diff options
| author | Spencer Jackson <spencer.jackson@mongodb.com> | 2018-04-09 21:13:08 -0400 |
|---|---|---|
| committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2018-04-13 11:11:32 -0400 |
| commit | 0f0caff9af9abc11004853477a34072b5aa8a017 (patch) | |
| tree | e99d4ff84dea4463cbee8f9d8bef05256689495e /src/mongo/db/auth | |
| parent | 4f0c2f4047bdafe7a5d952a9671bf436a763c4d5 (diff) | |
| download | mongo-0f0caff9af9abc11004853477a34072b5aa8a017.tar.gz | |
SERVER-34401: Add support for {forAllDBs: true} to usersInfo
Diffstat (limited to 'src/mongo/db/auth')
| -rw-r--r-- | src/mongo/db/auth/role_graph_builtin_roles.cpp | 2 | ||||
| -rw-r--r-- | src/mongo/db/auth/user_management_commands_parser.cpp | 7 | ||||
| -rw-r--r-- | src/mongo/db/auth/user_management_commands_parser.h | 4 |
3 files changed, 11 insertions, 2 deletions
diff --git a/src/mongo/db/auth/role_graph_builtin_roles.cpp b/src/mongo/db/auth/role_graph_builtin_roles.cpp index 551b42118c4..79be5b05108 100644 --- a/src/mongo/db/auth/role_graph_builtin_roles.cpp +++ b/src/mongo/db/auth/role_graph_builtin_roles.cpp @@ -364,6 +364,8 @@ void addUserAdminAnyDbPrivileges(PrivilegeVector* privileges) { Privilege::addPrivilegeToPrivilegeVector( privileges, Privilege(ResourcePattern::forClusterResource(), ActionType::invalidateUserCache)); + Privilege::addPrivilegeToPrivilegeVector( + privileges, Privilege(ResourcePattern::forClusterResource(), ActionType::viewUser)); ActionSet readRoleAndIndexActions; diff --git a/src/mongo/db/auth/user_management_commands_parser.cpp b/src/mongo/db/auth/user_management_commands_parser.cpp index 3785dea3cf8..f6017699738 100644 --- a/src/mongo/db/auth/user_management_commands_parser.cpp +++ b/src/mongo/db/auth/user_management_commands_parser.cpp @@ -342,8 +342,12 @@ Status parseUsersInfoCommand(const BSONObj& cmdObj, StringData dbname, UsersInfo } if (cmdObj["usersInfo"].numberInt() == 1) { - parsedArgs->allForDB = true; + parsedArgs->target = UsersInfoArgs::Target::kDB; + } else if (cmdObj["usersInfo"].type() == Object && + cmdObj["usersInfo"].Obj().getBoolField("forAllDBs")) { + parsedArgs->target = UsersInfoArgs::Target::kGlobal; } else if (cmdObj["usersInfo"].type() == Array) { + parsedArgs->target = UsersInfoArgs::Target::kExplicitUsers; status = parseUserNamesFromBSONArray( BSONArray(cmdObj["usersInfo"].Obj()), dbname, &parsedArgs->userNames); if (!status.isOK()) { @@ -351,6 +355,7 @@ Status parseUsersInfoCommand(const BSONObj& cmdObj, StringData dbname, UsersInfo } std::sort(parsedArgs->userNames.begin(), parsedArgs->userNames.end()); } else { + parsedArgs->target = UsersInfoArgs::Target::kExplicitUsers; UserName name; status = _parseNameFromBSONElement(cmdObj["usersInfo"], dbname, diff --git a/src/mongo/db/auth/user_management_commands_parser.h b/src/mongo/db/auth/user_management_commands_parser.h index 535c7257f9b..d58b13b7039 100644 --- a/src/mongo/db/auth/user_management_commands_parser.h +++ b/src/mongo/db/auth/user_management_commands_parser.h @@ -103,8 +103,10 @@ Status parseAndValidateDropAllUsersFromDatabaseCommand(const BSONObj& cmdObj, const std::string& dbname); struct UsersInfoArgs { + enum class Target { kExplicitUsers, kDB, kGlobal }; + std::vector<UserName> userNames; - bool allForDB = false; + Target target; bool showPrivileges = false; AuthenticationRestrictionsFormat authenticationRestrictionsFormat = AuthenticationRestrictionsFormat::kOmit; |