本文整理汇总了C++中AuthorizationSession::isAuthorizedForActionsOnResource方法的典型用法代码示例。如果您正苦于以下问题:C++ AuthorizationSession::isAuthorizedForActionsOnResource方法的具体用法?C++ AuthorizationSession::isAuthorizedForActionsOnResource怎么用?C++ AuthorizationSession::isAuthorizedForActionsOnResource使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类AuthorizationSession的用法示例。
在下文中一共展示了AuthorizationSession::isAuthorizedForActionsOnResource方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: checkAuthForRolesInfoCommand
Status checkAuthForRolesInfoCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::RolesInfoArgs args;
Status status = auth::parseRolesInfoCommand(cmdObj, dbname, &args);
if (!status.isOK()) {
return status;
}
if (args.allForDB) {
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(dbname), ActionType::viewRole)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to view roles from the " << dbname
<< " database");
}
} else {
for (size_t i = 0; i < args.roleNames.size(); ++i) {
if (authzSession->isAuthenticatedAsUserWithRole(args.roleNames[i])) {
continue; // Can always see roles that you are a member of
}
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(args.roleNames[i].getDB()),
ActionType::viewRole)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to view roles from the "
<< args.roleNames[i].getDB() << " database");
}
}
}
return Status::OK();
}示例2: checkAuthForUsersInfoCommand
Status checkAuthForUsersInfoCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::UsersInfoArgs args;
Status status = auth::parseUsersInfoCommand(cmdObj, dbname, &args);
if (!status.isOK()) {
return status;
}
if (args.allForDB) {
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(dbname), ActionType::viewUser)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to view users from the " << dbname
<< " database");
}
} else {
for (size_t i = 0; i < args.userNames.size(); ++i) {
if (authzSession->lookupUser(args.userNames[i])) {
continue; // Can always view users you are logged in as
}
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(args.userNames[i].getDB()),
ActionType::viewUser)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to view users from the " << dbname
<< " database");
}
}
}
return Status::OK();
}示例3: checkAuthForUpdateUserCommand
Status checkAuthForUpdateUserCommand(Client* client,
const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::CreateOrUpdateUserArgs args;
Status status = auth::parseCreateOrUpdateUserCommands(cmdObj, "updateUser", dbname, &args);
if (!status.isOK()) {
return status;
}
if (args.hasPassword) {
if (!authzSession->isAuthorizedToChangeOwnPasswordAsUser(args.userName) &&
!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(args.userName.getDB()),
ActionType::changePassword)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to change password of user: "
<< args.userName.getFullName());
}
}
if (args.hasCustomData) {
if (!authzSession->isAuthorizedToChangeOwnCustomDataAsUser(args.userName) &&
!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(args.userName.getDB()),
ActionType::changeCustomData)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to change customData of user: "
<< args.userName.getFullName());
}
}
if (args.hasRoles) {
// You don't know what roles you might be revoking, so require the ability to
// revoke any role in the system.
if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forAnyNormalResource(),
ActionType::revokeRole)) {
return Status(ErrorCodes::Unauthorized,
"In order to use updateUser to set roles array, must be "
"authorized to revoke any role in the system");
}
status = checkAuthorizedToGrantRoles(authzSession, args.roles);
if (!status.isOK()) {
return status;
}
}
status = checkAuthorizedToSetRestrictions(
authzSession, static_cast<bool>(args.authenticationRestrictions), args.userName.getDB());
if (!status.isOK()) {
return status;
}
return Status::OK();
}示例4: checkAuthForCreateUserCommand
Status checkAuthForCreateUserCommand(Client* client,
const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::CreateOrUpdateUserArgs args;
Status status = auth::parseCreateOrUpdateUserCommands(cmdObj, "createUser", dbname, &args);
if (!status.isOK()) {
return status;
}
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(args.userName.getDB()), ActionType::createUser)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to create users on db: "
<< args.userName.getDB());
}
status = checkAuthorizedToGrantRoles(authzSession, args.roles);
if (!status.isOK()) {
return status;
}
status = checkAuthorizedToSetRestrictions(
authzSession, static_cast<bool>(args.authenticationRestrictions), args.userName.getDB());
if (!status.isOK()) {
return status;
}
return Status::OK();
}示例5: checkAuthForUpdateRoleCommand
Status checkAuthForUpdateRoleCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::CreateOrUpdateRoleArgs args;
Status status = auth::parseCreateOrUpdateRoleCommands(cmdObj, "updateRole", dbname, &args);
if (!status.isOK()) {
return status;
}
// You don't know what roles or privileges you might be revoking, so require the ability
// to revoke any role (or privilege) in the system.
