From 3bc344db791e74f378880fd4ccd2ea045ba238f9 Mon Sep 17 00:00:00 2001
From: Andy Schwerin <schwerin@10gen.com>
Date: Thu, 19 Sep 2013 15:46:08 -0400
Subject: SERVER-1105 Update AuthorizationSession's logic for collection-level
 access control.

Also requires changing the privileges of the built-in roles.  This patch takes the opportunity to remove the 2.2-style read-only roles in favor of the 2.4-style "read" and "readAnyDatabase" roles, and renames the 2.2-style read-write roles "dbOwner" and "root".  The "root" name, at least, is subject to change prior to the next unstable release.

Test harnesses are updated as needed to use the correct builtin roles.
---
 src/mongo/db/auth/privilege.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/mongo/db/auth/privilege.cpp')

diff --git a/src/mongo/db/auth/privilege.cpp b/src/mongo/db/auth/privilege.cpp
index 89261791f98..a1d0dab7bfe 100644
--- a/src/mongo/db/auth/privilege.cpp
+++ b/src/mongo/db/auth/privilege.cpp
@@ -20,6 +20,18 @@
 
 namespace mongo {
 
+    void Privilege::addPrivilegeToPrivilegeVector(PrivilegeVector* privileges,
+                                                  const Privilege& privilegeToAdd) {
+        for (PrivilegeVector::iterator it = privileges->begin(); it != privileges->end(); ++it) {
+            if (it->getResourcePattern() == privilegeToAdd.getResourcePattern()) {
+                it->addActions(privilegeToAdd.getActions());
+                return;
+            }
+        }
+        // No privilege exists yet for this resource
+        privileges->push_back(privilegeToAdd);
+    }
+
     Privilege::Privilege(const ResourcePattern& resource, const ActionType& action) :
         _resource(resource) {
 
-- 
cgit v1.2.1