644 --- a/src/mongo/db/commands/clone_collection.cpp +++ b/src/mongo/db/commands/clone_collection.cpp @@ -77,7 +77,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { std::string ns = parseNs(dbname, cmdObj); ActionSet actions; diff --git a/src/mongo/db/commands/collection_to_capped.cpp b/src/mongo/db/commands/collection_to_capped.cpp index 56dad067123..6f5929b6aae 100644 --- a/src/mongo/db/commands/collection_to_capped.cpp +++ b/src/mongo/db/commands/collection_to_capped.cpp @@ -63,7 +63,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet sourceActions; sourceActions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), sourceActions)); @@ -162,7 +162,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::convertToCapped); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/compact.cpp b/src/mongo/db/commands/compact.cpp index 4a52700118c..4426d196e80 100644 --- a/src/mongo/db/commands/compact.cpp +++ b/src/mongo/db/commands/compact.cpp @@ -69,7 +69,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::compact); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/conn_pool_stats.cpp b/src/mongo/db/commands/conn_pool_stats.cpp index e799257d923..ac1a87973e8 100644 --- a/src/mongo/db/commands/conn_pool_stats.cpp +++ b/src/mongo/db/commands/conn_pool_stats.cpp @@ -63,7 +63,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::connPoolStats); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/conn_pool_sync.cpp b/src/mongo/db/commands/conn_pool_sync.cpp index ecf135bb7e6..cd3526bb885 100644 --- a/src/mongo/db/commands/conn_pool_sync.cpp +++ b/src/mongo/db/commands/conn_pool_sync.cpp @@ -48,7 +48,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::connPoolSync); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/connection_status.cpp b/src/mongo/db/commands/connection_status.cpp index 80b4fdd9e2c..1b0ebef49e9 100644 --- a/src/mongo/db/commands/connection_status.cpp +++ b/src/mongo/db/commands/connection_status.cpp @@ -49,7 +49,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required std::string help() const override { return "Returns connection-specific information such as logged-in users and their roles"; diff --git a/src/mongo/db/commands/copydb.cpp b/src/mongo/db/commands/copydb.cpp index 99178166050..1681f1883a1 100644 --- a/src/mongo/db/commands/copydb.cpp +++ b/src/mongo/db/commands/copydb.cpp @@ -105,7 +105,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return copydb::checkAuthForCopydbCommand(client, dbname, cmdObj); } diff --git a/src/mongo/db/commands/copydb_start_commands.cpp b/src/mongo/db/commands/copydb_start_commands.cpp index 6f675971ea0..1006c04600b 100644 --- a/src/mongo/db/commands/copydb_start_commands.cpp +++ b/src/mongo/db/commands/copydb_start_commands.cpp @@ -88,7 +88,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { // No auth required return Status::OK(); } diff --git a/src/mongo/db/commands/count_cmd.cpp b/src/mongo/db/commands/count_cmd.cpp index 336bcad29e0..61b057fd645 100644 --- a/src/mongo/db/commands/count_cmd.cpp +++ b/src/mongo/db/commands/count_cmd.cpp @@ -95,7 +95,7 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); if (!authSession->isAuthorizedToParseNamespaceElement(cmdObj.firstElement())) { diff --git a/src/mongo/db/commands/cpuload.cpp b/src/mongo/db/commands/cpuload.cpp index 587ee0af693..1b388967b32 100644 --- a/src/mongo/db/commands/cpuload.cpp +++ b/src/mongo/db/commands/cpuload.cpp @@ -57,7 +57,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required virtual bool run(OperationContext* txn, const string& badns, const BSONObj& cmdObj, diff --git a/src/mongo/db/commands/create_indexes.cpp b/src/mongo/db/commands/create_indexes.cpp index a38c935163c..830d7098f78 100644 --- a/src/mongo/db/commands/create_indexes.cpp +++ b/src/mongo/db/commands/create_indexes.cpp @@ -222,7 +222,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { ActionSet actions; actions.addAction(ActionType::createIndex); Privilege p(parseResourcePattern(dbname, cmdObj), actions); diff --git a/src/mongo/db/commands/current_op.cpp b/src/mongo/db/commands/current_op.cpp index c742e9fba31..04311da1d43 100644 --- a/src/mongo/db/commands/current_op.cpp +++ b/src/mongo/db/commands/current_op.cpp @@ -48,7 +48,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbName, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { AuthorizationSession* authzSession = AuthorizationSession::get(client); if (authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), ActionType::inprog)) { diff --git a/src/mongo/db/commands/dbcheck.cpp b/src/mongo/db/commands/dbcheck.cpp index 3cbc2abe362..e7411fb0962 100644 --- a/src/mongo/db/commands/dbcheck.cpp +++ b/src/mongo/db/commands/dbcheck.cpp @@ -515,7 +515,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { // For now, just use `find` permissions. const NamespaceString nss(parseNs(dbname, cmdObj)); diff --git a/src/mongo/db/commands/dbcommands.cpp b/src/mongo/db/commands/dbcommands.cpp index e469c641ec6..fb23ebb8dd4 100644 --- a/src/mongo/db/commands/dbcommands.cpp +++ b/src/mongo/db/commands/dbcommands.cpp @@ -153,7 +153,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::dropDatabase); out->push_back(Privilege(ResourcePattern::forDatabaseName(dbname), actions)); @@ -227,7 +227,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::repairDatabase); out->push_back(Privilege(ResourcePattern::forDatabaseName(dbname), actions)); @@ -314,7 +314,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { AuthorizationSession* authzSession = AuthorizationSession::get(client); if (cmdObj.firstElement().numberInt() == -1 && !cmdObj.hasField("slowms") && @@ -404,7 +404,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::dropCollection); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -470,7 +470,7 @@ public: } virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { const NamespaceString nss(parseNs(dbname, cmdObj)); return AuthorizationSession::get(client)->checkAuthForCreate(nss, cmdObj, false); } @@ -599,7 +599,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), ActionType::find)); } @@ -768,7 +768,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -910,7 +910,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::collStats); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -959,7 +959,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { const NamespaceString nss(parseNs(dbname, cmdObj)); return AuthorizationSession::get(client)->checkAuthForCollMod(nss, cmdObj, false); } @@ -992,7 +992,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::dbStats); out->push_back(Privilege(ResourcePattern::forDatabaseName(dbname), actions)); @@ -1085,7 +1085,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required virtual bool run(OperationContext* opCtx, const string& dbname, const BSONObj& cmdObj, @@ -1107,7 +1107,7 @@ public: } virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return Status::OK(); } diff --git a/src/mongo/db/commands/dbhash.cpp b/src/mongo/db/commands/dbhash.cpp index e16a3068d12..55d431b63f4 100644 --- a/src/mongo/db/commands/dbhash.cpp +++ b/src/mongo/db/commands/dbhash.cpp @@ -68,7 +68,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::dbHash); out->push_back(Privilege(ResourcePattern::forDatabaseName(dbname), actions)); diff --git a/src/mongo/db/commands/distinct.cpp b/src/mongo/db/commands/distinct.cpp index 99e42d567ae..1a4902b6158 100644 --- a/src/mongo/db/commands/distinct.cpp +++ b/src/mongo/db/commands/distinct.cpp @@ -100,7 +100,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/do_txn_cmd.cpp b/src/mongo/db/commands/do_txn_cmd.cpp index 20ea0938360..76b019c1b6f 100644 --- a/src/mongo/db/commands/do_txn_cmd.cpp +++ b/src/mongo/db/commands/do_txn_cmd.cpp @@ -146,7 +146,7 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { OplogApplicationValidity validity = validateDoTxnCommand(cmdObj); return OplogApplicationChecks::checkAuthForCommand(opCtx, dbname, cmdObj, validity); } diff --git a/src/mongo/db/commands/driverHelpers.cpp b/src/mongo/db/commands/driverHelpers.cpp index 9caef43f7b1..f6788ce5915 100644 --- a/src/mongo/db/commands/driverHelpers.cpp +++ b/src/mongo/db/commands/driverHelpers.cpp @@ -70,7 +70,7 @@ public: ObjectIdTest() : BasicDriverHelper("driverOIDTest") {} virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required virtual bool errmsgRun(OperationContext* opCtx, const string&, const BSONObj& cmdObj, diff --git a/src/mongo/db/commands/drop_indexes.cpp b/src/mongo/db/commands/drop_indexes.cpp index 11cbed2f00c..bf46dab3401 100644 --- a/src/mongo/db/commands/drop_indexes.cpp +++ b/src/mongo/db/commands/drop_indexes.cpp @@ -77,7 +77,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::dropIndex); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); @@ -107,7 +107,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::reIndex); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/end_sessions_command.cpp b/src/mongo/db/commands/end_sessions_command.cpp index 9397d39f841..032efaf0a67 100644 --- a/src/mongo/db/commands/end_sessions_command.cpp +++ b/src/mongo/db/commands/end_sessions_command.cpp @@ -58,7 +58,7 @@ public: } Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { // It is always ok to run this command, as long as you are authenticated // as some user, if auth is enabled. AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); diff --git a/src/mongo/db/commands/eval.cpp b/src/mongo/db/commands/eval.cpp index 0ae44555037..6d94aa40990 100644 --- a/src/mongo/db/commands/eval.cpp +++ b/src/mongo/db/commands/eval.cpp @@ -168,7 +168,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { RoleGraph::generateUniversalPrivileges(out); } diff --git a/src/mongo/db/commands/explain_cmd.cpp