From 504791ab80450817064977dcb11c524e977ebd18 Mon Sep 17 00:00:00 2001
From: Militsa Sotirova <militsa.sotirova@mongodb.com>
Date: Thu, 20 Apr 2023 15:01:01 +0000
Subject: SERVER-76126 Set user roles system variable only if referenced in
 query

---
 src/mongo/db/pipeline/expression_context.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/mongo/db/pipeline/expression_context.cpp')

diff --git a/src/mongo/db/pipeline/expression_context.cpp b/src/mongo/db/pipeline/expression_context.cpp
index 18254dedec9..41eee309189 100644
--- a/src/mongo/db/pipeline/expression_context.cpp
+++ b/src/mongo/db/pipeline/expression_context.cpp
@@ -279,12 +279,14 @@ void ExpressionContext::stopExpressionCounters() {
 }
 
 void ExpressionContext::setUserRoles() {
+    // Only set the value of $$USER_ROLES if it is referenced in the query.
     // We need to check the FCV here because the $$USER_ROLES variable will always appear in the
     // serialized command when one shard is sending a sub-query to another shard. The query will
     // fail in the case where the shards are running different binVersions and one of them does not
     // have a notion of this variable. This FCV check prevents this from happening, as the value of
     // the variable is not set (and therefore not serialized) if the FCV is too old.
-    if (serverGlobalParams.featureCompatibility.isVersionInitialized() &&
+    if (isSystemVarReferencedInQuery(Variables::kUserRolesId) &&
+        serverGlobalParams.featureCompatibility.isVersionInitialized() &&
         feature_flags::gFeatureFlagUserRoles.isEnabled(serverGlobalParams.featureCompatibility) &&
         enableAccessToUserRoles.load()) {
         variables.defineUserRoles(opCtx);
-- 
cgit v1.2.1