summaryrefslogtreecommitdiff
path: root/src/mongo/db/auth/user.h
diff options
context:
space:
mode:
authorSpencer T Brody <spencer@10gen.com>2013-10-17 20:12:21 -0400
committerSpencer T Brody <spencer@10gen.com>2013-10-21 17:22:16 -0400
commit4e5bb06c7156a2a6e7bf878f3cf2c90a94771b2d (patch)
tree2fbf3eb990490d022c1ead9ac12540d514238fd9 /src/mongo/db/auth/user.h
parentb67de10c6307468636b91fddd5d67b066f86b526 (diff)
downloadmongo-4e5bb06c7156a2a6e7bf878f3cf2c90a94771b2d.tar.gz
SERVER-11260 Remove all code related to advanced role delegation
Diffstat (limited to 'src/mongo/db/auth/user.h')
-rw-r--r--src/mongo/db/auth/user.h33
1 files changed, 7 insertions, 26 deletions
diff --git a/src/mongo/db/auth/user.h b/src/mongo/db/auth/user.h
index 053e045fe1e..2964d373cc8 100644
--- a/src/mongo/db/auth/user.h
+++ b/src/mongo/db/auth/user.h
@@ -25,6 +25,7 @@
#include "mongo/db/auth/user_name.h"
#include "mongo/platform/atomic_word.h"
#include "mongo/platform/unordered_map.h"
+#include "mongo/platform/unordered_set.h"
namespace mongo {
@@ -50,17 +51,7 @@ namespace mongo {
bool isExternal;
};
- struct RoleData {
- RoleName name;
- bool hasRole;
- bool canDelegate;
- RoleData() : hasRole(false), canDelegate(false) {}
- RoleData(const RoleName& _name, bool _hasRole, bool _canDelegate) :
- name(_name), hasRole(_hasRole), canDelegate(_canDelegate) {}
- };
-
typedef unordered_map<ResourcePattern, Privilege> ResourcePrivilegeMap;
- typedef unordered_map<RoleName, RoleData> RoleDataMap;
explicit User(const UserName& name);
~User();
@@ -71,9 +62,9 @@ namespace mongo {
const UserName& getName() const;
/**
- * Returns a reference to the information about the users' role membership.
+ * Returns an iterator over the names of the user's direct roles
*/
- const RoleDataMap& getRoles() const;
+ RoleNameIterator getRoles() const;
/**
* Returns true if this user is a member of the given role.
@@ -122,9 +113,9 @@ namespace mongo {
void setCredentials(const CredentialData& credentials);
/**
- * Replaces any existing user role membership information with "roles".
+ * Replaces any existing user role membership information with the roles from "roles".
*/
- void setRoleData(const std::vector<RoleData>& roles);
+ void setRoles(RoleNameIterator roles);
/**
* Replaces any existing user privilege information with "privileges".
@@ -142,16 +133,6 @@ namespace mongo {
void addRoles(const std::vector<RoleName>& roles);
/**
- * Adds the given role name to the list of roles that this user is allowed to delegate.
- */
- void addDelegatableRole(const RoleName& role);
-
- /**
- * Adds the given role names to the list of roles that this user is allowed to delegate.
- */
- void addDelegatableRoles(const std::vector<RoleName>& roles);
-
- /**
* Adds the given privilege to the list of privileges this user is authorized for.
*/
void addPrivilege(const Privilege& privilege);
@@ -194,8 +175,8 @@ namespace mongo {
// Maps resource name to privilege on that resource
ResourcePrivilegeMap _privileges;
- // Roles the user has privileges from and/or can delegate
- RoleDataMap _roles;
+ // Roles the user has privileges from
+ unordered_set<RoleName> _roles;
CredentialData _credentials;
View Lorry Controller Status