b/src/mongo/db/commands/explain_cmd.cpp index 0c5ffb15a06..a525ba4c0ce 100644 --- a/src/mongo/db/commands/explain_cmd.cpp +++ b/src/mongo/db/commands/explain_cmd.cpp @@ -100,7 +100,7 @@ public: */ virtual Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { if (Object != cmdObj.firstElement().type()) { return Status(ErrorCodes::BadValue, "explain command requires a nested object"); } diff --git a/src/mongo/db/commands/fail_point_cmd.cpp b/src/mongo/db/commands/fail_point_cmd.cpp index 940bc33e6a4..6bef1019d0c 100644 --- a/src/mongo/db/commands/fail_point_cmd.cpp +++ b/src/mongo/db/commands/fail_point_cmd.cpp @@ -83,7 +83,7 @@ public: // No auth needed because it only works when enabled via command line. virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} + std::vector<Privilege>* out) const {} std::string help() const override { return "modifies the settings of a fail point"; diff --git a/src/mongo/db/commands/find_and_modify.cpp b/src/mongo/db/commands/find_and_modify.cpp index d5ebaf935c5..b999b982835 100644 --- a/src/mongo/db/commands/find_and_modify.cpp +++ b/src/mongo/db/commands/find_and_modify.cpp @@ -237,7 +237,7 @@ public: void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) override { + std::vector<Privilege>* out) const override { find_and_modify::addPrivilegesRequiredForFindAndModify(this, dbname, cmdObj, out); } diff --git a/src/mongo/db/commands/find_and_modify_common.cpp b/src/mongo/db/commands/find_and_modify_common.cpp index f61c205bb9c..5b3d6eb02d9 100644 --- a/src/mongo/db/commands/find_and_modify_common.cpp +++ b/src/mongo/db/commands/find_and_modify_common.cpp @@ -41,7 +41,7 @@ namespace mongo { namespace find_and_modify { -void addPrivilegesRequiredForFindAndModify(Command* commandTemplate, +void addPrivilegesRequiredForFindAndModify(const Command* commandTemplate, const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out) { diff --git a/src/mongo/db/commands/find_and_modify_common.h b/src/mongo/db/commands/find_and_modify_common.h index cd6c08e7c25..899cebda97e 100644 --- a/src/mongo/db/commands/find_and_modify_common.h +++ b/src/mongo/db/commands/find_and_modify_common.h @@ -40,7 +40,7 @@ class Command; namespace find_and_modify { -void addPrivilegesRequiredForFindAndModify(Command* commandTemplate, +void addPrivilegesRequiredForFindAndModify(const Command* commandTemplate, const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out); diff --git a/src/mongo/db/commands/find_cmd.cpp b/src/mongo/db/commands/find_cmd.cpp index 494542a3279..c337efc9389 100644 --- a/src/mongo/db/commands/find_cmd.cpp +++ b/src/mongo/db/commands/find_cmd.cpp @@ -113,7 +113,7 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); if (!authSession->isAuthorizedToParseNamespaceElement(cmdObj.firstElement())) { diff --git a/src/mongo/db/commands/fsync.cpp b/src/mongo/db/commands/fsync.cpp index 7c4a3799007..0aa673971c2 100644 --- a/src/mongo/db/commands/fsync.cpp +++ b/src/mongo/db/commands/fsync.cpp @@ -112,7 +112,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::fsync); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -283,7 +283,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::unlock); diff --git a/src/mongo/db/commands/generic.cpp b/src/mongo/db/commands/generic.cpp index 3d7115528f7..976a6e5f17a 100644 --- a/src/mongo/db/commands/generic.cpp +++ b/src/mongo/db/commands/generic.cpp @@ -86,7 +86,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required std::string help() const override { return "get version #, etc.\n" "{ buildinfo:1 }"; @@ -122,7 +122,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required virtual bool requiresAuth() const override { return false; } @@ -149,7 +149,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required virtual bool run(OperationContext* opCtx, const string& ns, const BSONObj& cmdObj, @@ -186,7 +186,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::hostInfo); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -232,7 +232,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::logRotate); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -266,7 +266,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required virtual bool run(OperationContext* opCtx, const string& ns, const BSONObj& cmdObj, @@ -315,7 +315,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::getLog); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -386,7 +386,7 @@ public: } Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { // No access control needed since this command is a testing-only command that must be // enabled at the command line. return Status::OK(); @@ -441,7 +441,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::getCmdLineOpts); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -464,7 +464,7 @@ int* volatile illegalAddress; // NOLINT - used for fail point only void