diff options
author | Spencer Jackson <spencer.jackson@mongodb.com> | 2016-08-10 14:39:34 -0400 |
---|---|---|
committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2016-08-10 14:39:34 -0400 |
commit | f6bb7b0a3bff0495db6be1e04ff72d95862cbb6f (patch) | |
tree | f8b9cc8250552dc7d2602451c7f84e64ba84d25e /src/mongo/db/auth/authz_manager_external_state.h | |
parent | df2dacb8a92ac0a5f42b7e40a848c8074940ef2d (diff) | |
download | mongo-f6bb7b0a3bff0495db6be1e04ff72d95862cbb6f.tar.gz |
Revert "SERVER-22826 Support X509 Authorization"
This reverts commit d930f4832631eca7092ada4328d780f2b8d19d31.
Diffstat (limited to 'src/mongo/db/auth/authz_manager_external_state.h')
-rw-r--r-- | src/mongo/db/auth/authz_manager_external_state.h | 75 |
1 files changed, 23 insertions, 52 deletions
diff --git a/src/mongo/db/auth/authz_manager_external_state.h b/src/mongo/db/auth/authz_manager_external_state.h index f3d2cc721c6..78aac5ea832 100644 --- a/src/mongo/db/auth/authz_manager_external_state.h +++ b/src/mongo/db/auth/authz_manager_external_state.h @@ -34,9 +34,7 @@ #include "mongo/base/disallow_copying.h" #include "mongo/base/status.h" -#include "mongo/db/auth/privilege_format.h" #include "mongo/db/auth/role_name.h" -#include "mongo/db/auth/user.h" #include "mongo/db/auth/user_name.h" #include "mongo/db/jsobj.h" #include "mongo/stdx/functional.h" @@ -82,12 +80,11 @@ public: /** * Writes into "result" a document describing the named user and returns Status::OK(). The - * description includes the user credentials and customData, if present, the user's role - * membership and delegation information, a full list of the user's privileges, and a full - * list of the user's roles, including those roles held implicitly through other roles - * (indirect roles). In the event that some of this information is inconsistent, the - * document will contain a "warnings" array, with std::string messages describing - * inconsistencies. + * description includes the user credentials, if present, the user's role membership and + * delegation information, a full list of the user's privileges, and a full list of the + * user's roles, including those roles held implicitly through other roles (indirect roles). + * In the event that some of this information is inconsistent, the document will contain a + * "warnings" array, with std::string messages describing inconsistencies. * * If the user does not exist, returns ErrorCodes::UserNotFound. */ @@ -96,57 +93,37 @@ public: BSONObj* result) = 0; /** - * Writes into "result" a document describing the named role and returns Status::OK(). If - * showPrivileges is kOmit or kShowPrivileges, the description includes the roles which the - * named role is a member of, including those memberships held implicitly through other roles - * (indirect roles). If "showPrivileges" is kShowPrivileges, then the description documents - * will also include a full list of the role's privileges. If "showPrivileges" is - * kShowAsUserFragment, then the description returned will take the form of a partial user - * document, describing a hypothetical user which possesses the provided and implicit roles, - * and all inherited privileges. In the event that some of this information is inconsistent, - * the document will contain a "warnings" array, with std::string messages describing - * inconsistencies. + * Writes into "result" a document describing the named role and returns Status::OK(). The + * description includes the roles in which the named role has membership and a full list of + * the roles of which the named role is a member, including those roles memberships held + * implicitly through other roles (indirect roles). If "showPrivileges" is true, then the + * description documents will also include a full list of the role's privileges. + * In the event that some of this information is inconsistent, the document will contain a + * "warnings" array, with std::string messages describing inconsistencies. * * If the role does not exist, returns ErrorCodes::RoleNotFound. */ virtual Status getRoleDescription(OperationContext* txn, const RoleName& roleName, - PrivilegeFormat showPrivileges, + bool showPrivileges, BSONObj* result) = 0; /** - * Writes into "result" a document describing the named role is and returns Status::OK(). If - * showPrivileges is kOmit or kShowPrivileges, the description includes the roles which the - * named roles are a member of, including those memberships held implicitly through other roles - * (indirect roles). If "showPrivileges" is kShowPrivileges, then the description documents - * will also include a full list of the roles' privileges. If "showPrivileges" is - * kShowAsUserFragment, then the description returned will take the form of a partial user - * document, describing a hypothetical user which possesses the provided and implicit roles, - * and all inherited privileges. In the event that some of this information is inconsistent, + * Writes into "result" documents describing the roles that are defined on the given + * database. Each role description document includes the other roles in which the role has + * membership and a full list of the roles of which the named role is a member, + * including those roles memberships held implicitly through other roles (indirect roles). + * If showPrivileges is true, then the description documents will also include a full list + * of the role's privileges. If showBuiltinRoles is true, then the result array will + * contain description documents for all the builtin roles for the given database, if it + * is false the result will just include user defined roles. + * In the event that some of the information in a given role description is inconsistent, * the document will contain a "warnings" array, with std::string messages describing * inconsistencies. */ - - virtual Status getRolesDescription(OperationContext* txn, - const std::vector<RoleName>& roles, - PrivilegeFormat showPrivileges, - BSONObj* result) = 0; - - /** - * Writes into "result" documents describing the roles that are defined on the given - * database. If showPrivileges is kOmit or kShowPrivileges, then a vector of BSON documents are - * returned, where each document includes the other roles a particular role is a - * member of, including those role memberships held implicitly through other roles - * (indirect roles). If showPrivileges is kShowPrivileges, then the description documents - * will also include a full list of the roles' privileges. If showBuiltinRoles is true, then - * the result array will contain description documents for all the builtin roles for the given - * database, if it is false the result will just include user defined roles. In the event that - * some of the information in a given role description is inconsistent, the document will - * contain a "warnings" array, with std::string messages describing inconsistencies. - */ virtual Status getRoleDescriptionsForDB(OperationContext* txn, const std::string dbname, - PrivilegeFormat showPrivileges, + bool showPrivileges, bool showBuiltinRoles, std::vector<BSONObj>* result) = 0; @@ -164,12 +141,6 @@ public: protected: AuthzManagerExternalState(); // This class should never be instantiated directly. - - /** - * Returns true if roles for this user were provided by the client, and can be obtained from - * the connection. - */ - bool shouldUseRolesFromConnection(OperationContext* txn, const UserName& username); }; } // namespace mongo |