blob: 9086f1e0efb05212d7a4034eaef33d21dba36c34 [file] [log] [blame]
/*
// Copyright (c) 2018 Intel Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
*/
#pragma once
#include "privileges.hpp"
#include "token_authorization_middleware.hpp"
#include "webserver_common.hpp"
#include <error_messages.hpp>
#include <vector>
#include "http_request.h"
#include "http_response.h"
namespace redfish
{
/**
* AsyncResp
* Gathers data needed for response processing after async calls are done
*/
class AsyncResp
{
public:
AsyncResp(crow::Response& response) : res(response)
{
}
~AsyncResp()
{
res.end();
}
crow::Response& res;
};
/**
* @brief Abstract class used for implementing Redfish nodes.
*
*/
class Node
{
public:
template <typename... Params>
Node(CrowApp& app, std::string&& entityUrl, Params... paramsIn)
{
crow::DynamicRule& get = app.routeDynamic(entityUrl.c_str());
getRule = &get;
get.methods("GET"_method)([this](const crow::Request& req,
crow::Response& res,
Params... params) {
std::vector<std::string> paramVec = {params...};
doGet(res, req, paramVec);
});
crow::DynamicRule& patch = app.routeDynamic(entityUrl.c_str());
patchRule = &patch;
patch.methods("PATCH"_method)([this](const crow::Request& req,
crow::Response& res,
Params... params) {
std::vector<std::string> paramVec = {params...};
doPatch(res, req, paramVec);
});
crow::DynamicRule& post = app.routeDynamic(entityUrl.c_str());
postRule = &post;
post.methods("POST"_method)([this](const crow::Request& req,
crow::Response& res,
Params... params) {
std::vector<std::string> paramVec = {params...};
doPost(res, req, paramVec);
});
crow::DynamicRule& delete_ = app.routeDynamic(entityUrl.c_str());
deleteRule = &delete_;
delete_.methods("DELETE"_method)([this](const crow::Request& req,
crow::Response& res,
Params... params) {
std::vector<std::string> paramVec = {params...};
doDelete(res, req, paramVec);
});
}
void initPrivileges()
{
auto it = entityPrivileges.find(boost::beast::http::verb::get);
if (it != entityPrivileges.end())
{
if (getRule != nullptr)
{
getRule->requires(it->second);
}
}
it = entityPrivileges.find(boost::beast::http::verb::post);
if (it != entityPrivileges.end())
{
if (postRule != nullptr)
{
postRule->requires(it->second);
}
}
it = entityPrivileges.find(boost::beast::http::verb::patch);
if (it != entityPrivileges.end())
{
if (patchRule != nullptr)
{
patchRule->requires(it->second);
}
}
it = entityPrivileges.find(boost::beast::http::verb::delete_);
if (it != entityPrivileges.end())
{
if (deleteRule != nullptr)
{
deleteRule->requires(it->second);
}
}
}
virtual ~Node() = default;
OperationMap entityPrivileges;
crow::DynamicRule* getRule = nullptr;
crow::DynamicRule* postRule = nullptr;
crow::DynamicRule* patchRule = nullptr;
crow::DynamicRule* deleteRule = nullptr;
protected:
// Node is designed to be an abstract class, so doGet is pure virtual
virtual void doGet(crow::Response& res, const crow::Request& req,
const std::vector<std::string>& params)
{
res.result(boost::beast::http::status::method_not_allowed);
res.end();
}
virtual void doPatch(crow::Response& res, const crow::Request& req,
const std::vector<std::string>& params)
{
res.result(boost::beast::http::status::method_not_allowed);
res.end();
}
virtual void doPost(crow::Response& res, const crow::Request& req,
const std::vector<std::string>& params)
{
res.result(boost::beast::http::status::method_not_allowed);
res.end();
}
virtual void doDelete(crow::Response& res, const crow::Request& req,
const std::vector<std::string>& params)
{
res.result(boost::beast::http::status::method_not_allowed);
res.end();
}
/* @brief Would the operation be allowed if the user did not have
* the ConfigureSelf Privilege?
*
* @param req the request
*
* @returns True if allowed, false otherwise
*/
inline bool isAllowedWithoutConfigureSelf(const crow::Request& req)
{
const std::string& userRole = req.userRole;
BMCWEB_LOG_DEBUG << "isAllowedWithoutConfigureSelf for the role "
<< req.userRole;
Privileges effectiveUserPrivileges =
redfish::getUserPrivileges(userRole);
effectiveUserPrivileges.resetSinglePrivilege("ConfigureSelf");
const auto& requiredPrivilegesIt = entityPrivileges.find(req.method());
return (requiredPrivilegesIt != entityPrivileges.end()) &&
isOperationAllowedWithPrivileges(requiredPrivilegesIt->second,
effectiveUserPrivileges);
}
};
} // namespace redfish