diff options
Diffstat (limited to 'src/mongo/s/commands/cluster_create_indexes_cmd.cpp')
-rw-r--r-- | src/mongo/s/commands/cluster_create_indexes_cmd.cpp | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/mongo/s/commands/cluster_create_indexes_cmd.cpp b/src/mongo/s/commands/cluster_create_indexes_cmd.cpp index 3a56ea99141..7699a802d01 100644 --- a/src/mongo/s/commands/cluster_create_indexes_cmd.cpp +++ b/src/mongo/s/commands/cluster_create_indexes_cmd.cpp @@ -68,10 +68,16 @@ public: return false; } - void addRequiredPrivileges(const std::string& dbname, - const BSONObj& cmdObj, - std::vector<Privilege>* out) const final { - out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), ActionType::createIndex)); + Status checkAuthForOperation(OperationContext* opCtx, + const DatabaseName& dbName, + const BSONObj& cmdObj) const override { + auto* as = AuthorizationSession::get(opCtx->getClient()); + if (!as->isAuthorizedForActionsOnResource(parseResourcePattern(dbName.db(), cmdObj), + ActionType::createIndex)) { + return {ErrorCodes::Unauthorized, "unauthorized"}; + } + + return Status::OK(); } bool supportsWriteConcern(const BSONObj& cmd) const final { |