virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out) { ActionSet actions; actions.addAction(ActionType::convertToCapped); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); }
void WriteCmd::addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out) { ActionSet actions; actions.addAction(_action); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions)); }
virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { ActionSet actions; actions.addAction(ActionType::createIndex); Privilege p(parseResourcePattern(dbname, cmdObj), actions); if ( client->getAuthorizationSession()->isAuthorizedForPrivilege(p) ) return Status::OK(); return Status(ErrorCodes::Unauthorized, "Unauthorized"); }
Status FindCmd::checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { AuthorizationSession* authzSession = client->getAuthorizationSession(); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); if (authzSession->isAuthorizedForActionsOnResource(pattern, ActionType::find)) { return Status::OK(); } return Status(ErrorCodes::Unauthorized, "unauthorized"); }
virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out) { ActionSet sourceActions; sourceActions.addAction(ActionType::find); out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), sourceActions)); ActionSet targetActions; targetActions.addAction(ActionType::insert); targetActions.addAction(ActionType::createIndex); targetActions.addAction(ActionType::convertToCapped); std::string collection = cmdObj.getStringField("toCollection"); uassert(16708, "bad 'toCollection' value", !collection.empty()); out->push_back(Privilege(ResourcePattern::forExactNamespace( NamespaceString(dbname, collection)), targetActions)); }
virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out) { out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), ActionType::find)); }