diff options
author | Spencer T Brody <spencer@10gen.com> | 2013-10-17 20:12:21 -0400 |
---|---|---|
committer | Spencer T Brody <spencer@10gen.com> | 2013-10-21 17:22:16 -0400 |
commit | 4e5bb06c7156a2a6e7bf878f3cf2c90a94771b2d (patch) | |
tree | 2fbf3eb990490d022c1ead9ac12540d514238fd9 /src/mongo/db/auth/user.h | |
parent | b67de10c6307468636b91fddd5d67b066f86b526 (diff) | |
download | mongo-4e5bb06c7156a2a6e7bf878f3cf2c90a94771b2d.tar.gz |
SERVER-11260 Remove all code related to advanced role delegation
Diffstat (limited to 'src/mongo/db/auth/user.h')
-rw-r--r-- | src/mongo/db/auth/user.h | 33 |
1 files changed, 7 insertions, 26 deletions
diff --git a/src/mongo/db/auth/user.h b/src/mongo/db/auth/user.h index 053e045fe1e..2964d373cc8 100644 --- a/src/mongo/db/auth/user.h +++ b/src/mongo/db/auth/user.h @@ -25,6 +25,7 @@ #include "mongo/db/auth/user_name.h" #include "mongo/platform/atomic_word.h" #include "mongo/platform/unordered_map.h" +#include "mongo/platform/unordered_set.h" namespace mongo { @@ -50,17 +51,7 @@ namespace mongo { bool isExternal; }; - struct RoleData { - RoleName name; - bool hasRole; - bool canDelegate; - RoleData() : hasRole(false), canDelegate(false) {} - RoleData(const RoleName& _name, bool _hasRole, bool _canDelegate) : - name(_name), hasRole(_hasRole), canDelegate(_canDelegate) {} - }; - typedef unordered_map<ResourcePattern, Privilege> ResourcePrivilegeMap; - typedef unordered_map<RoleName, RoleData> RoleDataMap; explicit User(const UserName& name); ~User(); @@ -71,9 +62,9 @@ namespace mongo { const UserName& getName() const; /** - * Returns a reference to the information about the users' role membership. + * Returns an iterator over the names of the user's direct roles */ - const RoleDataMap& getRoles() const; + RoleNameIterator getRoles() const; /** * Returns true if this user is a member of the given role. @@ -122,9 +113,9 @@ namespace mongo { void setCredentials(const CredentialData& credentials); /** - * Replaces any existing user role membership information with "roles". + * Replaces any existing user role membership information with the roles from "roles". */ - void setRoleData(const std::vector<RoleData>& roles); + void setRoles(RoleNameIterator roles); /** * Replaces any existing user privilege information with "privileges". @@ -142,16 +133,6 @@ namespace mongo { void addRoles(const std::vector<RoleName>& roles); /** - * Adds the given role name to the list of roles that this user is allowed to delegate. - */ - void addDelegatableRole(const RoleName& role); - - /** - * Adds the given role names to the list of roles that this user is allowed to delegate. - */ - void addDelegatableRoles(const std::vector<RoleName>& roles); - - /** * Adds the given privilege to the list of privileges this user is authorized for. */ void addPrivilege(const Privilege& privilege); @@ -194,8 +175,8 @@ namespace mongo { // Maps resource name to privilege on that resource ResourcePrivilegeMap _privileges; - // Roles the user has privileges from and/or can delegate - RoleDataMap _roles; + // Roles the user has privileges from + unordered_set<RoleName> _roles; CredentialData _credentials; |