diff options
author | Spencer T Brody <spencer@10gen.com> | 2013-09-06 14:12:13 -0400 |
---|---|---|
committer | Spencer T Brody <spencer@10gen.com> | 2013-09-09 11:43:45 -0400 |
commit | eb46cc62a0d6e08e2cabc0862490d76f2833e8b1 (patch) | |
tree | 780c981e5ec88f919775bc8d3225c58fc820b503 /src/mongo/db/auth/user.h | |
parent | 667648a2d9e97ca0ecf995e89eba75fd3e70a08c (diff) | |
download | mongo-eb46cc62a0d6e08e2cabc0862490d76f2833e8b1.tar.gz |
SERVER-9518 Store delegatable roles list in User object in memory
Diffstat (limited to 'src/mongo/db/auth/user.h')
-rw-r--r-- | src/mongo/db/auth/user.h | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/src/mongo/db/auth/user.h b/src/mongo/db/auth/user.h index 0e164797d33..f2d3cfbb385 100644 --- a/src/mongo/db/auth/user.h +++ b/src/mongo/db/auth/user.h @@ -63,6 +63,16 @@ namespace mongo { const RoleNameIterator getRoles() const; /** + * Returns an iterator that can be used to get the list of roles this user can delegate. + */ + const RoleNameIterator getDelegatableRoles() const; + + /** + * Returns whether or not this user is allowed to delegate the given role. + */ + bool canDelegateRole(const RoleName& role) const; + + /** * Returns the CredentialData for this user. */ const CredentialData& getCredentials() const; @@ -109,6 +119,16 @@ namespace mongo { void addRoles(const std::vector<RoleName>& roles); /** + * Adds the given role name to the list of roles that this user is allowed to delegate. + */ + void addDelegatableRole(const RoleName& role); + + /** + * Adds the given role names to the list of roles that this user is allowed to delegate. + */ + void addDelegatableRoles(const std::vector<RoleName>& roles); + + /** * Adds the given privilege to the list of privileges this user is authorized for. */ void addPrivilege(const Privilege& privilege); @@ -153,7 +173,8 @@ namespace mongo { // Maps resource name to privilege on that resource ResourcePrivilegeMap _privileges; - unordered_set<RoleName> _roles; + unordered_set<RoleName> _roles; // Roles the user actually has privileges from + unordered_set<RoleName> _delegatableRoles; // Roles the user is allowed to delegate CredentialData _credentials; |