CmdShutdown::addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::shutdown); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/geo_near_cmd.cpp b/src/mongo/db/commands/geo_near_cmd.cpp index 7cf8a3b7e02..6001eef5786 100644 --- a/src/mongo/db/commands/geo_near_cmd.cpp +++ b/src/mongo/db/commands/geo_near_cmd.cpp @@ -97,7 +97,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/get_last_error.cpp b/src/mongo/db/commands/get_last_error.cpp index 0eb1a9939a0..7828b3ecfdd 100644 --- a/src/mongo/db/commands/get_last_error.cpp +++ b/src/mongo/db/commands/get_last_error.cpp @@ -65,7 +65,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required bool requiresAuth() const override { return false; @@ -95,7 +95,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required bool requiresAuth() const override { return false; @@ -321,7 +321,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required CmdGetPrevError() : BasicCommand("getPrevError", "getpreverror") {} bool run(OperationContext* opCtx, const string& dbname, diff --git a/src/mongo/db/commands/getmore_cmd.cpp b/src/mongo/db/commands/getmore_cmd.cpp index 16e5261dbde..1e57c922448 100644 --- a/src/mongo/db/commands/getmore_cmd.cpp +++ b/src/mongo/db/commands/getmore_cmd.cpp @@ -140,7 +140,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { StatusWith<GetMoreRequest> parseStatus = GetMoreRequest::parseFromBSON(dbname, cmdObj); if (!parseStatus.isOK()) { return parseStatus.getStatus(); diff --git a/src/mongo/db/commands/group_cmd.cpp b/src/mongo/db/commands/group_cmd.cpp index 62f9ee7bbb3..c9f6d8311b8 100644 --- a/src/mongo/db/commands/group_cmd.cpp +++ b/src/mongo/db/commands/group_cmd.cpp @@ -95,7 +95,7 @@ private: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { const NamespaceString nss(parseNs(dbname, cmdObj)); if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnNamespace( diff --git a/src/mongo/db/commands/hashcmd.cpp b/src/mongo/db/commands/hashcmd.cpp index 021ccfd573a..3339c48e2d1 100644 --- a/src/mongo/db/commands/hashcmd.cpp +++ b/src/mongo/db/commands/hashcmd.cpp @@ -62,7 +62,7 @@ public: // No auth needed because it only works when enabled via command line. virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} + std::vector<Privilege>* out) const {} std::string help() const override { return "returns the hash of the first BSONElement val in a BSONObj"; } diff --git a/src/mongo/db/commands/haystack.cpp b/src/mongo/db/commands/haystack.cpp index 61ccbbb00bc..c8fa1d279f3 100644 --- a/src/mongo/db/commands/haystack.cpp +++ b/src/mongo/db/commands/haystack.cpp @@ -88,7 +88,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/index_filter_commands.cpp b/src/mongo/db/commands/index_filter_commands.cpp index 5bbae6c6de0..2f2a4fa3863 100644 --- a/src/mongo/db/commands/index_filter_commands.cpp +++ b/src/mongo/db/commands/index_filter_commands.cpp @@ -139,7 +139,7 @@ std::string IndexFilterCommand::help() const { Status IndexFilterCommand::checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); diff --git a/src/mongo/db/commands/index_filter_commands.h b/src/mongo/db/commands/index_filter_commands.h index 72f758806c5..d947f198573 100644 --- a/src/mongo/db/commands/index_filter_commands.h +++ b/src/mongo/db/commands/index_filter_commands.h @@ -80,7 +80,7 @@ public: */ virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj); + const BSONObj& cmdObj) const; /** * Subset of command arguments used by index filter commands diff --git a/src/mongo/db/commands/isself.cpp b/src/mongo/db/commands/isself.cpp index e3c7d077aae..b274a85e963 100644 --- a/src/mongo/db/commands/isself.cpp +++ b/src/mongo/db/commands/isself.cpp @@ -53,7 +53,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} // No auth required + std::vector<Privilege>* out) const {} // No auth required bool run(OperationContext* opCtx, const string& dbname, const BSONObj& cmdObj, diff --git a/src/mongo/db/commands/kill_all_sessions_by_pattern_command.cpp b/src/mongo/db/commands/kill_all_sessions_by_pattern_command.cpp index 645c5e83c2c..583e1a71e44 100644 --- a/src/mongo/db/commands/kill_all_sessions_by_pattern_command.cpp +++ b/src/mongo/db/commands/kill_all_sessions_by_pattern_command.cpp @@ -71,7 +71,7 @@ public: } Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); if (!authSession->isAuthorizedForPrivilege( Privilege{ResourcePattern::forClusterResource(), ActionType::killAnySession})) { diff --git a/src/mongo/db/commands/kill_all_sessions_command.cpp b/src/mongo/db/commands/kill_all_sessions_command.cpp index 4605a5f1964..06d5d857fb2 100644 --- a/src/mongo/db/commands/kill_all_sessions_command.cpp +++ b/src/mongo/db/commands/kill_all_sessions_command.cpp @@ -71,7 +71,7 @@ public: } Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); if (!authSession->isAuthorizedForPrivilege( Privilege{ResourcePattern::forClusterResource(), ActionType::killAnySession})) { diff --git