summaryrefslogtreecommitdiff
path: root/src/mongo/s/commands/cluster_create_indexes_cmd.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/s/commands/cluster_create_indexes_cmd.cpp')
-rw-r--r--src/mongo/s/commands/cluster_create_indexes_cmd.cpp14
1 files changed, 10 insertions, 4 deletions
diff --git a/src/mongo/s/commands/cluster_create_indexes_cmd.cpp b/src/mongo/s/commands/cluster_create_indexes_cmd.cpp
index 3a56ea99141..7699a802d01 100644
--- a/src/mongo/s/commands/cluster_create_indexes_cmd.cpp
+++ b/src/mongo/s/commands/cluster_create_indexes_cmd.cpp
@@ -68,10 +68,16 @@ public:
return false;
}
- void addRequiredPrivileges(const std::string& dbname,
- const BSONObj& cmdObj,
- std::vector<Privilege>* out) const final {
- out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), ActionType::createIndex));
+ Status checkAuthForOperation(OperationContext* opCtx,
+ const DatabaseName& dbName,
+ const BSONObj& cmdObj) const override {
+ auto* as = AuthorizationSession::get(opCtx->getClient());
+ if (!as->isAuthorizedForActionsOnResource(parseResourcePattern(dbName.db(), cmdObj),
+ ActionType::createIndex)) {
+ return {ErrorCodes::Unauthorized, "unauthorized"};
+ }
+
+ return Status::OK();
}
bool supportsWriteConcern(const BSONObj& cmd) const final {
View Lorry Controller Status