ImpersonationSessionGuard::ImpersonationSessionGuard(OperationContext* opCtx) : _opCtx(opCtx) { auto authSession = AuthorizationSession::get(_opCtx->getClient()); const auto impersonatedUsersAndRoles = rpc::getImpersonatedUserMetadata(opCtx); if (impersonatedUsersAndRoles) { uassert(ErrorCodes::Unauthorized, "Unauthorized use of impersonation metadata.", authSession->isAuthorizedForPrivilege( Privilege(ResourcePattern::forClusterResource(), ActionType::impersonate))); fassert(ErrorCodes::InternalError, !authSession->isImpersonating()); authSession->setImpersonatedUserData(impersonatedUsersAndRoles->getUsers(), impersonatedUsersAndRoles->getRoles()); _active = true; return; } }
ImpersonationSessionGuard::ImpersonationSessionGuard(OperationContext* opCtx) : _opCtx(opCtx) { auto authSession = AuthorizationSession::get(_opCtx->getClient()); const auto& impersonatedUsersAndRoles = rpc::AuditMetadata::get(opCtx).getImpersonatedUsersAndRoles(); if (impersonatedUsersAndRoles != boost::none) { uassert(ErrorCodes::Unauthorized, "Unauthorized use of impersonation metadata.", authSession->isAuthorizedForPrivilege( Privilege(ResourcePattern::forClusterResource(), ActionType::impersonate))); fassert(ErrorCodes::InternalError, !authSession->isImpersonating()); authSession->setImpersonatedUserData(std::get<0>(*impersonatedUsersAndRoles), std::get<1>(*impersonatedUsersAndRoles)); _active = true; } }