SERVER-11411 Give rolesInfo command the ability to list all roles defined for a given database.

This commit also introduces the "showPrivileges" option, which defaults to false, to rolesInfo to control whether or not privilege information is included in the result.
author: Spencer T Brody <spencer@10gen.com> 2013-11-08 18:02:05 -0500
committer: Spencer T Brody <spencer@10gen.com> 2013-11-13 19:01:57 -0500
commit: 4d5ba6b01fa2d38640ba5bc8bf5c99f305e619bf (patch)
tree: 4a2483cda1f7f8abf250bac9cda6c83d75613856 /src/mongo/db/auth/authz_manager_external_state_s.cpp
parent: 7688ccdf103191f89ed3c285889f9264dba48d8a (diff)
download: mongo-4d5ba6b01fa2d38640ba5bc8bf5c99f305e619bf.tar.gz
1 files changed, 32 insertions, 1 deletions
diff --git a/src/mongo/db/auth/authz_manager_external_state_s.cpp b/src/mongo/db/auth/authz_manager_external_state_s.cpp
index 450356c7aa8..926992a273d 100644
--- a/src/mongo/db/auth/authz_manager_external_state_s.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state_s.cpp
@@ -146,6 +146,7 @@ namespace mongo {
     }
 
     Status AuthzManagerExternalStateMongos::getRoleDescription(const RoleName& roleName,
+                                                               bool showPrivileges,
                                                                BSONObj* result) {
         try {
             scoped_ptr<ScopedDbConnection> conn(getConnectionForAuthzCollection(
@@ -157,7 +158,8 @@ namespace mongo {
                          BSON_ARRAY(BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME <<
                                          roleName.getRole() <<
                                          AuthorizationManager::ROLE_SOURCE_FIELD_NAME <<
-                                         roleName.getDB()))),
+                                         roleName.getDB())) <<
+                         "showPrivileges" << showPrivileges),
                     cmdResult);
             if (!cmdResult["ok"].trueValue()) {
                 int code = cmdResult["code"].numberInt();
@@ -172,6 +174,35 @@ namespace mongo {
         }
     }
 
+    Status AuthzManagerExternalStateMongos::getRoleDescriptionsForDB(const std::string dbname,
+                                                                     bool showPrivileges,
+                                                                     bool showBuiltinRoles,
+                                                                     vector<BSONObj>* result) {
+        try {
+            scoped_ptr<ScopedDbConnection> conn(getConnectionForAuthzCollection(
+                    AuthorizationManager::rolesCollectionNamespace));
+            BSONObj cmdResult;
+            conn->get()->runCommand(
+                    dbname,
+                    BSON("rolesInfo" << 1 <<
+                         "showPrivileges" << showPrivileges <<
+                         "showBuiltinRoles" << showBuiltinRoles),
+                    cmdResult);
+            if (!cmdResult["ok"].trueValue()) {
+                int code = cmdResult["code"].numberInt();
+                if (code == 0) code = ErrorCodes::UnknownError;
+                return Status(ErrorCodes::Error(code), cmdResult["errmsg"].str());
+            }
+            for (BSONObjIterator it(cmdResult["roles"].Obj()); it.more(); it.next()) {
+                result->push_back((*it).Obj().getOwned());
+            }
+            conn->done();
+            return Status::OK();
+        } catch (const DBException& e) {
+            return e.toStatus();
+        }
+    }
+
     Status AuthzManagerExternalStateMongos::findOne(
             const NamespaceString& collectionName,
             const BSONObj& query,
author	Spencer T Brody <spencer@10gen.com>	2013-11-08 18:02:05 -0500
committer	Spencer T Brody <spencer@10gen.com>	2013-11-13 19:01:57 -0500
commit	4d5ba6b01fa2d38640ba5bc8bf5c99f305e619bf (patch)
tree	4a2483cda1f7f8abf250bac9cda6c83d75613856 /src/mongo/db/auth/authz_manager_external_state_s.cpp
parent	7688ccdf103191f89ed3c285889f9264dba48d8a (diff)
download	mongo-4d5ba6b01fa2d38640ba5bc8bf5c99f305e619bf.tar.gz