diff options
Diffstat (limited to 'src/mongo/db/auth/authorization_manager.h')
-rw-r--r-- | src/mongo/db/auth/authorization_manager.h | 45 |
1 files changed, 31 insertions, 14 deletions
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h index b12abccad40..43b1741841b 100644 --- a/src/mongo/db/auth/authorization_manager.h +++ b/src/mongo/db/auth/authorization_manager.h @@ -36,7 +36,6 @@ #include "mongo/bson/mutable/element.h" #include "mongo/bson/oid.h" #include "mongo/db/auth/action_set.h" -#include "mongo/db/auth/privilege_format.h" #include "mongo/db/auth/resource_pattern.h" #include "mongo/db/auth/role_graph.h" #include "mongo/db/auth/user.h" @@ -220,32 +219,50 @@ public: ActionSet getActionsForOldStyleUser(const std::string& dbname, bool readOnly) const; /** - * Delegates method call to the underlying AuthzManagerExternalState. + * Writes into "result" a document describing the named user and returns Status::OK(). The + * description includes the user credentials and customData, if present, the user's role + * membership and delegation information, a full list of the user's privileges, and a full + * list of the user's roles, including those roles held implicitly through other roles + * (indirect roles). In the event that some of this information is inconsistent, the + * document will contain a "warnings" array, with std::string messages describing + * inconsistencies. + * + * If the user does not exist, returns ErrorCodes::UserNotFound. */ Status getUserDescription(OperationContext* txn, const UserName& userName, BSONObj* result); /** - * Delegates method call to the underlying AuthzManagerExternalState. + * Writes into "result" a document describing the named role and returns Status::OK(). The + * description includes the roles in which the named role has membership and a full list of + * the roles of which the named role is a member, including those roles memberships held + * implicitly through other roles (indirect roles). If "showPrivileges" is true, then the + * description documents will also include a full list of the role's privileges. + * In the event that some of this information is inconsistent, the document will contain a + * "warnings" array, with std::string messages describing inconsistencies. + * + * If the role does not exist, returns ErrorCodes::RoleNotFound. */ Status getRoleDescription(OperationContext* txn, const RoleName& roleName, - PrivilegeFormat privilegeFormat, + bool showPrivileges, BSONObj* result); /** - * Delegates method call to the underlying AuthzManagerExternalState. - */ - Status getRolesDescription(OperationContext* txn, - const std::vector<RoleName>& roleName, - PrivilegeFormat privilegeFormat, - BSONObj* result); - - /** - * Delegates method call to the underlying AuthzManagerExternalState. + * Writes into "result" documents describing the roles that are defined on the given + * database. Each role description document includes the other roles in which the role has + * membership and a full list of the roles of which the named role is a member, + * including those roles memberships held implicitly through other roles (indirect roles). + * If showPrivileges is true, then the description documents will also include a full list + * of the role's privileges. If showBuiltinRoles is true, then the result array will + * contain description documents for all the builtin roles for the given database, if it + * is false the result will just include user defined roles. + * In the event that some of the information in a given role description is inconsistent, + * the document will contain a "warnings" array, with std::string messages describing + * inconsistencies. */ Status getRoleDescriptionsForDB(OperationContext* txn, const std::string dbname, - PrivilegeFormat privilegeFormat, + bool showPrivileges, bool showBuiltinRoles, std::vector<BSONObj>* result); |