[SERVER-85033] Investigate the M/R output authz situation Created: 12/Feb/20  Updated: 12/Jan/24  Resolved: 21/Feb/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Jacob Evans Assignee: Jacob Evans
Resolution: Done Votes: 0
Labels: qopt-team
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Sprint: Query 2020-02-24
Participants:

 Description   

M/R checked permissions on both the input and output collections in a way that differs from the way we check them for agg in general and $out. We should look into the details and make sure our current methodology is correct and that it works across databases.



 Comments   
Comment by Jacob Evans [ 21/Feb/20 ]

Users authenticate against a single database but may have permissions against multiple databases. This is sufficient to provide an easy mechanism for cross-database writes. Also, although the behavior is some a connection may have more than one user. The $merge implementation of permission-checking handles both by checking all current users. We can reuse this implementation for $out and handle all cases.

Generated at Thu Feb 08 06:56:38 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.