SERVER-1105 Use ResourcePattern type when identifying the resource component of required privileges.

This patch has two principal components.  First, it changes the interface to Privilege and
AuthorizationSession to use ResourcePattern in place of std::string for identifying resources.
Second, it examines all call sites of the authorization session interface in commands and
other code to ensure that the correct resource requirements are conveyed to the authorization_session.

1 files changed, 4 insertions, 2 deletions

diff --git a/src/mongo/db/auth/user.h b/src/mongo/db/auth/user.h
index 9d5239d0a7b..2d6e895b500 100644
--- a/src/mongo/db/auth/user.h
+++ b/src/mongo/db/auth/user.h
@@ -15,10 +15,12 @@
 
 #pragma once
 
+#include <string>
 #include <vector>
 
 #include "mongo/base/disallow_copying.h"
 #include "mongo/db/auth/privilege.h"
+#include "mongo/db/auth/resource_pattern.h"
 #include "mongo/db/auth/role_name.h"
 #include "mongo/db/auth/user_name.h"
 #include "mongo/platform/atomic_word.h"
@@ -78,7 +80,7 @@ namespace mongo {
         /**
          * Gets the set of actions this user is allowed to perform on the given resource.
          */
-        const ActionSet getActionsForResource(const std::string& resource) const;
+        const ActionSet getActionsForResource(const ResourcePattern& resource) const;
 
         /**
          * Returns true if this copy of information about this user is still valid. If this returns
@@ -166,7 +168,7 @@ namespace mongo {
 
         UserName _name;
 
-        typedef unordered_map<std::string, Privilege> ResourcePrivilegeMap;
+        typedef unordered_map<ResourcePattern, Privilege> ResourcePrivilegeMap;
 
         // Maps resource name to privilege on that resource
         ResourcePrivilegeMap _privileges;