Fix certificate_service privileges
Post method:
1) /redfish/v1/CertificateService/Actions/
CertificateService.GenerateCSR/
ConfigureComponents-> ConfigureManager
This change allows only Admin users to Generate CSR Certificate and
restrict Operator user.
Tested: Ran curl Post requests with Admin and Operator privileged users
Get output as expected.
Email sent to openbmc list:
https://lists.ozlabs.org/pipermail/openbmc/2021-August/027232.html
Signed-off-by: Abhishek Patel <Abhishek.Patel@ibm.com>
Change-Id: I46d505357cfc55a31911e75e8bd9948a0db90555
diff --git a/redfish-core/lib/certificate_service.hpp b/redfish-core/lib/certificate_service.hpp
index ccf5e9a..934f901 100644
--- a/redfish-core/lib/certificate_service.hpp
+++ b/redfish-core/lib/certificate_service.hpp
@@ -248,9 +248,7 @@
BMCWEB_ROUTE(
app,
"/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR/")
- // Incorrect Privilege; Should be ConfigureManager
- //.privileges(redfish::privileges::postCertificateService)
- .privileges({{"ConfigureComponents"}})
+ .privileges(redfish::privileges::postCertificateService)
.methods(
boost::beast::http::verb::
post)([&app](