SERVER-1105 Update AuthorizationSession's logic for collection-level access control.

Also requires changing the privileges of the built-in roles.  This patch takes the opportunity to remove the 2.2-style read-only roles in favor of the 2.4-style "read" and "readAnyDatabase" roles, and renames the 2.2-style read-write roles "dbOwner" and "root".  The "root" name, at least, is subject to change prior to the next unstable release.

Test harnesses are updated as needed to use the correct builtin roles.

1 files changed, 12 insertions, 0 deletions

diff --git a/src/mongo/db/auth/privilege.cpp b/src/mongo/db/auth/privilege.cpp
index 89261791f98..a1d0dab7bfe 100644
--- a/src/mongo/db/auth/privilege.cpp
+++ b/src/mongo/db/auth/privilege.cpp
@@ -20,6 +20,18 @@
 
 namespace mongo {
 
+    void Privilege::addPrivilegeToPrivilegeVector(PrivilegeVector* privileges,
+                                                  const Privilege& privilegeToAdd) {
+        for (PrivilegeVector::iterator it = privileges->begin(); it != privileges->end(); ++it) {
+            if (it->getResourcePattern() == privilegeToAdd.getResourcePattern()) {
+                it->addActions(privilegeToAdd.getActions());
+                return;
+            }
+        }
+        // No privilege exists yet for this resource
+        privileges->push_back(privilegeToAdd);
+    }
+
     Privilege::Privilege(const ResourcePattern& resource, const ActionType& action) :
         _resource(resource) {