diff options
| author | Andy Schwerin <schwerin@10gen.com> | 2013-10-05 18:38:57 -0400 |
|---|---|---|
| committer | Andy Schwerin <schwerin@10gen.com> | 2013-10-06 13:56:53 -0400 |
| commit | 11be81456ec4c24aa19cdf475fe9e7e79abe2066 (patch) | |
| tree | c1eb32e3eb234501d2d6cdf82ae62ecc9d4cd4fb /src/mongo/db/auth/role_graph.h | |
| parent | 1fde4728583e1ca5f6432b2ba517a90e7b1d8e17 (diff) | |
| download | mongo-11be81456ec4c24aa19cdf475fe9e7e79abe2066.tar.gz | |
SERVER-10670 Add RoleGraph::replaceRole method.
Diffstat (limited to 'src/mongo/db/auth/role_graph.h')
| -rw-r--r-- | src/mongo/db/auth/role_graph.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/mongo/db/auth/role_graph.h b/src/mongo/db/auth/role_graph.h index afc27992d14..1be802ce79d 100644 --- a/src/mongo/db/auth/role_graph.h +++ b/src/mongo/db/auth/role_graph.h @@ -209,6 +209,19 @@ namespace mongo { Status removeAllPrivilegesFromRole(const RoleName& role); /** + * Updates the RoleGraph by adding the role named "roleName", with the given role + * memberships and privileges. If the name "roleName" already exists, it is replaced. Any + * subordinate roles mentioned in role.roles are created, if needed, with empty privilege + * and subordinate role lists. + * + * Should _only_ fail if the role to replace is a builtin role, in which + * case it will return ErrorCodes::InvalidRoleModification. + */ + Status replaceRole(const RoleName& roleName, + const std::vector<RoleName>& roles, + const PrivilegeVector& privileges); + + /** * Recomputes the indirect (getAllPrivileges) data for this graph. * * Must be called between calls to any of the mutation functions and calls |