/**
* Given a database name and a BSONElement representing an array of roles, populates
* "outPrivileges" with the privileges associated with the given roles on the named database.
*
* Returns Status::OK() on success.
*/
static Status _getPrivilegesFromRoles(const std::string& dbname,
const BSONElement& rolesElement,
std::vector<Privilege>* outPrivileges) {
static const char privilegesTypeMismatchMessage[] =
"Roles must be enumerated in an array of strings.";
if (dbname == PrivilegeSet::WILDCARD_RESOURCE) {
return Status(ErrorCodes::BadValue,
PrivilegeSet::WILDCARD_RESOURCE + " is an invalid database name.");
}
if (rolesElement.type() != Array)
return Status(ErrorCodes::TypeMismatch, privilegesTypeMismatchMessage);
for (BSONObjIterator iter(rolesElement.embeddedObject()); iter.more(); iter.next()) {
BSONElement roleElement = *iter;
if (roleElement.type() != String)
return Status(ErrorCodes::TypeMismatch, privilegesTypeMismatchMessage);
Status status = _addPrivilegesForSystemRole(dbname, roleElement.str(), outPrivileges);
if (!status.isOK())
return status;
}
return Status::OK();
}
/**
* Modifies the given User object by inspecting its roles and giving it the relevant
* privileges from those roles.
*/
void V1PrivilegeDocumentParser::initializeUserPrivilegesFromRoles(User* user) const {
std::vector<Privilege> privileges;
RoleNameIterator it = user->getRoles();
while (it.more()) {
const RoleName& roleName = it.next();
_addPrivilegesForSystemRole(roleName.getDB().toString(),
roleName.getRole().toString(),
&privileges);
}
user->addPrivileges(privileges);
}
