func (self *Permissions) AuthorizeChangeDbUserPassword(user common.User, db string, targetUsername string) (ok bool, err common.AuthorizationError) {
if !user.IsDbAdmin(db) && !(user.GetDb() == db && user.GetName() == targetUsername) {
return false, common.NewAuthorizationError("Insufficient permissions to change db user password for %s on %s", targetUsername, db)
}
return true, ""
}
func (self *CoordinatorImpl) ChangeDbUserPassword(requester common.User, db, username, password string) error {
if !requester.IsClusterAdmin() && !requester.IsDbAdmin(db) && !(requester.GetDb() == db && requester.GetName() == username) {
return common.NewAuthorizationError("Insufficient permissions")
}
hash, err := cluster.HashPassword(password)
if err != nil {
return err
}
return self.raftServer.ChangeDbUserPassword(db, username, hash)
}
func (self *CoordinatorImpl) ChangeDbUserPassword(requester common.User, db, username, password string) error {
if !requester.IsClusterAdmin() && !requester.IsDbAdmin(db) && !(requester.GetDb() == db && requester.GetName() == username) {
return fmt.Errorf("Insufficient permissions")
}
dbUsers := self.clusterConfiguration.dbUsers[db]
if dbUsers == nil || dbUsers[username] == nil {
return fmt.Errorf("Invalid username %s", username)
}
dbUsers[username].changePassword(password)
return self.raftServer.SaveDbUser(dbUsers[username])
}
