C++ ActionSet::addAction方法代码示例

本文整理汇总了C++中ActionSet::addAction方法的典型用法代码示例。如果您正苦于以下问题：C++ ActionSet::addAction方法的具体用法？C++ ActionSet::addAction怎么用？C++ ActionSet::addAction使用的例子？那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类ActionSet的用法示例。

在下文中一共展示了ActionSet::addAction方法的15个代码示例，这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞，您的评价将有助于系统推荐出更棒的C++代码示例。

示例1: addRequiredPrivileges

    void Pipeline::addRequiredPrivileges(Command* commandTemplate,
                                         const string& db,
                                         BSONObj cmdObj,
                                         vector<Privilege>* out) {
        ResourcePattern inputResource(commandTemplate->parseResourcePattern(db, cmdObj));
        uassert(17138,
                mongoutils::str::stream() << "Invalid input resource, " << inputResource.toString(),
                inputResource.isExactNamespacePattern());

        if (false && cmdObj["allowDiskUsage"].trueValue()) {
            // TODO no privilege for this yet.
        }

        out->push_back(Privilege(inputResource, ActionType::find));

        BSONObj pipeline = cmdObj.getObjectField("pipeline");
        BSONForEach(stageElem, pipeline) {
            BSONObj stage = stageElem.embeddedObjectUserCheck();
            if (str::equals(stage.firstElementFieldName(), "$out")) {
                NamespaceString outputNs(db, stage.firstElement().str());
                uassert(17139,
                        mongoutils::str::stream() << "Invalid $out target namespace, " <<
                        outputNs.ns(),
                        outputNs.isValid());

                ActionSet actions;
                actions.addAction(ActionType::remove);
                actions.addAction(ActionType::insert);
                out->push_back(Privilege(ResourcePattern::forExactNamespace(outputNs), actions));
            }
        }

开发者ID:kevleyski，项目名称:mongo，代码行数:31，代码来源:pipeline.cpp

示例2: addRequiredPrivileges

 void addRequiredPrivileges(const std::string& dbname,
                            const BSONObj& cmdObj,
                            std::vector<Privilege>* out) const override {
     ActionSet actions;
     actions.addAction(ActionType::convertToCapped);
     out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), actions));
 }

开发者ID:zpzxgcr，项目名称:mongo，代码行数:7，代码来源:commands_public.cpp

示例3: checkAuthForCommand

        virtual Status checkAuthForCommand(ClientBasic* client,
                                           const std::string& dbname,
                                           const BSONObj& cmdObj) {
            ActionSet actions;
            actions.addAction(ActionType::insert);
            actions.addAction(ActionType::createIndex);
            if (shouldBypassDocumentValidationforCommand(cmdObj)) {
                actions.addAction(ActionType::bypassDocumentValidation);
            }

            if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
                    ResourcePattern::forDatabaseName(dbname), actions)) {
                return Status(ErrorCodes::Unauthorized, "Unauthorized");
            }
            return Status::OK();
        }

开发者ID:hptabster，项目名称:mongo，代码行数:16，代码来源:clone.cpp

示例4: checkAuthForCommand

Status Pipeline::checkAuthForCommand(ClientBasic* client,
                                     const std::string& db,
                                     const BSONObj& cmdObj) {
    NamespaceString inputNs(db, cmdObj.firstElement().str());
    auto inputResource = ResourcePattern::forExactNamespace(inputNs);
    uassert(17138,
            mongoutils::str::stream() << "Invalid input namespace, " << inputNs.ns(),
            inputNs.isValid());

    std::vector<Privilege> privileges;

    if (cmdObj.getFieldDotted("pipeline.0.$indexStats")) {
        Privilege::addPrivilegeToPrivilegeVector(
            &privileges,
            Privilege(ResourcePattern::forAnyNormalResource(), ActionType::indexStats));
    } else {
        // If no source requiring an alternative permission scheme is specified then default to
        // requiring find() privileges on the given namespace.
        Privilege::addPrivilegeToPrivilegeVector(&privileges,
                                                 Privilege(inputResource, ActionType::find));
    }

    BSONObj pipeline = cmdObj.getObjectField("pipeline");
    BSONForEach(stageElem, pipeline) {
        BSONObj stage = stageElem.embeddedObjectUserCheck();
        StringData stageName = stage.firstElementFieldName();
        if (stageName == "$out" && stage.firstElementType() == String) {
            NamespaceString outputNs(db, stage.firstElement().str());
            uassert(17139,
                    mongoutils::str::stream() << "Invalid $out target namespace, " << outputNs.ns(),
                    outputNs.isValid());

