diff options
Diffstat (limited to 'src/mongo/db/auth/authorization_manager.cpp')
-rw-r--r-- | src/mongo/db/auth/authorization_manager.cpp | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp index a1f60eaf956..9b0b07c9086 100644 --- a/src/mongo/db/auth/authorization_manager.cpp +++ b/src/mongo/db/auth/authorization_manager.cpp @@ -163,6 +163,19 @@ namespace mongo { return _externalState->removePrivilegeDocuments(query, writeConcern, numRemoved); } + Status AuthorizationManager::removeRoleDocuments(const BSONObj& query, + const BSONObj& writeConcern, + int* numRemoved) const { + Status status = _externalState->remove(NamespaceString("admin.system.roles"), + query, + writeConcern, + numRemoved); + if (status.code() == ErrorCodes::UnknownError) { + return Status(ErrorCodes::RoleModificationFailed, status.reason()); + } + return status; + } + Status AuthorizationManager::insertRoleDocument(const BSONObj& roleObj, const BSONObj& writeConcern) const { Status status = _externalState->insert(NamespaceString("admin.system.roles"), @@ -215,6 +228,22 @@ namespace mongo { return _externalState->query(collectionName, query, resultProcessor); } + Status AuthorizationManager::updateAuthzDocuments(const NamespaceString& collectionName, + const BSONObj& query, + const BSONObj& updatePattern, + bool upsert, + bool multi, + const BSONObj& writeConcern, + int* numUpdated) const { + return _externalState->update(collectionName, + query, + updatePattern, + upsert, + multi, + writeConcern, + numUpdated); + } + bool AuthorizationManager::roleExists(const RoleName& role) { boost::lock_guard<boost::mutex> lk(_lock); return _roleGraph.roleExists(role); @@ -230,6 +259,12 @@ namespace mongo { return _roleGraph.getDirectPrivileges(role); } + std::vector<RoleName> AuthorizationManager::getSubordinateRolesForRole( + const RoleName& role) { + boost::lock_guard<boost::mutex> lk(_lock); + return _roleGraph.getDirectSubordinates(role); + } + Status AuthorizationManager::getBSONForPrivileges(const PrivilegeVector& privileges, mutablebson::Element resultArray) { for (PrivilegeVector::const_iterator it = privileges.begin(); @@ -270,9 +305,10 @@ namespace mongo { // Build roles array mutablebson::Element rolesArrayElement = result.getDocument().makeElementArray("roles"); result.pushBack(rolesArrayElement); - RoleNameIterator nameIt = graph->getDirectSubordinates(roleName); - while (nameIt.more()) { - const RoleName& subRole = nameIt.next(); + const std::vector<RoleName> roles = graph->getDirectSubordinates(roleName); + for (std::vector<RoleName>::const_iterator it = roles.begin(); + it != roles.end(); ++it) { + const RoleName& subRole = *it; mutablebson::Element roleObj = result.getDocument().makeElementObject(""); roleObj.appendString("name", subRole.getRole()); roleObj.appendString("source", subRole.getDB()); |