Revert "SERVER-91165: Investigate missing authorization check for _is…

…… (#23576) GitOrigin-RevId: a5b4fadb08450a8f55818ce0bf900288e8356636
lakamson · Jun 17, 2024 · fa7e48c · fa7e48c
1 parent 2867d18
commit fa7e48c
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 22 deletions.
diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js
@@ -5193,17 +5193,6 @@ export const authCommandsLib = {
               },
           ]
         },
-        {
-          testname: "_isSelf",
-          command: {_isSelf: 1},
-          testcases: [
-            {
-              runOnDb: adminDbName,
-              roles: {__system: 1},
-              privileges: [{resource: {cluster: true}, actions: ["internal"]}],
-            },
-          ]
-        },
         {
           testname: "insert",
           command: {insert: "foo", documents: [{data: 5}]},

diff --git a/src/mongo/db/commands/isself.cpp b/src/mongo/db/commands/isself.cpp
@@ -37,9 +37,6 @@
 #include "mongo/bson/bsonobj.h"
 #include "mongo/bson/bsonobjbuilder.h"
 #include "mongo/db/admission/execution_admission_context.h"
-#include "mongo/db/auth/action_type.h"
-#include "mongo/db/auth/authorization_session.h"
-#include "mongo/db/auth/resource_pattern.h"
 #include "mongo/db/commands.h"
 #include "mongo/db/database_name.h"
 #include "mongo/db/operation_context.h"
@@ -72,15 +69,13 @@ class IsSelfCommand : public BasicCommand {
         return "{ _isSelf : 1 } INTERNAL ONLY";
     }
 
-    Status checkAuthForOperation(OperationContext* opCtx,
-                                 const DatabaseName& dbName,
-                                 const BSONObj&) const override {
-        AuthorizationSession* authzSession = AuthorizationSession::get(opCtx->getClient());
-        if (!authzSession->isAuthorizedForActionsOnResource(
-                ResourcePattern::forClusterResource(dbName.tenantId()), ActionType::internal)) {
-            return {ErrorCodes::Unauthorized, "unauthorized for _isSelf command"};
-        }
+    bool requiresAuth() const override {
+        return false;
+    }
 
+    Status checkAuthForOperation(OperationContext*,
+                                 const DatabaseName&,
+                                 const BSONObj&) const override {
         return Status::OK();
     }