本文整理汇总了C++中Privilege函数的典型用法代码示例。如果您正苦于以下问题:C++ Privilege函数的具体用法?C++ Privilege怎么用?C++ Privilege使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了Privilege函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: addRequiredPrivileges
virtual void addRequiredPrivileges(const std::string& dbname,
const BSONObj& cmdObj,
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::listCollections);
out->push_back(Privilege(ResourcePattern::forDatabaseName(dbname), actions));
}示例2: ns
Privilege AuthorizationSession::_modifyPrivilegeForSpecialCases(const Privilege& privilege) {
ActionSet newActions;
newActions.addAllActionsFromSet(privilege.getActions());
NamespaceString ns( privilege.getResource() );
if (ns.coll() == "system.users") {
if (newActions.contains(ActionType::insert) ||
newActions.contains(ActionType::update) ||
newActions.contains(ActionType::remove)) {
// End users can't modify system.users directly, only the system can.
newActions.addAction(ActionType::userAdminV1);
} else {
newActions.addAction(ActionType::userAdmin);
}
newActions.removeAction(ActionType::find);
newActions.removeAction(ActionType::insert);
newActions.removeAction(ActionType::update);
newActions.removeAction(ActionType::remove);
} else if (ns.coll() == "system.profile") {
newActions.removeAction(ActionType::find);
newActions.addAction(ActionType::profileRead);
} else if (ns.coll() == "system.indexes" && newActions.contains(ActionType::find)) {
newActions.removeAction(ActionType::find);
newActions.addAction(ActionType::indexRead);
}
return Privilege(privilege.getResource(), newActions);
}示例3: checkAuthorization
bool AuthorizationManager::checkAuthorization(const std::string& resource,
ActionSet actions) {
if (_externalState->shouldIgnoreAuthChecks())
return true;
return _acquiredPrivileges.hasPrivilege(Privilege(nsToDatabase(resource), actions));
}示例4: logoutDatabase
void AuthorizationSession::addAuthorizedPrincipal(Principal* principal) {
// Log out any already-logged-in user on the same database as "principal".
logoutDatabase(principal->getName().getDB().toString()); // See SERVER-8144.
_authenticatedPrincipals.add(principal);
if (!principal->isImplicitPrivilegeAcquisitionEnabled())
return;
const std::string dbname = principal->getName().getDB().toString();
if (dbname == StringData("local", StringData::LiteralTag()) &&
principal->getName().getUser() == internalSecurity.user) {
// Grant full access to internal user
ActionSet allActions;
allActions.addAllActions();
acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, allActions),
principal->getName());
return;
}
_acquirePrivilegesForPrincipalFromDatabase(ADMIN_DBNAME, principal->getName());
principal->markDatabaseAsProbed(ADMIN_DBNAME);
_acquirePrivilegesForPrincipalFromDatabase(dbname, principal->getName());
principal->markDatabaseAsProbed(dbname);
_externalState->onAddAuthorizedPrincipal(principal);
}示例5: checkAuthForCommand
virtual Status checkAuthForCommand( ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj ) {
return client->getAuthorizationSession()->checkAuthForPrivilege(
Privilege( AuthorizationManager::CLUSTER_RESOURCE_NAME,
ActionType::mergeChunks ) );
}示例6: addRequiredPrivileges
void CmdShutdown::addRequiredPrivileges(const std::string& dbname,
const BSONObj& cmdObj,
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::shutdown);
out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}示例7: addRequiredPrivileges
virtual void addRequiredPrivileges(const std::string& dbname,
const BSONObj& cmdObj,
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::getShardMap);
out->push_back(Privilege(AuthorizationManager::CLUSTER_RESOURCE_NAME, actions));
}示例8: addRequiredPrivileges
virtual void addRequiredPrivileges(const std::string& dbname,
const BSONObj& cmdObj,
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::find);
out->push_back(Privilege(parseNs(dbname, cmdObj), actions));
}示例9: addPrivilegesRequiredForFindAndModify
void addPrivilegesRequiredForFindAndModify(Command* commandTemplate,
const std::string& dbname,
const BSONObj& cmdObj,
std::vector<Privilege>* out) {
bool update = cmdObj["update"].trueValue();
bool upsert = cmdObj["upsert"].trueValue();
bool remove = cmdObj["remove"].trueValue();
ActionSet actions;
actions.addAction(ActionType::find);
if (update) {
actions.addAction(ActionType::update);
}
if (upsert) {
actions.addAction(ActionType::insert);
}
if (remove) {
actions.addAction(ActionType::remove);
}
ResourcePattern resource(commandTemplate->parseResourcePattern(dbname, cmdObj));
uassert(17137,
"Invalid target namespace " + resource.toString(),
resource.isExactNamespacePattern());
out->push_back(Privilege(resource, actions));
}示例10: addRequiredPrivileges
void addRequiredPrivileges(const std::string& dbname,
const BSONObj& cmdObj,
std::vector<Privilege>* out) const override {
ActionSet actions;
actions.addAction(ActionType::convertToCapped);
out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions));
}示例11: Status
Status AuthorizationManager::_buildPrivilegeSetFromOldStylePrivilegeDocument(
const std::string& dbname,
const PrincipalName& principal,
const BSONObj& privilegeDocument,
PrivilegeSet* result) {
if (!(privilegeDocument.hasField(USERNAME_FIELD_NAME) &&
privilegeDocument.hasField(PASSWORD_FIELD_NAME))) {
return Status(ErrorCodes::UnsupportedFormat,
mongoutils::str::stream() << "Invalid old-style privilege document "
"received when trying to extract privileges: "
<< privilegeDocument,
0);
}
if (privilegeDocument[USERNAME_FIELD_NAME].str() != principal.getUser()) {
return Status(ErrorCodes::BadValue,
mongoutils::str::stream() << "Principal name from privilege document \""
<< privilegeDocument[USERNAME_FIELD_NAME].str()
<< "\" doesn't match name of provided Principal \""
<< principal.getUser()
<< "\"",
0);
}
bool readOnly = privilegeDocument[READONLY_FIELD_NAME].trueValue();
ActionSet actions = getActionsForOldStyleUser(dbname, readOnly);
std::string resourceName = (dbname == ADMIN_DBNAME || dbname == LOCAL_DBNAME) ?
