[SERVER-31864] applyOps command with UUID containing op must require granular privileges Created: 07/Nov/17 Updated: 30/Oct/23 Resolved: 04/Dec/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Internal Code |
| Affects Version/s: | None |
| Fix Version/s: | 3.6.1, 3.7.1 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Xiangyu Yao (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | bkp | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Backport Requested: |
v3.6
|
||||||||||||||||
| Sprint: | Storage 2017-12-04 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
After In order to allow non-restore users to apply operations to collections they control and are otherwise authorized to manipulate, the privilege checks on the applyOps command must made aware of how UUIDs can be used in ops, and which privileges are required to interact with them. |
| Comments |
| Comment by Githook User [ 07/Dec/17 ] |
|
Author: {'name': 'Xiangyu Yao', 'username': 'xy24', 'email': 'xiangyu.yao@mongodb.com'}Message: (cherry picked from commit ec36d4bb79be90b24d81f4dfc2718ea2625cfc75) |
| Comment by Githook User [ 04/Dec/17 ] |
|
Author: {'username': 'xy24', 'email': 'xiangyu.yao@mongodb.com', 'name': 'Xiangyu Yao'}Message: |