a/src/mongo/db/commands/kill_op.cpp b/src/mongo/db/commands/kill_op.cpp index 8cc2754e919..61be46cbf9b 100644 --- a/src/mongo/db/commands/kill_op.cpp +++ b/src/mongo/db/commands/kill_op.cpp @@ -105,7 +105,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { AuthorizationSession* authzSession = AuthorizationSession::get(client); if (authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), diff --git a/src/mongo/db/commands/kill_sessions_command.cpp b/src/mongo/db/commands/kill_sessions_command.cpp index 55f8dfc1a2d..3a4e5f08c9f 100644 --- a/src/mongo/db/commands/kill_sessions_command.cpp +++ b/src/mongo/db/commands/kill_sessions_command.cpp @@ -100,7 +100,7 @@ public: // Any user can kill their own sessions Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { return Status::OK(); } diff --git a/src/mongo/db/commands/killcursors_common.cpp b/src/mongo/db/commands/killcursors_common.cpp index 51c7909f107..17933cf2cad 100644 --- a/src/mongo/db/commands/killcursors_common.cpp +++ b/src/mongo/db/commands/killcursors_common.cpp @@ -41,7 +41,7 @@ namespace mongo { Status KillCursorsCmdBase::checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { const auto statusWithRequest = KillCursorsRequest::parseFromBSON(dbname, cmdObj); if (!statusWithRequest.isOK()) { return statusWithRequest.getStatus(); diff --git a/src/mongo/db/commands/killcursors_common.h b/src/mongo/db/commands/killcursors_common.h index 90541adc709..ce8d8e30141 100644 --- a/src/mongo/db/commands/killcursors_common.h +++ b/src/mongo/db/commands/killcursors_common.h @@ -67,7 +67,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final; + const BSONObj& cmdObj) const final; bool run(OperationContext* opCtx, const std::string& dbname, diff --git a/src/mongo/db/commands/list_collections.cpp b/src/mongo/db/commands/list_collections.cpp index b92c59034ba..fcc11f66297 100644 --- a/src/mongo/db/commands/list_collections.cpp +++ b/src/mongo/db/commands/list_collections.cpp @@ -213,7 +213,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { AuthorizationSession* authzSession = AuthorizationSession::get(client); if (authzSession->isAuthorizedToListCollections(dbname)) { diff --git a/src/mongo/db/commands/list_databases.cpp b/src/mongo/db/commands/list_databases.cpp index 99bc8166021..a2112a5eeaa 100644 --- a/src/mongo/db/commands/list_databases.cpp +++ b/src/mongo/db/commands/list_databases.cpp @@ -78,7 +78,7 @@ public: */ Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { return Status::OK(); } diff --git a/src/mongo/db/commands/list_indexes.cpp b/src/mongo/db/commands/list_indexes.cpp index cef7130a20c..cad5073ffe3 100644 --- a/src/mongo/db/commands/list_indexes.cpp +++ b/src/mongo/db/commands/list_indexes.cpp @@ -92,7 +92,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { AuthorizationSession* authzSession = AuthorizationSession::get(client); if (!authzSession->isAuthorizedToParseNamespaceElement(cmdObj.firstElement())) { diff --git a/src/mongo/db/commands/lock_info.cpp b/src/mongo/db/commands/lock_info.cpp index 3e16e220e39..437813b2447 100644 --- a/src/mongo/db/commands/lock_info.cpp +++ b/src/mongo/db/commands/lock_info.cpp @@ -67,7 +67,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::serverStatus); return isAuthorized ? Status::OK() : Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/commands/mr.cpp b/src/mongo/db/commands/mr.cpp index ce7d144bfcc..49e47dcbb2f 100644 --- a/src/mongo/db/commands/mr.cpp +++ b/src/mongo/db/commands/mr.cpp @@ -1376,7 +1376,7 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { addPrivilegesRequiredForMapReduce(this, dbname, cmdObj, out); } @@ -1702,7 +1702,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::internal); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/mr.h b/src/mongo/db/commands/mr.h index c46e0d9c48a..27cb8688f01 100644 --- a/src/mongo/db/commands/mr.h +++ b/src/mongo/db/commands/mr.h @@ -413,7 +413,7 @@ protected: BSONObj fast_emit(const BSONObj& args, void* data); BSONObj _bailFromJS(const BSONObj& args, void* data); -void addPrivilegesRequiredForMapReduce(Command* commandTemplate, +void addPrivilegesRequiredForMapReduce(const Command* commandTemplate, const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out); diff --git a/src/mongo/db/commands/mr_common.cpp b/src/mongo/db/commands/mr_common.cpp index 0ca08c82aa0..89e1d2309f5 100644 --- a/src/mongo/db/commands/mr_common.cpp +++ b/src/mongo/db/commands/mr_common.cpp @@ -99,7 +99,7 @@ Config::OutputOptions Config::parseOutputOptions(const std::string& dbname, cons return outputOptions; } -void addPrivilegesRequiredForMapReduce(Command* commandTemplate, +void addPrivilegesRequiredForMapReduce(const Command* commandTemplate, const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out) { diff --git a/src/mongo/db/commands/oplog_note.cpp b/src/mongo/db/commands/oplog_note.cpp index 2f1d06b79b5..408e73fe0d7 