PrivilegeSet::WILDCARD_RESOURCE : dbname;
result->grantPrivilege(Privilege(resourceName, actions), principal);
return Status::OK();
}示例12: addRequiredPrivileges
virtual void addRequiredPrivileges(const std::string& dbname,
const BSONObj& cmdObj,
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::dropIndex);
out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions));
}示例13: addRequiredPrivileges
virtual void addRequiredPrivileges(const std::string& dbname,
const BSONObj& cmdObj,
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::connPoolStats);
out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}示例14: inputNs
Status Pipeline::checkAuthForCommand(ClientBasic* client,
const std::string& db,
const BSONObj& cmdObj) {
NamespaceString inputNs(db, cmdObj.firstElement().str());
auto inputResource = ResourcePattern::forExactNamespace(inputNs);
uassert(17138,
mongoutils::str::stream() << "Invalid input namespace, " << inputNs.ns(),
inputNs.isValid());
std::vector<Privilege> privileges;
if (cmdObj.getFieldDotted("pipeline.0.$indexStats")) {
Privilege::addPrivilegeToPrivilegeVector(
&privileges,
Privilege(ResourcePattern::forAnyNormalResource(), ActionType::indexStats));
} else {
// If no source requiring an alternative permission scheme is specified then default to
// requiring find() privileges on the given namespace.
Privilege::addPrivilegeToPrivilegeVector(&privileges,
Privilege(inputResource, ActionType::find));
}
BSONObj pipeline = cmdObj.getObjectField("pipeline");
BSONForEach(stageElem, pipeline) {
BSONObj stage = stageElem.embeddedObjectUserCheck();
StringData stageName = stage.firstElementFieldName();
if (stageName == "$out" && stage.firstElementType() == String) {
NamespaceString outputNs(db, stage.firstElement().str());
uassert(17139,
mongoutils::str::stream() << "Invalid $out target namespace, " << outputNs.ns(),
outputNs.isValid());
ActionSet actions;
actions.addAction(ActionType::remove);
actions.addAction(ActionType::insert);
if (shouldBypassDocumentValidationForCommand(cmdObj)) {
actions.addAction(ActionType::bypassDocumentValidation);
}
Privilege::addPrivilegeToPrivilegeVector(
&privileges, Privilege(ResourcePattern::forExactNamespace(outputNs), actions));
} else if (stageName == "$lookup" && stage.firstElementType() == Object) {
NamespaceString fromNs(db, stage.firstElement()["from"].str());
Privilege::addPrivilegeToPrivilegeVector(
&privileges,
Privilege(ResourcePattern::forExactNamespace(fromNs), ActionType::find));
}
}示例15: _addPrivilegesForSystemRole
/**
* Adds to "outPrivileges" the privileges associated with having the named "role" on "dbname".
*
* Returns non-OK status if "role" is not a defined role in "dbname".
*/
static Status _addPrivilegesForSystemRole(const std::string& dbname,
const std::string& role,
std::vector<Privilege>* outPrivileges) {
const bool isAdminDB = (dbname == ADMIN_DBNAME);
if (role == SYSTEM_ROLE_READ) {
outPrivileges->push_back(Privilege(dbname, readRoleActions));
}
else if (role == SYSTEM_ROLE_READ_WRITE) {
outPrivileges->push_back(Privilege(dbname, readWriteRoleActions));
}
else if (role == SYSTEM_ROLE_USER_ADMIN) {
outPrivileges->push_back(Privilege(dbname, userAdminRoleActions));
}
else if (role == SYSTEM_ROLE_DB_ADMIN) {
outPrivileges->push_back(Privilege(dbname, dbAdminRoleActions));
}
else if (isAdminDB && role == SYSTEM_ROLE_READ_ANY_DB) {
outPrivileges->push_back(Privilege(PrivilegeSet::WILDCARD_RESOURCE, readRoleActions));
}
else if (isAdminDB && role == SYSTEM_ROLE_READ_WRITE_ANY_DB) {
outPrivileges->push_back(
Privilege(PrivilegeSet::WILDCARD_RESOURCE, readWriteRoleActions));
}
else if (isAdminDB && role == SYSTEM_ROLE_USER_ADMIN_ANY_DB) {
outPrivileges->push_back(
Privilege(PrivilegeSet::WILDCARD_RESOURCE, userAdminRoleActions));
}
else if (isAdminDB && role == SYSTEM_ROLE_DB_ADMIN_ANY_DB) {
outPrivileges->push_back(
Privilege(PrivilegeSet::WILDCARD_RESOURCE, dbAdminRoleActions));
}
else if (isAdminDB && role == SYSTEM_ROLE_SERVER_ADMIN) {
outPrivileges->push_back(
Privilege(PrivilegeSet::WILDCARD_RESOURCE, serverAdminRoleActions));
}
else if (isAdminDB && role == SYSTEM_ROLE_CLUSTER_ADMIN) {
outPrivileges->push_back(
Privilege(PrivilegeSet::WILDCARD_RESOURCE, clusterAdminRoleActions));
}
else {
return Status(ErrorCodes::BadValue,
mongoutils::str::stream() <<"No such role, " << role <<
", in database " << dbname);
}
return Status::OK();
}