SERVER-10670 Add RoleGraph::replaceRole method.

1 files changed, 21 insertions, 0 deletions

diff --git a/src/mongo/db/auth/role_graph.cpp b/src/mongo/db/auth/role_graph.cpp
index 705140fb019..8937874ca1d 100644
--- a/src/mongo/db/auth/role_graph.cpp
+++ b/src/mongo/db/auth/role_graph.cpp
@@ -395,6 +395,27 @@ namespace {
         return Status::OK();
     }
 
+    Status RoleGraph::replaceRole(const RoleName& roleName,
+                                  const std::vector<RoleName>& roles,
+                                  const PrivilegeVector& privileges) {
+        Status status = removeAllPrivilegesFromRole(roleName);
+        if (status == ErrorCodes::RoleNotFound) {
+            fassert(17168, createRole(roleName));
+        }
+        else if (!status.isOK()) {
+            return status;
+        }
+        fassert(17169, removeAllRolesFromRole(roleName));
+        for (size_t i = 0; i < roles.size(); ++i) {
+            const RoleName& grantedRole = roles[i];
+            status = createRole(grantedRole);
+            fassert(17170, status.isOK() || status == ErrorCodes::DuplicateKey);
+            fassert(17171, addRoleToRole(roleName, grantedRole));
+        }
+        fassert(17172, addPrivilegesToRole(roleName, privileges));
+        return Status::OK();
+    }
+
     Status RoleGraph::recomputePrivilegeData() {
         /*
          * This method is used to recompute the "allPrivileges" vector for each node in the graph,