            ActionSet actions;
            actions.addAction(ActionType::remove);
            actions.addAction(ActionType::insert);
            if (shouldBypassDocumentValidationForCommand(cmdObj)) {
                actions.addAction(ActionType::bypassDocumentValidation);
            }
            Privilege::addPrivilegeToPrivilegeVector(
                &privileges, Privilege(ResourcePattern::forExactNamespace(outputNs), actions));
        } else if (stageName == "$lookup" && stage.firstElementType() == Object) {
            NamespaceString fromNs(db, stage.firstElement()["from"].str());
            Privilege::addPrivilegeToPrivilegeVector(
                &privileges,
                Privilege(ResourcePattern::forExactNamespace(fromNs), ActionType::find));
        }
    }

开发者ID:CeperaCPP，项目名称:mongo，代码行数:47，代码来源:pipeline.cpp

示例5: checkAuthForWriteCommand

Status checkAuthForWriteCommand(AuthorizationSession* authzSession,
                                BatchedCommandRequest::BatchType cmdType,
                                const NamespaceString& cmdNSS,
                                const BSONObj& cmdObj) {
    vector<Privilege> privileges;
    ActionSet actionsOnCommandNSS;

    if (shouldBypassDocumentValidationForCommand(cmdObj)) {
        actionsOnCommandNSS.addAction(ActionType::bypassDocumentValidation);
    }

    if (cmdType == BatchedCommandRequest::BatchType_Insert) {
        if (!cmdNSS.isSystemDotIndexes()) {
            actionsOnCommandNSS.addAction(ActionType::insert);
        } else {
            // Special-case indexes until we have a command
            string nsToIndex, errMsg;
            if (!BatchedCommandRequest::getIndexedNS(cmdObj, &nsToIndex, &errMsg)) {
                return Status(ErrorCodes::FailedToParse, errMsg);
            }

            NamespaceString nssToIndex(nsToIndex);
            privileges.push_back(
                Privilege(ResourcePattern::forExactNamespace(nssToIndex), ActionType::createIndex));
        }
    } else if (cmdType == BatchedCommandRequest::BatchType_Update) {
        actionsOnCommandNSS.addAction(ActionType::update);

        // Upsert also requires insert privs
        if (BatchedCommandRequest::containsUpserts(cmdObj)) {
            actionsOnCommandNSS.addAction(ActionType::insert);
        }
    } else {
        fassert(17251, cmdType == BatchedCommandRequest::BatchType_Delete);
        actionsOnCommandNSS.addAction(ActionType::remove);
    }


    if (!actionsOnCommandNSS.empty()) {
        privileges.emplace_back(ResourcePattern::forExactNamespace(cmdNSS), actionsOnCommandNSS);
    }

    if (authzSession->isAuthorizedForPrivileges(privileges))
        return Status::OK();

    return Status(ErrorCodes::Unauthorized, "unauthorized");
}

开发者ID:AlexOreshkevich，项目名称:mongo，代码行数:47，代码来源:write_commands_common.cpp

示例6: _modifyPrivilegeForSpecialCases

    Privilege AuthorizationManager::_modifyPrivilegeForSpecialCases(const Privilege& privilege) {
        ActionSet newActions;
        newActions.addAllActionsFromSet(privilege.getActions());
        std::string collectionName = NamespaceString(privilege.getResource()).coll;
        if (collectionName == "system.users") {
            newActions.removeAction(ActionType::find);
            newActions.removeAction(ActionType::insert);
            newActions.removeAction(ActionType::update);
            newActions.removeAction(ActionType::remove);
            newActions.addAction(ActionType::userAdmin);
        } else if (collectionName == "system.profle" && newActions.contains(ActionType::find)) {
            newActions.removeAction(ActionType::find);
            newActions.addAction(ActionType::profileRead);
        }

        return Privilege(privilege.getResource(), newActions);
    }

开发者ID:chenbk85，项目名称:mongo，代码行数:17，代码来源:authorization_manager.cpp

示例7: addRequiredPrivileges

 virtual void addRequiredPrivileges(const std::string& dbname,
                                    const BSONObj& cmdObj,
                                    std::vector<Privilege>* out) {
     // TODO: update this with the new rules around user creation in 2.6.
     ActionSet actions;
     actions.addAction(ActionType::userAdmin);
     out->push_back(Privilege(dbname, actions));
 }

