diff options
author | Spencer T Brody <spencer@10gen.com> | 2013-11-08 18:02:05 -0500 |
---|---|---|
committer | Spencer T Brody <spencer@10gen.com> | 2013-11-13 19:01:57 -0500 |
commit | 4d5ba6b01fa2d38640ba5bc8bf5c99f305e619bf (patch) | |
tree | 4a2483cda1f7f8abf250bac9cda6c83d75613856 /src/mongo/db/auth/authz_manager_external_state_s.cpp | |
parent | 7688ccdf103191f89ed3c285889f9264dba48d8a (diff) | |
download | mongo-4d5ba6b01fa2d38640ba5bc8bf5c99f305e619bf.tar.gz |
SERVER-11411 Give rolesInfo command the ability to list all roles defined for a given database.
This commit also introduces the "showPrivileges" option, which defaults to false, to rolesInfo to
control whether or not privilege information is included in the result.
Diffstat (limited to 'src/mongo/db/auth/authz_manager_external_state_s.cpp')
-rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_s.cpp | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/src/mongo/db/auth/authz_manager_external_state_s.cpp b/src/mongo/db/auth/authz_manager_external_state_s.cpp index 450356c7aa8..926992a273d 100644 --- a/src/mongo/db/auth/authz_manager_external_state_s.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_s.cpp @@ -146,6 +146,7 @@ namespace mongo { } Status AuthzManagerExternalStateMongos::getRoleDescription(const RoleName& roleName, + bool showPrivileges, BSONObj* result) { try { scoped_ptr<ScopedDbConnection> conn(getConnectionForAuthzCollection( @@ -157,7 +158,8 @@ namespace mongo { BSON_ARRAY(BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME << roleName.getRole() << AuthorizationManager::ROLE_SOURCE_FIELD_NAME << - roleName.getDB()))), + roleName.getDB())) << + "showPrivileges" << showPrivileges), cmdResult); if (!cmdResult["ok"].trueValue()) { int code = cmdResult["code"].numberInt(); @@ -172,6 +174,35 @@ namespace mongo { } } + Status AuthzManagerExternalStateMongos::getRoleDescriptionsForDB(const std::string dbname, + bool showPrivileges, + bool showBuiltinRoles, + vector<BSONObj>* result) { + try { + scoped_ptr<ScopedDbConnection> conn(getConnectionForAuthzCollection( + AuthorizationManager::rolesCollectionNamespace)); + BSONObj cmdResult; + conn->get()->runCommand( + dbname, + BSON("rolesInfo" << 1 << + "showPrivileges" << showPrivileges << + "showBuiltinRoles" << showBuiltinRoles), + cmdResult); + if (!cmdResult["ok"].trueValue()) { + int code = cmdResult["code"].numberInt(); + if (code == 0) code = ErrorCodes::UnknownError; + return Status(ErrorCodes::Error(code), cmdResult["errmsg"].str()); + } + for (BSONObjIterator it(cmdResult["roles"].Obj()); it.more(); it.next()) { + result->push_back((*it).Obj().getOwned()); + } + conn->done(); + return Status::OK(); + } catch (const DBException& e) { + return e.toStatus(); + } + } + Status AuthzManagerExternalStateMongos::findOne( const NamespaceString& collectionName, const BSONObj& query, |