本文整理汇总了C++中AuthorizationSession::lookupUser方法的典型用法代码示例。如果您正苦于以下问题:C++ AuthorizationSession::lookupUser方法的具体用法?C++ AuthorizationSession::lookupUser怎么用?C++ AuthorizationSession::lookupUser使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类AuthorizationSession的用法示例。
在下文中一共展示了AuthorizationSession::lookupUser方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: checkAuthForUsersInfoCommand
Status checkAuthForUsersInfoCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::UsersInfoArgs args;
Status status = auth::parseUsersInfoCommand(cmdObj, dbname, &args);
if (!status.isOK()) {
return status;
}
if (args.allForDB) {
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(dbname), ActionType::viewUser)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to view users from the " << dbname
<< " database");
}
} else {
for (size_t i = 0; i < args.userNames.size(); ++i) {
if (authzSession->lookupUser(args.userNames[i])) {
continue; // Can always view users you are logged in as
}
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(args.userNames[i].getDB()),
ActionType::viewUser)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to view users from the " << dbname
<< " database");
}
}
}
return Status::OK();
}示例2: makeSessionFilterForAuthenticatedUsers
KillAllSessionsByPatternSet makeSessionFilterForAuthenticatedUsers(OperationContext* opCtx) {
AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient());
KillAllSessionsByPatternSet patterns;
for (auto it = authSession->getAuthenticatedUserNames(); it.more(); it.next()) {
if (auto user = authSession->lookupUser(*it)) {
KillAllSessionsByPattern pattern;
pattern.setUid(user->getDigest());
patterns.emplace(std::move(pattern));
}
}
return patterns;
}示例3: run
bool run(OperationContext* txn,
const string&,
BSONObj& cmdObj,
int,
string& errmsg,
BSONObjBuilder& result) {
AuthorizationSession* authSession = AuthorizationSession::get(ClientBasic::getCurrent());
bool showPrivileges;
Status status =
bsonExtractBooleanFieldWithDefault(cmdObj, "showPrivileges", false, &showPrivileges);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
BSONObjBuilder authInfo(result.subobjStart("authInfo"));
{
BSONArrayBuilder authenticatedUsers(authInfo.subarrayStart("authenticatedUsers"));
UserNameIterator nameIter = authSession->getAuthenticatedUserNames();
for (; nameIter.more(); nameIter.next()) {
BSONObjBuilder userInfoBuilder(authenticatedUsers.subobjStart());
userInfoBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME,
nameIter->getUser());
userInfoBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, nameIter->getDB());
}
}
{
BSONArrayBuilder authenticatedRoles(authInfo.subarrayStart("authenticatedUserRoles"));
RoleNameIterator roleIter = authSession->getAuthenticatedRoleNames();
for (; roleIter.more(); roleIter.next()) {
BSONObjBuilder roleInfoBuilder(authenticatedRoles.subobjStart());
roleInfoBuilder.append(AuthorizationManager::ROLE_NAME_FIELD_NAME,
roleIter->getRole());
roleInfoBuilder.append(AuthorizationManager::ROLE_DB_FIELD_NAME, roleIter->getDB());
}
}
if (showPrivileges) {
BSONArrayBuilder authenticatedPrivileges(
authInfo.subarrayStart("authenticatedUserPrivileges"));
// Create a unified map of resources to privileges, to avoid duplicate
// entries in the connection status output.