开发者ID:328500920，项目名称:mongo，代码行数:8，代码来源:user_management_commands.cpp

示例8: checkAuthForRenameCollectionCommand

    Status checkAuthForRenameCollectionCommand(ClientBasic* client,
                                               const std::string& dbname,
                                               const BSONObj& cmdObj) {
        NamespaceString sourceNS = NamespaceString(cmdObj.getStringField("renameCollection"));
        NamespaceString targetNS = NamespaceString(cmdObj.getStringField("to"));
        bool dropTarget = cmdObj["dropTarget"].trueValue();

        if (sourceNS.db() == targetNS.db() && !sourceNS.isSystem() && !targetNS.isSystem()) {
            bool authed1 = client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
                    ResourcePattern::forDatabaseName(sourceNS.db()),
                    ActionType::renameCollectionSameDB);

            bool authed2 = true;
            if (dropTarget) {
                authed2 = client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
                        ResourcePattern::forExactNamespace(targetNS), ActionType::dropCollection);
            }

            if (authed1 && authed2) {
                return Status::OK();
            }
        }

        // Check privileges on source collection
        ActionSet actions;
        actions.addAction(ActionType::find);
        actions.addAction(ActionType::dropCollection);
        if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
                ResourcePattern::forExactNamespace(sourceNS), actions)) {
            return Status(ErrorCodes::Unauthorized, "Unauthorized");
        }

        // Check privileges on dest collection
        actions.removeAllActions();
        actions.addAction(ActionType::insert);
        actions.addAction(ActionType::createIndex);
        if (dropTarget) {
            actions.addAction(ActionType::dropCollection);
        }
        if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
                ResourcePattern::forExactNamespace(targetNS), actions)) {
            return Status(ErrorCodes::Unauthorized, "Unauthorized");
        }

        return Status::OK();
    }

开发者ID:Convey-Compliance，项目名称:mongo，代码行数:46，代码来源:rename_collection_common.cpp

示例9: addRequiredPrivileges

    void Pipeline::addRequiredPrivileges(const string& db,
                                         BSONObj cmdObj,
                                         vector<Privilege>* out) {
        ActionSet actions;
        actions.addAction(ActionType::find);
        out->push_back(Privilege(db + '.' + cmdObj.firstElement().str(), actions));

        if (false && cmdObj["allowDiskUsage"].trueValue()) {
            // TODO no privilege for this yet.
        }

        BSONObj pipeline = cmdObj.getObjectField("pipeline");
        BSONForEach(stageElem, pipeline) {
            BSONObj stage = stageElem.embeddedObjectUserCheck();
            if (str::equals(stage.firstElementFieldName(), "$out")) {
                // TODO Figure out how to handle temp collection privileges. For now, using the
                // output ns is ok since we only do db-level privilege checks.
                const string outputNs = db + '.' + stage.firstElement().str();

                ActionSet actions;
                // logically on output ns
                actions.addAction(ActionType::remove);
                actions.addAction(ActionType::insert);
                actions.addAction(ActionType::indexRead);

                // on temp ns due to implementation, but not logically on output ns
                actions.addAction(ActionType::createCollection);
                actions.addAction(ActionType::ensureIndex);
                actions.addAction(ActionType::dropCollection);
                actions.addAction(ActionType::renameCollectionSameDB);

                out->push_back(Privilege(outputNs, actions));
            }
        }

开发者ID:acruikshank，项目名称:mongo，代码行数:34，代码来源:pipeline.cpp

示例10: addRequiredPrivileges

        virtual void addRequiredPrivileges(const std::string& dbname,
                                           const BSONObj& cmdObj,
                                           std::vector<Privilege>* out) {
            ActionSet sourceActions;
            sourceActions.addAction(ActionType::find);
            out->push_back(Privilege(parseResourcePattern(dbname, cmdObj), sourceActions));

            ActionSet targetActions;
            targetActions.addAction(ActionType::insert);
            targetActions.addAction(ActionType::createIndex);
            targetActions.addAction(ActionType::convertToCapped);
            std::string collection = cmdObj.getStringField("toCollection");
            uassert(16708, "bad 'toCollection' value", !collection.empty());

            out->push_back(Privilege(ResourcePattern::forExactNamespace(
                                             NamespaceString(dbname, collection)),
                                     targetActions));
        }

开发者ID:glenlray，项目名称:mongo，代码行数:18，代码来源:collection_to_capped.cpp

示例11: checkAuthForCommand

    virtual Status checkAuthForCommand(ClientBasic* client,
                                       const std::string& dbname,
                                       const BSONObj& cmdObj) {
        std::string ns = parseNs(dbname, cmdObj);

        ActionSet actions;
        actions.addAction(ActionType::insert);
        actions.addAction(ActionType::createIndex);  // SERVER-11418
        if (shouldBypassDocumentValidationForCommand(cmdObj)) {
            actions.addAction(ActionType::bypassDocumentValidation);
        }

        if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
                ResourcePattern::forExactNamespace(NamespaceString(ns)), actions)) {
            return Status(ErrorCodes::Unauthorized, "Unauthorized");
        }
        return Status::OK();
    }

