diff options
author | ADAM David Alan Martin <adam.martin@10gen.com> | 2018-05-16 16:12:36 -0400 |
---|---|---|
committer | ADAM David Alan Martin <adam.martin@10gen.com> | 2018-05-16 16:18:50 -0400 |
commit | 4db1a10f3068130ab7b925f40dba34449e9c6f8d (patch) | |
tree | 1ca409a39d995b786425e57f8b6577c898482e1a /src/mongo/db/auth/role_graph.cpp | |
parent | 0a4f7b1ebf173984883d6e018ae88350015dfeb3 (diff) | |
download | mongo-4db1a10f3068130ab7b925f40dba34449e9c6f8d.tar.gz |
SERVER-34963 Fix linking on dynamic community builds.
There were hidden transitive dependencies through `auth` into
other subsystems which were not detected through the normal content
integration pathway. This adds some necessary dependency edges in
order to fix building on those platforms.
It also removes a few transitional ignores and fixes some uses of
ambiguous stream operators. The `str::stream` object should not
directly be streamed.
Diffstat (limited to 'src/mongo/db/auth/role_graph.cpp')
-rw-r--r-- | src/mongo/db/auth/role_graph.cpp | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/src/mongo/db/auth/role_graph.cpp b/src/mongo/db/auth/role_graph.cpp index d9ec88e072a..5081f55677a 100644 --- a/src/mongo/db/auth/role_graph.cpp +++ b/src/mongo/db/auth/role_graph.cpp @@ -32,6 +32,8 @@ #include <set> #include <vector> +#include "mongo/bson/mutable/document.h" +#include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/privilege.h" #include "mongo/db/auth/role_name.h" #include "mongo/stdx/unordered_set.h" @@ -549,4 +551,46 @@ RoleNameIterator RoleGraph::getRolesForDatabase(const std::string& dbname) { return makeRoleNameIterator(lower, upper); } + +Status RoleGraph::getBSONForRole(RoleGraph* graph, + const RoleName& roleName, + mutablebson::Element result) try { + if (!graph->roleExists(roleName)) { + return Status(ErrorCodes::RoleNotFound, + mongoutils::str::stream() << roleName.getFullName() + << "does not name an existing role"); + } + std::string id = mongoutils::str::stream() << roleName.getDB() << "." << roleName.getRole(); + uassertStatusOK(result.appendString("_id", id)); + uassertStatusOK( + result.appendString(AuthorizationManager::ROLE_NAME_FIELD_NAME, roleName.getRole())); + uassertStatusOK( + result.appendString(AuthorizationManager::ROLE_DB_FIELD_NAME, roleName.getDB())); + + // Build privileges array + mutablebson::Element privilegesArrayElement = + result.getDocument().makeElementArray("privileges"); + uassertStatusOK(result.pushBack(privilegesArrayElement)); + const PrivilegeVector& privileges = graph->getDirectPrivileges(roleName); + uassertStatusOK(Privilege::getBSONForPrivileges(privileges, privilegesArrayElement)); + + // Build roles array + mutablebson::Element rolesArrayElement = result.getDocument().makeElementArray("roles"); + uassertStatusOK(result.pushBack(rolesArrayElement)); + for (RoleNameIterator roles = graph->getDirectSubordinates(roleName); roles.more(); + roles.next()) { + const RoleName& subRole = roles.get(); + mutablebson::Element roleObj = result.getDocument().makeElementObject(""); + uassertStatusOK( + roleObj.appendString(AuthorizationManager::ROLE_NAME_FIELD_NAME, subRole.getRole())); + uassertStatusOK( + roleObj.appendString(AuthorizationManager::ROLE_DB_FIELD_NAME, subRole.getDB())); + uassertStatusOK(rolesArrayElement.pushBack(roleObj)); + } + + return Status::OK(); +} catch (...) { + return exceptionToStatus(); +} + } // namespace mongo |