Update AccountService Privilege
"GET" should be a "Login" Privilege for the AccountService
resource. This makes sense, a "Readonly" and "Operator" user
should be able to see properties like MaxPasswordLength and
MinPasswordLength since they are allowed to change their own
password.
This was changed in Redfish 2019.3, redfish issue 1914 explains
more.
From Redfish_1.0.4_PrivilegeRegistry.json:
"Entity": "AccountService",
"OperationMap": {
"GET": [
{
"Privilege": [
"Login"
]
}
],
"HEAD": [
{
"Privilege": [
"Login"
]
}
],
"PATCH": [
{
"Privilege": [
"ConfigureUsers"
]
}
],
"PUT": [
{
"Privilege": [
"ConfigureUsers"
]
}
],
"DELETE": [
{
"Privilege": [
"ConfigureUsers"
]
}
],
"POST": [
{
"Privilege": [
"ConfigureUsers"
]
}
]
Change-Id: Iab8acbac97a58aed865bf94f665d6c9a32de81dd
Tested: Build for Witherspoon and AccountService looks good.
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index 017a83d..600c1a2 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp
@@ -560,8 +560,7 @@
Node(app, "/redfish/v1/AccountService/"), app(app)
{
entityPrivileges = {
- {boost::beast::http::verb::get,
- {{"ConfigureUsers"}, {"ConfigureManager"}}},
+ {boost::beast::http::verb::get, {{"Login"}}},
{boost::beast::http::verb::head, {{"Login"}}},
{boost::beast::http::verb::patch, {{"ConfigureUsers"}}},
{boost::beast::http::verb::put, {{"ConfigureUsers"}}},