开发者ID:Asamaha，项目名称:mongo，代码行数:18，代码来源:clone_collection.cpp

示例12: addRequiredPrivileges

    void Pipeline::addRequiredPrivileges(Command* commandTemplate,
                                         const string& db,
                                         BSONObj cmdObj,
                                         vector<Privilege>* out) {
        ResourcePattern inputResource(commandTemplate->parseResourcePattern(db, cmdObj));
        uassert(17138,
                mongoutils::str::stream() << "Invalid input resource, " << inputResource.toString(),
                inputResource.isExactNamespacePattern());

        if (false && cmdObj["allowDiskUsage"].trueValue()) {
            // TODO no privilege for this yet.
        }

        out->push_back(Privilege(inputResource, ActionType::find));

        BSONObj pipeline = cmdObj.getObjectField("pipeline");
        BSONForEach(stageElem, pipeline) {
            BSONObj stage = stageElem.embeddedObjectUserCheck();
            if (str::equals(stage.firstElementFieldName(), "$out")) {
                // TODO Figure out how to handle temp collection privileges. For now, using the
                // output ns is ok since we only do db-level privilege checks.
                NamespaceString outputNs(db, stage.firstElement().str());
                uassert(17139,
                        mongoutils::str::stream() << "Invalid $out target namespace, " <<
                        outputNs.ns(),
                        outputNs.isValid());

                ActionSet actions;
                // logically on output ns
                actions.addAction(ActionType::remove);
                actions.addAction(ActionType::insert);

                // on temp ns due to implementation, but not logically on output ns
                actions.addAction(ActionType::createCollection);
                actions.addAction(ActionType::createIndex);
                actions.addAction(ActionType::dropCollection);
                actions.addAction(ActionType::renameCollectionSameDB);

                out->push_back(Privilege(ResourcePattern::forExactNamespace(outputNs), actions));
                out->push_back(Privilege(ResourcePattern::forExactNamespace(
                                                 NamespaceString(db, "system.indexes")),
                                         ActionType::find));
            }
        }

开发者ID:ChrisKozak，项目名称:mongo，代码行数:44，代码来源:pipeline.cpp

示例13: checkAuthForCommand

 virtual Status checkAuthForCommand(ClientBasic* client,
                                    const std::string& dbname,
                                    const BSONObj& cmdObj) {
     ActionSet actions;
     actions.addAction(ActionType::createIndex);
     Privilege p(parseResourcePattern(dbname, cmdObj), actions);
     if ( client->getAuthorizationSession()->isAuthorizedForPrivilege(p) )
         return Status::OK();
     return Status(ErrorCodes::Unauthorized, "Unauthorized");
 }

开发者ID:Albert-B-P，项目名称:mongo，代码行数:10，代码来源:create_indexes.cpp

示例14: addRequiredPrivileges

 // TODO: remove this default implementation so that all Command subclasses have to explicitly
 // declare their own.
 void Command::addRequiredPrivileges(const std::string& dbname,
                                     const BSONObj& cmdObj,
                                     std::vector<Privilege>* out) {
     if (!requiresAuth()) {
         return;
     }
     ActionSet actions;
     actions.addAction(locktype() == WRITE ? ActionType::oldWrite : ActionType::oldRead);
     Privilege privilege(adminOnly() ? "admin" : dbname, actions);
     out->push_back(privilege);
 }

开发者ID:boy1212，项目名称:mongo，代码行数:13，代码来源:commands.cpp

示例15: _modifyPrivilegeForSpecialCases

    Privilege AuthorizationSession::_modifyPrivilegeForSpecialCases(const Privilege& privilege) {
        ActionSet newActions;
        newActions.addAllActionsFromSet(privilege.getActions());
        NamespaceString ns( privilege.getResource() );

        if (ns.coll() == "system.users") {
            newActions.removeAction(ActionType::find);
            newActions.removeAction(ActionType::insert);
            newActions.removeAction(ActionType::update);
            newActions.removeAction(ActionType::remove);
            newActions.addAction(ActionType::userAdmin);
        } else if (ns.coll() == "system.profile") {
            newActions.removeAction(ActionType::find);
            newActions.addAction(ActionType::profileRead);
        } else if (ns.coll() == "system.indexes" && newActions.contains(ActionType::find)) {
            newActions.removeAction(ActionType::find);
            newActions.addAction(ActionType::indexRead);
        }

        return Privilege(privilege.getResource(), newActions);
    }

开发者ID:citsoft，项目名称:mongo，代码行数:21，代码来源:authorization_session.cpp

注：本文中的ActionSet::addAction方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台，相关代码片段筛选自各路编程大神贡献的开源项目，源码版权归原作者所有，传播和使用请参考对应项目的License；未经允许，请勿转载。