Description
Currently if you have renameCollectionSameDB on a database, you can rename any collection within that database. The problem is that you could potentially rename from a collection you don't have read access to to one that you do, which is potentially a security hole. We should only let renameCollectionSameDB work if you have read on source, or don't have read on dest.