summaryrefslogtreecommitdiff
path: root/src/mongo/s/commands_admin.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/s/commands_admin.cpp')
-rw-r--r--src/mongo/s/commands_admin.cpp27
1 files changed, 20 insertions, 7 deletions
diff --git a/src/mongo/s/commands_admin.cpp b/src/mongo/s/commands_admin.cpp
index 5280ce55def..0e91748dfd8 100644
--- a/src/mongo/s/commands_admin.cpp
+++ b/src/mongo/s/commands_admin.cpp
@@ -192,10 +192,12 @@ namespace mongo {
virtual void help( stringstream& help ) const {
help << " example: { moveprimary : 'foo' , to : 'localhost:9999' }";
}
- virtual Status checkAuthForCommand(ClientBasic* client,
+ virtual Status checkAuthForCommand(OperationContext* txn,
+ ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ txn,
ResourcePattern::forDatabaseName(parseNs(dbname, cmdObj)),
ActionType::moveChunk)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
@@ -387,10 +389,12 @@ namespace mongo {
<< "Enable sharding for a db. (Use 'shardcollection' command afterwards.)\n"
<< " { enablesharding : \"<dbname>\" }\n";
}
- virtual Status checkAuthForCommand(ClientBasic* client,
+ virtual Status checkAuthForCommand(OperationContext* txn,
+ ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ txn,
ResourcePattern::forDatabaseName(parseNs(dbname, cmdObj)),
ActionType::enableSharding)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
@@ -445,10 +449,12 @@ namespace mongo {
<< "Shard a collection. Requires key. Optional unique. Sharding must already be enabled for the database.\n"
<< " { enablesharding : \"<dbname>\" }\n";
}
- virtual Status checkAuthForCommand(ClientBasic* client,
+ virtual Status checkAuthForCommand(OperationContext* txn,
+ ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ txn,
ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname,
cmdObj))),
ActionType::enableSharding)) {
@@ -830,10 +836,12 @@ namespace mongo {
virtual void help( stringstream& help ) const {
help << " example: { getShardVersion : 'alleyinsider.foo' } ";
}
- virtual Status checkAuthForCommand(ClientBasic* client,
+ virtual Status checkAuthForCommand(OperationContext* txn,
+ ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ txn,
ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname,
cmdObj))),
ActionType::getShardVersion)) {
@@ -881,10 +889,12 @@ namespace mongo {
<< " NOTE: this does not move the chunks, it merely creates a logical separation \n"
;
}
- virtual Status checkAuthForCommand(ClientBasic* client,
+ virtual Status checkAuthForCommand(OperationContext* txn,
+ ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ txn,
ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname,
cmdObj))),
ActionType::splitChunk)) {
@@ -1043,10 +1053,12 @@ namespace mongo {
<< " { movechunk : 'test.foo' , bounds : [ { num : 0 } , { num : 10 } ] "
<< " , to : 'shard001' }\n";
}
- virtual Status checkAuthForCommand(ClientBasic* client,
+ virtual Status checkAuthForCommand(OperationContext* txn,
+ ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ txn,
ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname,
cmdObj))),
ActionType::moveChunk)) {
@@ -1866,7 +1878,8 @@ namespace mongo {
virtual bool adminOnly() const { return true; }
virtual bool isWriteCommandForConfigServer() const { return false; }
virtual void help( stringstream& help ) const { help << "Not supported through mongos"; }
- virtual Status checkAuthForCommand(ClientBasic* client,
+ virtual Status checkAuthForCommand(OperationContext* txn,
+ ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
return Status::OK(); // Require no auth since this command isn't supported in mongos
View Lorry Controller Status