100644 --- a/src/mongo/db/commands/oplog_note.cpp +++ b/src/mongo/db/commands/oplog_note.cpp @@ -105,7 +105,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::appendOplogNote)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/commands/parallel_collection_scan.cpp b/src/mongo/db/commands/parallel_collection_scan.cpp index 8a79411fc44..7df60e020a7 100644 --- a/src/mongo/db/commands/parallel_collection_scan.cpp +++ b/src/mongo/db/commands/parallel_collection_scan.cpp @@ -73,7 +73,7 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); if (!authSession->isAuthorizedToParseNamespaceElement(cmdObj.firstElement())) { diff --git a/src/mongo/db/commands/parameters.cpp b/src/mongo/db/commands/parameters.cpp index 391a1ffded8..d46bb62cc23 100644 --- a/src/mongo/db/commands/parameters.cpp +++ b/src/mongo/db/commands/parameters.cpp @@ -78,7 +78,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::getParameter); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -129,7 +129,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::setParameter); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/pipeline_command.cpp b/src/mongo/db/commands/pipeline_command.cpp index ae607f2713f..90a9c5f1852 100644 --- a/src/mongo/db/commands/pipeline_command.cpp +++ b/src/mongo/db/commands/pipeline_command.cpp @@ -74,7 +74,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { const NamespaceString nss(AggregationRequest::parseNs(dbname, cmdObj)); return AuthorizationSession::get(client)->checkAuthForAggregate(nss, cmdObj, false); } diff --git a/src/mongo/db/commands/plan_cache_commands.cpp b/src/mongo/db/commands/plan_cache_commands.cpp index a76100a90c7..db7cb438d79 100644 --- a/src/mongo/db/commands/plan_cache_commands.cpp +++ b/src/mongo/db/commands/plan_cache_commands.cpp @@ -134,7 +134,7 @@ std::string PlanCacheCommand::help() const { Status PlanCacheCommand::checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); diff --git a/src/mongo/db/commands/plan_cache_commands.h b/src/mongo/db/commands/plan_cache_commands.h index c883a189820..993c3714c93 100644 --- a/src/mongo/db/commands/plan_cache_commands.h +++ b/src/mongo/db/commands/plan_cache_commands.h @@ -75,7 +75,7 @@ public: */ virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj); + const BSONObj& cmdObj) const; /** * Subset of command arguments used by plan cache commands * Override to provide command functionality. diff --git a/src/mongo/db/commands/reap_logical_session_cache_now.cpp b/src/mongo/db/commands/reap_logical_session_cache_now.cpp index f04ee086359..e17d961c4f7 100644 --- a/src/mongo/db/commands/reap_logical_session_cache_now.cpp +++ b/src/mongo/db/commands/reap_logical_session_cache_now.cpp @@ -63,7 +63,7 @@ public: // No auth needed because it only works when enabled via command line. Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { return Status::OK(); } diff --git a/src/mongo/db/commands/refresh_logical_session_cache_now.cpp b/src/mongo/db/commands/refresh_logical_session_cache_now.cpp index ff3e018eede..19004e92b61 100644 --- a/src/mongo/db/commands/refresh_logical_session_cache_now.cpp +++ b/src/mongo/db/commands/refresh_logical_session_cache_now.cpp @@ -64,7 +64,7 @@ public: // No auth needed because it only works when enabled via command line. Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { return Status::OK(); } diff --git a/src/mongo/db/commands/refresh_sessions_command.cpp b/src/mongo/db/commands/refresh_sessions_command.cpp index 0570821ca1e..699f66b2ef3 100644 --- a/src/mongo/db/commands/refresh_sessions_command.cpp +++ b/src/mongo/db/commands/refresh_sessions_command.cpp @@ -60,7 +60,7 @@ public: } Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { // It is always ok to run this command, as long as you are authenticated // as some user, if auth is enabled. AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); diff --git a/src/mongo/db/commands/refresh_sessions_command_internal.cpp b/src/mongo/db/commands/refresh_sessions_command_internal.cpp index fa52de2caec..5cb63de9ee7 100644 --- a/src/mongo/db/commands/refresh_sessions_command_internal.cpp +++ b/src/mongo/db/commands/refresh_sessions_command_internal.cpp @@ -60,7 +60,7 @@ public: } Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { // Must be authenticated as an internal cluster member. auto authSession = AuthorizationSession::get(opCtx->getClient()); if (!authSession->isAuthorizedForPrivilege( diff --git a/src/mongo/db/commands/rename_collection_cmd.cpp b/src/mongo/db/commands/rename_collection_cmd.cpp index 01cba8c386a..c0946c041fd 100644 --- a/src/mongo/db/commands/rename_collection_cmd.cpp +++ b/src/mongo/db/commands/rename_collection_cmd.cpp @@ -70,7 +70,7 @@ public: } virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return rename_collection::checkAuthForRenameCollectionCommand(client, dbname, cmdObj); } std::string