Redfish(Authorization): Map the user role with the Redfish privileges
This commit gets the role of the user from the session object and
map it with the redfish privileges and then allow/reject the asked
operation depending on the userprivileges and the entity privileges.
Change-Id: I40be06c28e80b47fe76891cacf863f8495bace88
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
diff --git a/redfish-core/include/privileges.hpp b/redfish-core/include/privileges.hpp
index ca44551..ec6e6a5 100644
--- a/redfish-core/include/privileges.hpp
+++ b/redfish-core/include/privileges.hpp
@@ -177,6 +177,29 @@
std::bitset<maxPrivilegeCount> privilegeBitset = 0;
};
+inline const Privileges& getUserPrivileges(const std::string& userRole)
+{
+ // Redfish privilege : Administrator
+ if (userRole == "priv-admin")
+ {
+ static Privileges admin{"Login", "ConfigureManager", "ConfigureSelf",
+ "ConfigureUsers", "ConfigureComponents"};
+ return admin;
+ }
+ else if (userRole == "priv-operator")
+ {
+ // Redfish privilege : Operator
+ static Privileges op{"Login", "ConfigureSelf", "ConfigureComponents"};
+ return op;
+ }
+ else
+ {
+ // Redfish privilege : Readonly
+ static Privileges readOnly{"Login", "ConfigureSelf"};
+ return readOnly;
+ }
+}
+
using OperationMap = boost::container::flat_map<boost::beast::http::verb,
std::vector<Privileges>>;