diff options
Diffstat (limited to 'src/mongo/db/auth/authz_manager_external_state_local.cpp')
-rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_local.cpp | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/src/mongo/db/auth/authz_manager_external_state_local.cpp b/src/mongo/db/auth/authz_manager_external_state_local.cpp index 852cb44e57f..966a8271517 100644 --- a/src/mongo/db/auth/authz_manager_external_state_local.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_local.cpp @@ -102,6 +102,14 @@ void serializeResolvedRoles(BSONObjBuilder* user, if (data.privileges) { BSONArrayBuilder privsBuilder(user->subarrayStart("inheritedPrivileges")); + if (roleDoc) { + auto privs = roleDoc.get()["privileges"]; + if (privs) { + for (const auto& privilege : privs.Obj()) { + privsBuilder.append(privilege); + } + } + } for (const auto& privilege : data.privileges.get()) { privsBuilder.append(privilege.toBSON()); } @@ -338,7 +346,7 @@ Status AuthzManagerExternalStateLocal::getUserDescription(OperationContext* opCt directRoles = filterAndMapRole(&resultBuilder, userDoc, ResolveRoleOption::kAll, false); } else { // We are able to artifically construct the external user from the request - resultBuilder.append("_id", userName.getUser()); + resultBuilder.append("_id", str::stream() << userName.getDB() << '.' << userName.getUser()); resultBuilder.append("user", userName.getUser()); resultBuilder.append("db", userName.getDB()); resultBuilder.append("credentials", BSON("external" << true)); @@ -542,16 +550,16 @@ Status AuthzManagerExternalStateLocal::getRolesDescription( auth::addPrivilegesForBuiltinRole(role, &privs)); BSONObjBuilder builtinBuilder; - builtinBuilder.append("_id", - str::stream() << role.getDB() << '.' << role.getRole()); builtinBuilder.append("db", role.getDB()); builtinBuilder.append("role", role.getRole()); builtinBuilder.append("roles", BSONArray()); - BSONArrayBuilder builtinPrivs(builtinBuilder.subarrayStart("privileges")); - for (const auto& priv : privs) { - builtinPrivs.append(priv.toBSON()); + if (showPrivileges == PrivilegeFormat::kShowSeparate) { + BSONArrayBuilder builtinPrivs(builtinBuilder.subarrayStart("privileges")); + for (const auto& priv : privs) { + builtinPrivs.append(priv.toBSON()); + } + builtinPrivs.doneFast(); } - builtinPrivs.doneFast(); roleDoc = builtinBuilder.obj(); } else { @@ -568,6 +576,7 @@ Status AuthzManagerExternalStateLocal::getRolesDescription( auto data = uassertStatusOK(resolveRoles(opCtx, subRoles, option)); data.roles->insert(subRoles.cbegin(), subRoles.cend()); serializeResolvedRoles(&roleBuilder, data, roleDoc); + roleBuilder.append("isBuiltin", auth::isBuiltinRole(role)); result->push_back(roleBuilder.obj()); } catch (const AssertionException& ex) { |