help() const override { diff --git a/src/mongo/db/commands/repair_cursor.cpp b/src/mongo/db/commands/repair_cursor.cpp index 12c4cfa3528..cc895825d96 100644 --- a/src/mongo/db/commands/repair_cursor.cpp +++ b/src/mongo/db/commands/repair_cursor.cpp @@ -58,7 +58,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { ActionSet actions; actions.addAction(ActionType::find); Privilege p(parseResourcePattern(dbname, cmdObj), actions); diff --git a/src/mongo/db/commands/resize_oplog.cpp b/src/mongo/db/commands/resize_oplog.cpp index ef853e9bb17..1e945fa1371 100644 --- a/src/mongo/db/commands/resize_oplog.cpp +++ b/src/mongo/db/commands/resize_oplog.cpp @@ -72,7 +72,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { AuthorizationSession* authzSession = AuthorizationSession::get(client); if (authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), ActionType::replSetResizeOplog)) { diff --git a/src/mongo/db/commands/restart_catalog_command.cpp b/src/mongo/db/commands/restart_catalog_command.cpp index ff722516cd9..bca80a8b856 100644 --- a/src/mongo/db/commands/restart_catalog_command.cpp +++ b/src/mongo/db/commands/restart_catalog_command.cpp @@ -49,7 +49,7 @@ public: Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) final { + const BSONObj& cmdObj) const final { // No auth checks as this is a testing-only command. return Status::OK(); } diff --git a/src/mongo/db/commands/server_status.cpp b/src/mongo/db/commands/server_status.cpp index 98aefce2f62..bb0ac579478 100644 --- a/src/mongo/db/commands/server_status.cpp +++ b/src/mongo/db/commands/server_status.cpp @@ -83,7 +83,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::serverStatus); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/set_feature_compatibility_version_command.cpp b/src/mongo/db/commands/set_feature_compatibility_version_command.cpp index ba82f10cc54..6383df1c6ce 100644 --- a/src/mongo/db/commands/set_feature_compatibility_version_command.cpp +++ b/src/mongo/db/commands/set_feature_compatibility_version_command.cpp @@ -95,7 +95,7 @@ public: Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::setFeatureCompatibilityVersion)) { diff --git a/src/mongo/db/commands/shutdown.h b/src/mongo/db/commands/shutdown.h index b000d6c27c2..ff6e3c99443 100644 --- a/src/mongo/db/commands/shutdown.h +++ b/src/mongo/db/commands/shutdown.h @@ -53,7 +53,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out); + std::vector<Privilege>* out) const; virtual bool supportsWriteConcern(const BSONObj& cmd) const override { return false; } diff --git a/src/mongo/db/commands/snapshot_management.cpp b/src/mongo/db/commands/snapshot_management.cpp index 096cdbf2582..97a0ce50a34 100644 --- a/src/mongo/db/commands/snapshot_management.cpp +++ b/src/mongo/db/commands/snapshot_management.cpp @@ -57,7 +57,7 @@ public: // No auth needed because it only works when enabled via command line. virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return Status::OK(); } @@ -105,7 +105,7 @@ public: // No auth needed because it only works when enabled via command line. virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return Status::OK(); } diff --git a/src/mongo/db/commands/start_session_command.cpp b/src/mongo/db/commands/start_session_command.cpp index a577cc01cb7..433831be3fc 100644 --- a/src/mongo/db/commands/start_session_command.cpp +++ b/src/mongo/db/commands/start_session_command.cpp @@ -65,7 +65,7 @@ public: } Status checkAuthForOperation(OperationContext* opCtx, const std::string& dbname, - const BSONObj& cmdObj) override { + const BSONObj& cmdObj) const override { return Status::OK(); } diff --git a/src/mongo/db/commands/test_commands.cpp b/src/mongo/db/commands/test_commands.cpp index c7c7c5db1a4..380804916e0 100644 --- a/src/mongo/db/commands/test_commands.cpp +++ b/src/mongo/db/commands/test_commands.cpp @@ -71,7 +71,7 @@ public: // No auth needed because it only works when enabled via command line. virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} + std::vector<Privilege>* out) const {} std::string help() const override { return "internal. for testing only."; } @@ -136,7 +136,7 @@ public: // No auth needed because it only works when enabled via command line. virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} + std::vector<Privilege>* out) const {} void _sleepInReadLock(mongo::OperationContext* opCtx, long long millis) { Lock::GlobalRead lk(opCtx); @@ -210,7 +210,7 @@ public: // No auth needed because it only works when enabled via command line. virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} + std::vector<Privilege>* out) const {} virtual bool run(OperationContext* opCtx, const string& dbname, const BSONObj& cmdObj, @@ -285,7 +285,7 @@ public: // No auth needed because it only works when enabled via command line. virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) {} + std::vector<Privilege>* out) const {} virtual bool run(OperationContext* opCtx, const string& dbname, diff --git a/src/mongo/db/commands/top_command.cpp b/src/mongo/db/commands/top_command.cpp index d7691005285..484c105b7a2 100644 --- a/src/mongo/db/commands/top_command.cpp +++ b/src/mongo/db/commands/top_command.cpp @@ -60,7 +60,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::top); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/touch.cpp b/src/mongo/db/commands/touch.cpp index 2423c3ae6bd..0459570129f 100644 --- a/src/mongo/db/commands/touch.cpp +++ b/src/mongo/db/commands/touch.cpp @@ -75,7 +75,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::touch); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index bd463217c76..4bc7275194b 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -625,7 +625,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForCreateUserCommand(client, dbname, cmdObj); } @@ -772,7 +772,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForUpdateUserCommand(client, dbname, cmdObj); } @@ -906,7 +906,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForDropUserCommand(client, dbname, cmdObj); } @@ -973,7 +973,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForDropAllUsersFromDatabaseCommand(client, dbname); } @@ -1029,7 +1029,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForGrantRolesToUserCommand(client, dbname, cmdObj); } @@ -1101,7 +1101,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForRevokeRolesFromUserCommand(client, dbname, cmdObj); } @@ -1173,7 +1173,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForUsersInfoCommand(client, dbname, cmdObj); } @@ -1295,7 +1295,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForCreateRoleCommand(client, dbname, cmdObj); } @@ -1416,7 +1416,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForUpdateRoleCommand(client, dbname, cmdObj); } @@ -1533,7 +1533,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForGrantPrivilegesToRoleCommand(client, dbname, cmdObj); } @@ -1643,7 +1643,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForRevokePrivilegesFromRoleCommand(client, dbname, cmdObj); } @@ -1755,7 +1755,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForGrantRolesToRoleCommand(client, dbname, cmdObj); } @@ -1844,7 +1844,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForRevokeRolesFromRoleCommand(client, dbname, cmdObj); } @@ -1931,7 +1931,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForDropRoleCommand(client, dbname, cmdObj); } @@ -2074,7 +2074,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForDropAllRolesFromDatabaseCommand(client, dbname); } @@ -2203,7 +2203,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForRolesInfoCommand(client, dbname, cmdObj); } @@ -2292,7 +2292,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForInvalidateUserCacheCommand(client); } @@ -2329,7 +2329,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForGetUserCacheGenerationCommand(client); } @@ -2376,7 +2376,7 @@ public: virtual Status checkAuthForCommand(Client* client, const std::string& dbname, - const BSONObj& cmdObj) { + const BSONObj& cmdObj) const { return auth::checkAuthForMergeAuthzCollectionsCommand(client, cmdObj); } diff --git a/src/mongo/db/commands/validate.cpp b/src/mongo/db/commands/validate.cpp index 1ef643d87cf..4f9ad0a507d 100644 --- a/src/mongo/db/commands/validate.cpp +++ b/src/mongo/db/commands/validate.cpp @@ -84,7 +84,7 @@ public: } virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, - std::vector<Privilege>* out) { + std::vector<Privilege>* out) const { ActionSet actions; actions.addAction(ActionType::validate); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); diff --git a/src/mongo/db/commands/write_commands/write_commands.cpp b/src/mongo/db/commands/write_commands/write_commands.cpp index 030c759102c..474c4e7e350 100644 --- a/src/mongo/db/commands/write_commands/write_commands.cpp +++ b/src/mongo/db/commands/write_commands/write_commands.cpp @@ -250,7 +250,7 @@ public: return "insert documents"; } - Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) final { + Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) const final { return checkAuthForWriteCommand( opCtx->getClient(), BatchedCommandRequest::BatchType_Insert, request); } @@ -281,7 +281,7 @@ public: return "update documents"; } - Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) final { + Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) const final { return checkAuthForWriteCommand( opCtx->getClient(), BatchedCommandRequest::BatchType_Update, request); } @@ -348,7 +348,7 @@ public: return "delete documents"; } - Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) final { + Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) const final { return checkAuthForWriteCommand( opCtx->getClient(), BatchedCommandRequest::BatchType_Delete, request); } |