Status AuthorizationManager::checkAuthForUpdate(const std::string& ns, bool upsert) {
     NamespaceString namespaceString(ns);
     if (namespaceString.coll == "system.users") {
         if (!checkAuthorization(ns, ActionType::userAdmin)) {
             return Status(ErrorCodes::Unauthorized,
                           mongoutils::str::stream() <<
                                   "not authorized to update user information for database " <<
                                   namespaceString.db,
                           0);
         }
     }
     else {
         if (!checkAuthorization(ns, ActionType::update)) {
             return Status(ErrorCodes::Unauthorized,
                           mongoutils::str::stream() << "not authorized for update on " << ns,
                           0);
         }
         if (upsert && !checkAuthorization(ns, ActionType::insert)) {
             return Status(ErrorCodes::Unauthorized,
                           mongoutils::str::stream() << "not authorized for upsert on " << ns,
                           0);
         }
     }
     return Status::OK();
 }
 Status AuthorizationManager::checkAuthForQuery(const std::string& ns) {
     NamespaceString namespaceString(ns);
     verify(!namespaceString.isCommand());
     if (namespaceString.coll == "system.users") {
         if (!checkAuthorization(ns, ActionType::userAdmin)) {
             return Status(ErrorCodes::Unauthorized,
                           mongoutils::str::stream() <<
                                   "unauthorized to read user information for database " <<
                                   namespaceString.db,
                           0);
         }
     }
     else if (namespaceString.coll == "system.profile") {
         if (!checkAuthorization(ns, ActionType::profileRead)) {
             return Status(ErrorCodes::Unauthorized,
                           mongoutils::str::stream() << "unauthorized to read " <<
                                   namespaceString.db << ".system.profile",
                           0);
         }
     }
     else {
         if (!checkAuthorization(ns, ActionType::find)) {
             return Status(ErrorCodes::Unauthorized,
                           mongoutils::str::stream() << "unauthorized for query on " << ns,
                           0);
         }
     }
     return Status::OK();
 }
 Status AuthorizationSession::checkAuthForDelete(const std::string& ns, const BSONObj& query) {
     NamespaceString namespaceString(ns);
     if (!checkAuthorization(ns, ActionType::remove)) {
         return Status(ErrorCodes::Unauthorized,
                       mongoutils::str::stream() << "not authorized to remove from " << ns,
                       0);
     }
     return Status::OK();
 }
 Status AuthorizationManager::checkAuthForInsert(const std::string& ns) {
     NamespaceString namespaceString(ns);
     if (!checkAuthorization(ns, ActionType::insert)) {
         return Status(ErrorCodes::Unauthorized,
                       mongoutils::str::stream() << "not authorized for insert on " << ns,
                       0);
     }
     return Status::OK();
 }
 Status AuthorizationSession::checkAuthForQuery(const std::string& ns, const BSONObj& query) {
     NamespaceString namespaceString(ns);
     verify(!namespaceString.isCommand());
     if (!checkAuthorization(ns, ActionType::find)) {
         return Status(ErrorCodes::Unauthorized,
                       mongoutils::str::stream() << "not authorized for query on " << ns,
                       0);
     }
     return Status::OK();
 }
 Status AuthorizationManager::checkAuthForDelete(const std::string& ns) {
     NamespaceString namespaceString(ns);
     if (namespaceString.coll == "system.users") {
         if (!checkAuthorization(ns, ActionType::userAdmin)) {
             return Status(ErrorCodes::Unauthorized,
                           mongoutils::str::stream() <<
                                   "not authorized to remove user from database " <<
                                   namespaceString.db,
                           0);
         }
     }
     else {
         if (!checkAuthorization(ns, ActionType::remove)) {
             return Status(ErrorCodes::Unauthorized,
                           mongoutils::str::stream() << "not authorized to remove from " << ns,
                           0);
         }
     }
     return Status::OK();
 }
 Status AuthorizationManager::checkAuthForInsert(const std::string& ns) {
     NamespaceString namespaceString(ns);
     if (namespaceString.coll == "system.users") {
         if (!checkAuthorization(ns, ActionType::userAdmin)) {
             return Status(ErrorCodes::Unauthorized,
                           mongoutils::str::stream() <<
                                   "unauthorized to create user for database " <<
                                   namespaceString.db,
                           0);
         }
     }
     else {
         if (!checkAuthorization(ns, ActionType::insert)) {
             return Status(ErrorCodes::Unauthorized,
                           mongoutils::str::stream() << "unauthorized for insert on " << ns,
                           0);
         }
     }
     return Status::OK();
 }
    Status AuthorizationSession::checkAuthForInsert(const std::string& ns,
                                                    const BSONObj& document) {
        NamespaceString namespaceString(ns);
        if (namespaceString.coll() == StringData("system.indexes", StringData::LiteralTag())) {
            std::string indexNS = document["ns"].String();
            if (!checkAuthorization(indexNS, ActionType::ensureIndex)) {
                return Status(ErrorCodes::Unauthorized,
                              mongoutils::str::stream() << "not authorized to create index on " <<
                                      indexNS,
                              0);
            }
        } else {
            if (!checkAuthorization(ns, ActionType::insert)) {
                return Status(ErrorCodes::Unauthorized,
                              mongoutils::str::stream() << "not authorized for insert on " << ns,
                              0);
            }
        }

        return Status::OK();
    }
 Status AuthorizationManager::checkAuthForUpdate(const std::string& ns, bool upsert) {
     NamespaceString namespaceString(ns);
     if (!upsert) {
         if (!checkAuthorization(ns, ActionType::update)) {
             return Status(ErrorCodes::Unauthorized,
                           mongoutils::str::stream() << "not authorized for update on " << ns,
                           0);
         }
     }
     else {
         ActionSet required;
         required.addAction(ActionType::update);
         required.addAction(ActionType::insert);
         if (!checkAuthorization(ns, required)) {
             return Status(ErrorCodes::Unauthorized,
                           mongoutils::str::stream() << "not authorized for upsert on " << ns,
                           0);
         }
     }
     return Status::OK();
 }