if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forAnyNormalResource(),
ActionType::revokeRole)) {
return Status(ErrorCodes::Unauthorized,
"updateRole command required the ability to revoke any role in the "
"system");
}
status = checkAuthorizedToGrantRoles(authzSession, args.roles);
if (!status.isOK()) {
return status;
}
return checkAuthorizedToGrantPrivileges(authzSession, args.privileges);
}示例6: checkAuthForAuthSchemaUpgradeCommand
Status checkAuthForAuthSchemaUpgradeCommand(ClientBasic* client) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
ActionType::authSchemaUpgrade)) {
return Status(ErrorCodes::Unauthorized, "Not authorized to run authSchemaUpgrade command.");
}
return Status::OK();
}示例7: checkAuthForInvalidateUserCacheCommand
Status checkAuthForInvalidateUserCacheCommand(Client* client) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
ActionType::invalidateUserCache)) {
return Status(ErrorCodes::Unauthorized, "Not authorized to invalidate user cache");
}
return Status::OK();
}示例8: checkAuthForGetUserCacheGenerationCommand
Status checkAuthForGetUserCacheGenerationCommand(Client* client) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
ActionType::internal)) {
return Status(ErrorCodes::Unauthorized, "Not authorized to get cache generation");
}
return Status::OK();
}示例9: checkAuthForCommand
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
// Check for the listCollections ActionType on the database
// or find on system.namespaces for pre 3.0 systems.
if (authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forDatabaseName(dbname),
ActionType::listCollections) ||
authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(NamespaceString(dbname, "system.namespaces")),
ActionType::find)) {
return Status::OK();
}
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to create users on db: " << dbname);
}示例10: checkAuthForCommand
Status checkAuthForCommand(Client* client,
const std::string& dbname,
const BSONObj& cmdObj) final {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
ActionType::replSetResizeOplog)) {
return Status::OK();
}
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}示例11: checkAuthForDropAllRolesFromDatabaseCommand
Status checkAuthForDropAllRolesFromDatabaseCommand(Client* client, const std::string& dbname) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forDatabaseName(dbname),
ActionType::dropRole)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to drop roles from the " << dbname
<< " database");
}
return Status::OK();
}示例12: checkAuthForCommand
Status checkAuthForCommand(Client* client, const std::string& dbname, const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
ResourcePattern pattern = parseResourcePattern(dbname, cmdObj);
if (authzSession->isAuthorizedForActionsOnResource(pattern, _actionType)) {
return Status::OK();
}
return Status(ErrorCodes::Unauthorized, "unauthorized");
}示例13: checkAuthForCommand
Status IndexFilterCommand::checkAuthForCommand(ClientBasic* client, const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = client->getAuthorizationSession();
ResourcePattern pattern = parseResourcePattern(dbname, cmdObj);
if (authzSession->isAuthorizedForActionsOnResource(pattern, ActionType::planCacheIndexFilter)) {
return Status::OK();
}
return Status(ErrorCodes::Unauthorized, "unauthorized");
}示例14: checkAuthForCommand
Status checkAuthForCommand(Client* client,
const std::string& dbname,
const BSONObj& cmdObj) const override {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
// Check for the listIndexes ActionType on the database, or find on system.indexes for pre
// 3.0 systems.
const NamespaceString ns(parseNs(dbname, cmdObj));
if (authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forExactNamespace(ns),
ActionType::listIndexes) ||
authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(NamespaceString(dbname, "system.indexes")),
ActionType::find)) {
return Status::OK();
}
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to list indexes on collection: "
<< ns.coll());
}示例15: checkAuthForMergeAuthzCollectionsCommand
Status checkAuthForMergeAuthzCollectionsCommand(Client* client, const BSONObj& cmdObj) {
auth::MergeAuthzCollectionsArgs args;
Status status = auth::parseMergeAuthzCollectionsCommand(cmdObj, &args);
if (!status.isOK()) {
return status;
}
AuthorizationSession* authzSession = AuthorizationSession::get(client);
ActionSet actions;
actions.addAction(ActionType::createUser);
actions.addAction(ActionType::createRole);
actions.addAction(ActionType::grantRole);
actions.addAction(ActionType::revokeRole);
if (args.drop) {
actions.addAction(ActionType::dropUser);
actions.addAction(ActionType::dropRole);
}
if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forAnyNormalResource(),
actions)) {
return Status(ErrorCodes::Unauthorized,
"Not authorized to update user/role data using _mergeAuthzCollections"
" command");
}
if (!args.usersCollName.empty() &&
!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(NamespaceString(args.usersCollName)),
ActionType::find)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to read " << args.usersCollName);
}
if (!args.rolesCollName.empty() &&
!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(NamespaceString(args.rolesCollName)),
ActionType::find)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to read " << args.rolesCollName);
}
return Status::OK();
}