diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/mongo/db/dbcommands.cpp | 2 | ||||
-rw-r--r-- | src/mongo/db/ops/insert.cpp | 8 | ||||
-rw-r--r-- | src/mongo/db/ops/insert.h | 11 |
3 files changed, 17 insertions, 4 deletions
diff --git a/src/mongo/db/dbcommands.cpp b/src/mongo/db/dbcommands.cpp index 1c619bff82b..a9cb7c6e88b 100644 --- a/src/mongo/db/dbcommands.cpp +++ b/src/mongo/db/dbcommands.cpp @@ -583,7 +583,7 @@ namespace mongo { "must pass name of collection to create", firstElt.valuestrsafe()[0] != '\0'); - Status status = userAllowedWriteNS( dbname, firstElt.valuestr() ); + Status status = userAllowedCreateNS( dbname, firstElt.valuestr() ); if ( !status.isOK() ) { return appendCommandStatus( result, status ); } diff --git a/src/mongo/db/ops/insert.cpp b/src/mongo/db/ops/insert.cpp index 131ebbc67b7..707bdfd4792 100644 --- a/src/mongo/db/ops/insert.cpp +++ b/src/mongo/db/ops/insert.cpp @@ -141,6 +141,14 @@ namespace mongo { } Status userAllowedWriteNS( const StringData& db, const StringData& coll ) { + if ( coll == "system.profile" ) { + return Status( ErrorCodes::BadValue, + str::stream() << "cannot write to '" << db << ".system.profile'" ); + } + return userAllowedCreateNS( db, coll ); + } + + Status userAllowedCreateNS( const StringData& db, const StringData& coll ) { // validity checking if ( db.size() == 0 ) diff --git a/src/mongo/db/ops/insert.h b/src/mongo/db/ops/insert.h index cc3082c2f4b..b449bfb6301 100644 --- a/src/mongo/db/ops/insert.h +++ b/src/mongo/db/ops/insert.h @@ -41,12 +41,17 @@ namespace mongo { /** - * check if this is a collection _any_ user can write to - * does NOT to permission checking, that is elsewhere - * for example, can't write to foo.system.bar + * Returns Status::OK() if this namespace is valid for user write operations. If not, returns + * an error Status. */ Status userAllowedWriteNS( const StringData& db, const StringData& coll ); Status userAllowedWriteNS( const StringData& ns ); Status userAllowedWriteNS( const NamespaceString& ns ); + /** + * Returns Status::OK() if the namespace described by (db, coll) is valid for user create + * operations. If not, returns an error Status. + */ + Status userAllowedCreateNS( const StringData& db, const StringData& coll ); + } |