diff options
author | Spencer Jackson <spencer.jackson@mongodb.com> | 2016-08-10 14:39:34 -0400 |
---|---|---|
committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2016-08-10 14:39:34 -0400 |
commit | f6bb7b0a3bff0495db6be1e04ff72d95862cbb6f (patch) | |
tree | f8b9cc8250552dc7d2602451c7f84e64ba84d25e /src/mongo/db/auth/authorization_manager.h | |
parent | df2dacb8a92ac0a5f42b7e40a848c8074940ef2d (diff) | |
download | mongo-f6bb7b0a3bff0495db6be1e04ff72d95862cbb6f.tar.gz |
Revert "SERVER-22826 Support X509 Authorization"
This reverts commit d930f4832631eca7092ada4328d780f2b8d19d31.
Diffstat (limited to 'src/mongo/db/auth/authorization_manager.h')
-rw-r--r-- | src/mongo/db/auth/authorization_manager.h | 45 |
1 files changed, 31 insertions, 14 deletions
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h index b12abccad40..43b1741841b 100644 --- a/src/mongo/db/auth/authorization_manager.h +++ b/src/mongo/db/auth/authorization_manager.h @@ -36,7 +36,6 @@ #include "mongo/bson/mutable/element.h" #include "mongo/bson/oid.h" #include "mongo/db/auth/action_set.h" -#include "mongo/db/auth/privilege_format.h" #include "mongo/db/auth/resource_pattern.h" #include "mongo/db/auth/role_graph.h" #include "mongo/db/auth/user.h" @@ -220,32 +219,50 @@ public: ActionSet getActionsForOldStyleUser(const std::string& dbname, bool readOnly) const; /** - * Delegates method call to the underlying AuthzManagerExternalState. + * Writes into "result" a document describing the named user and returns Status::OK(). The + * description includes the user credentials and customData, if present, the user's role + * membership and delegation information, a full list of the user's privileges, and a full + * list of the user's roles, including those roles held implicitly through other roles + * (indirect roles). In the event that some of this information is inconsistent, the + * document will contain a "warnings" array, with std::string messages describing + * inconsistencies. + * + * If the user does not exist, returns ErrorCodes::UserNotFound. */ Status getUserDescription(OperationContext* txn, const UserName& userName, BSONObj* result); /** - * Delegates method call to the underlying AuthzManagerExternalState. + * Writes into "result" a document describing the named role and returns Status::OK(). The + * description includes the roles in which the named role has membership and a full list of + * the roles of which the named role is a member, including those roles memberships held + * implicitly through other roles (indirect roles). If "showPrivileges" is true, then the + * description documents will also include a full list of the role's privileges. + * In the event that some of this information is inconsistent, the document will contain a + * "warnings" array, with std::string messages describing inconsistencies. + * + * If the role does not exist, returns ErrorCodes::RoleNotFound. */ Status getRoleDescription(OperationContext* txn, const RoleName& roleName, - PrivilegeFormat privilegeFormat, + bool showPrivileges, BSONObj* result); /** - * Delegates method call to the underlying AuthzManagerExternalState. - */ - Status getRolesDescription(OperationContext* txn, - const std::vector<RoleName>& roleName, - PrivilegeFormat privilegeFormat, - BSONObj* result); - - /** - * Delegates method call to the underlying AuthzManagerExternalState. + * Writes into "result" documents describing the roles that are defined on the given + * database. Each role description document includes the other roles in which the role has + * membership and a full list of the roles of which the named role is a member, + * including those roles memberships held implicitly through other roles (indirect roles). + * If showPrivileges is true, then the description documents will also include a full list + * of the role's privileges. If showBuiltinRoles is true, then the result array will + * contain description documents for all the builtin roles for the given database, if it + * is false the result will just include user defined roles. + * In the event that some of the information in a given role description is inconsistent, + * the document will contain a "warnings" array, with std::string messages describing + * inconsistencies. */ Status getRoleDescriptionsForDB(OperationContext* txn, const std::string dbname, - PrivilegeFormat privilegeFormat, + bool showPrivileges, bool showBuiltinRoles, std::vector<BSONObj>* result); |