| commit | 1ec43ee36d52f415261b27653b1ba6311ebb5bfe | [log] [tgz] |
|---|---|---|
| author | Gunnar Mills <gmills@us.ibm.com> | Tue Jan 04 15:39:52 2022 -0600 |
| committer | Ed Tanous <ed@tanous.net> | Wed Jan 05 19:42:04 2022 +0000 |
| tree | 13dd3a23d996819f22b63bf191721018a4906306 | |
| parent | 5ac5a2f4881c83d453fa517f8f1ebe49593939a3 [diff] |
Fix AccountService patch privileges This got broke when moving to the Automate PrivilegeRegistry and was correct before. https://github.com/openbmc/bmcweb/commit/f5ffd8062e556cb3bdf5f441dd393e784b771e85 https://github.com/openbmc/bmcweb/blame/2c37b4b0f465344aeea311efd61fd9a217ad8e3e/redfish-core/lib/account_service.hpp#L569 This is moving AccountService patch privilege from Login to ConfigureUsers, moving to what it was before. Without this change a ReadOnly user could set the AccountUnlockTimeout and patch LDAP. Tested: None. WIP. Change-Id: I7fe3727e0909fe5c94b655bbb3bbc7ce7b3c842a Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp index b746cef..7f60575 100644 --- a/redfish-core/lib/account_service.hpp +++ b/redfish-core/lib/account_service.hpp
@@ -1385,7 +1385,7 @@ }); BMCWEB_ROUTE(app, "/redfish/v1/AccountService/") - .privileges(redfish::privileges::getAccountService) + .privileges(redfish::privileges::patchAccountService) .methods(boost::beast::http::verb::patch)( [](const crow::Request& req, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) -> void {