account_service: Added NoAccess role to Redfish
Issue: With IPMI command- If New user created, by defualt created with
"NO ACCESS" Channel priv Limit. But same role is not populating from
Redfish.
This test can be done only with below patch being merged.
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-user-manager/
+/24784/
Tested:
Added "NoAccess" Role to Redfish(if Channel privilege Limit is empty in
userlist).
Below is Snapshot from Redfish:
Get: https://<BMC IP>/redfish/v1/AccountService/Roles/NoAccess
{
"@odata.context": "/redfish/v1/$metadata#Role.Role",
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess",
"@odata.type": "#Role.v1_2_2.Role",
"AssignedPrivileges": null,
"Description": "NoAccess User Role",
"Id": "NoAccess",
"IsPredefined": true,
"Name": "User Role",
"OemPrivileges": [],
"RoleId": "NoAccess"
}
Get: https://<BMC IP>/redfish/v1/AccountService/Accounts/user6
{
"@odata.context": "/redfish/v1/$metadata#ManagerAccount.
ManagerAccount",
"@odata.id": "/redfish/v1/AccountService/Accounts/user6",
"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
"Description": "User Account",
"Enabled": false,
"Id": "user6",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"RoleId": "NoAccess",
"UserName": "user6"
}
Redfish validator test results:
Counter({'skipOptional': 31791, 'pass': 22397, 'passGet': 2293,
'metadataNamespaces': 1047, 'warningPresent': 70,
'serviceNamespaces': 68, 'invalidPropertyValue': 67,
'err.LogEntry.v1_0_0.EventSeverity': 64, 'failProp': 64,
'repeat': 14, 'reflink': 9, 'passAction': 7, 'optionalAction': 6,
'failErrorPresent': 1, 'unverifiedComplexAdditional': 1,
'warnTrailingSlashLink': 1})
Validation has failed: 65 problems found
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ibc74e2fe4519ec6160dd516893d5e542feeabb0d
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index 0658f3f..291a207 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp
@@ -90,6 +90,10 @@
{
return "Operator";
}
+ else if ((role == "") || (role == "priv-noaccess"))
+ {
+ return "NoAccess";
+ }
return "";
}
inline std::string getPrivilegeFromRoleId(std::string_view role)
@@ -110,6 +114,10 @@
{
return "priv-operator";
}
+ else if (role == "NoAccess")
+ {
+ return "priv-noaccess";
+ }
return "";
}
diff --git a/redfish-core/lib/roles.hpp b/redfish-core/lib/roles.hpp
index d170a5c..58b4577 100644
--- a/redfish-core/lib/roles.hpp
+++ b/redfish-core/lib/roles.hpp
@@ -40,6 +40,10 @@
{
return "Operator";
}
+ else if (priv == "priv-noaccess")
+ {
+ return "NoAccess";
+ }
return "";
}
@@ -63,6 +67,10 @@
{
privArray = {"Login"};
}
+ else if (role == "NoAccess")
+ {
+ privArray = {};
+ }
else
{
return false;