ImpersonationSessionGuard::ImpersonationSessionGuard(OperationContext* opCtx) : _opCtx(opCtx) {
auto authSession = AuthorizationSession::get(_opCtx->getClient());
const auto impersonatedUsersAndRoles = rpc::getImpersonatedUserMetadata(opCtx);
if (impersonatedUsersAndRoles) {
uassert(ErrorCodes::Unauthorized,
"Unauthorized use of impersonation metadata.",
authSession->isAuthorizedForPrivilege(
Privilege(ResourcePattern::forClusterResource(), ActionType::impersonate)));
fassert(ErrorCodes::InternalError, !authSession->isImpersonating());
authSession->setImpersonatedUserData(impersonatedUsersAndRoles->getUsers(),
impersonatedUsersAndRoles->getRoles());
_active = true;
return;
}
}
ImpersonationSessionGuard::ImpersonationSessionGuard(OperationContext* opCtx) : _opCtx(opCtx) {
auto authSession = AuthorizationSession::get(_opCtx->getClient());
const auto& impersonatedUsersAndRoles =
rpc::AuditMetadata::get(opCtx).getImpersonatedUsersAndRoles();
if (impersonatedUsersAndRoles != boost::none) {
uassert(ErrorCodes::Unauthorized,
"Unauthorized use of impersonation metadata.",
authSession->isAuthorizedForPrivilege(
Privilege(ResourcePattern::forClusterResource(), ActionType::impersonate)));
fassert(ErrorCodes::InternalError, !authSession->isImpersonating());
authSession->setImpersonatedUserData(std::get<0>(*impersonatedUsersAndRoles),
std::get<1>(*impersonatedUsersAndRoles));
_active = true;
}
}
