Ejemplo n.º 1
0
    void AuthorizationManager::_acquirePrivilegesForPrincipalFromDatabase(
            const std::string& dbname, const PrincipalName& principal) {

        BSONObj privilegeDocument;
        Status status = getPrivilegeDocument(dbname, principal, &privilegeDocument);
        if (status.isOK()) {
            status = acquirePrivilegesFromPrivilegeDocument(dbname, principal, privilegeDocument);
        }
        if (!status.isOK() && status != ErrorCodes::UserNotFound) {
            log() << "Privilege acquisition failed for " << principal << " in database " <<
                dbname << ": " << status.reason() << " (" << status.codeString() << ")" << endl;
        }
    }
    Status AuthzManagerExternalStateMock::getUserDescription(
            const UserName& userName, BSONObj* result) {
        BSONObj privDoc;
        Status status = getPrivilegeDocument(userName, 2, &privDoc);
        if (!status.isOK())
            return status;

        unordered_set<RoleName> indirectRoles;
        PrivilegeVector allPrivileges;
        for (BSONObjIterator iter(privDoc["roles"].Obj()); iter.more(); iter.next()) {
            if (!(*iter)["hasRole"].trueValue())
                continue;
            RoleName roleName((*iter)[AuthorizationManager::ROLE_NAME_FIELD_NAME].str(),
                              (*iter)[AuthorizationManager::ROLE_SOURCE_FIELD_NAME].str());
            indirectRoles.insert(roleName);
            for (RoleNameIterator subordinates = _roleGraph.getIndirectSubordinates(
                         roleName);
                 subordinates.more();
                 subordinates.next()) {

                indirectRoles.insert(subordinates.get());
            }
            const PrivilegeVector& rolePrivileges(_roleGraph.getAllPrivileges(roleName));
            for (PrivilegeVector::const_iterator priv = rolePrivileges.begin(),
                     end = rolePrivileges.end();
                 priv != end;
                 ++priv) {

                Privilege::addPrivilegeToPrivilegeVector(&allPrivileges, *priv);
            }
        }

        mutablebson::Document userDoc(privDoc, mutablebson::Document::kInPlaceDisabled);
        mutablebson::Element indirectRolesElement = userDoc.makeElementArray("indirectRoles");
        mutablebson::Element privilegesElement = userDoc.makeElementArray("privileges");
        mutablebson::Element warningsElement = userDoc.makeElementArray("warnings");
        fassert(17180, userDoc.root().pushBack(privilegesElement));
        fassert(17181, userDoc.root().pushBack(indirectRolesElement));

        addRoleNameObjectsToArrayElement(indirectRolesElement,
                                         makeRoleNameIteratorForContainer(indirectRoles));
        addPrivilegeObjectsOrWarningsToArrayElement(
                privilegesElement, warningsElement, allPrivileges);
        if (warningsElement.hasChildren()) {
            fassert(17182, userDoc.root().pushBack(warningsElement));
        }
        *result = userDoc.getObject();
        return Status::OK();
    }