User::ResourcePrivilegeMap unifiedResourcePrivilegeMap;
UserNameIterator nameIter = authSession->getAuthenticatedUserNames();
for (; nameIter.more(); nameIter.next()) {
User* authUser = authSession->lookupUser(*nameIter);
const User::ResourcePrivilegeMap& resourcePrivilegeMap = authUser->getPrivileges();
for (User::ResourcePrivilegeMap::const_iterator it = resourcePrivilegeMap.begin();
it != resourcePrivilegeMap.end();
++it) {
if (unifiedResourcePrivilegeMap.find(it->first) ==
unifiedResourcePrivilegeMap.end()) {
unifiedResourcePrivilegeMap[it->first] = it->second;
} else {
unifiedResourcePrivilegeMap[it->first].addActions(it->second.getActions());
}
}
}
for (User::ResourcePrivilegeMap::const_iterator it =
unifiedResourcePrivilegeMap.begin();
it != unifiedResourcePrivilegeMap.end();
++it) {
authenticatedPrivileges << it->second.toBSON();
}
}
authInfo.doneFast();
return true;
}示例4: rewriteCommandForListingOwnCollections
BSONObj rewriteCommandForListingOwnCollections(OperationContext* opCtx,
const std::string& dbName,
const BSONObj& cmdObj) {
mutablebson::Document rewrittenCmdObj(cmdObj);
mutablebson::Element ownCollections =
mutablebson::findFirstChildNamed(rewrittenCmdObj.root(), "authorizedCollections");
AuthorizationSession* authzSession = AuthorizationSession::get(opCtx->getClient());
// We must strip $ownCollections from the delegated command.
uassertStatusOK(ownCollections.remove());
BSONObj collectionFilter;
// Extract and retain any previous filter
mutablebson::Element oldFilter =
mutablebson::findFirstChildNamed(rewrittenCmdObj.root(), "filter");
// Make a new filter, containing a $and array.
mutablebson::Element newFilter = rewrittenCmdObj.makeElementObject("filter");
mutablebson::Element newFilterAnd = rewrittenCmdObj.makeElementArray("$and");
uassertStatusOK(newFilter.pushBack(newFilterAnd));
// Append a rule to the $and, which rejects system collections.
mutablebson::Element systemCollectionsFilter = rewrittenCmdObj.makeElementObject(
"", BSON("name" << BSON("$regex" << BSONRegEx("^(?!system\\.)"))));
uassertStatusOK(newFilterAnd.pushBack(systemCollectionsFilter));
if (!authzSession->isAuthorizedForAnyActionOnResource(
ResourcePattern::forDatabaseName(dbName))) {
// We passed an auth check which said we might be able to render some collections,
// but it doesn't seem like we should render all of them. We must filter.
// Compute the set of collection names which would be permissible to return.
std::set<std::string> collectionNames;
for (UserNameIterator nameIter = authzSession->getAuthenticatedUserNames();
nameIter.more();
nameIter.next()) {
User* authUser = authzSession->lookupUser(*nameIter);
const User::ResourcePrivilegeMap& resourcePrivilegeMap = authUser->getPrivileges();
for (const std::pair<ResourcePattern, Privilege>& resourcePrivilege :
resourcePrivilegeMap) {
const auto& resource = resourcePrivilege.first;
if (resource.isCollectionPattern() || (resource.isExactNamespacePattern() &&
resource.databaseToMatch() == dbName)) {
collectionNames.emplace(resource.collectionToMatch().toString());
}
}
}
// Construct a new filter predicate which returns only collections we were found to
// have privileges for.
BSONObjBuilder predicateBuilder;
BSONObjBuilder nameBuilder(predicateBuilder.subobjStart("name"));
BSONArrayBuilder setBuilder(nameBuilder.subarrayStart("$in"));
// Load the de-duplicated set into a BSON array
for (StringData collectionName : collectionNames) {
setBuilder << collectionName;
}
setBuilder.done();
nameBuilder.done();
collectionFilter = predicateBuilder.obj();
// Filter the results by our collection names.
mutablebson::Element newFilterAndIn =
rewrittenCmdObj.makeElementObject("", collectionFilter);
uassertStatusOK(newFilterAnd.pushBack(newFilterAndIn));
}
// If there was a pre-existing filter, compose it with our new one.
if (oldFilter.ok()) {
uassertStatusOK(oldFilter.remove());
uassertStatusOK(newFilterAnd.pushBack(oldFilter));
}
// Attach our new composite filter back onto the listCollections command object.
uassertStatusOK(rewrittenCmdObj.root().pushBack(newFilter));
return rewrittenCmdObj.getObject();
}