Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 96200606ab8a2a8de9f007f9e06cd748b134e2c5^! / .
commit96200606ab8a2a8de9f007f9e06cd748b134e2c5[log] [tgz]
authorjayaprakash Mutyala <mutyalax.jayaprakash@intel.com>Wed Apr 08 11:09:10 2020 +0000
committerJayaprakash Mutyala <mutyalax.jayaprakash@intel.com>Wed Apr 22 04:53:54 2020 +0000
tree30f66be731e0d4da8cd85d17b0583810a9170fcc
parentbd030d0a6796bf5c9e2db2ae7e2bcade5979516c [diff]
Redfish: Support NoAccess user creation

Support NoAccess privilege user creation from Redfish

Tested:
1. Verified redfish validator passed
2. Create NoAccess user from Redfish
POST: https://<BMC-IP>/redfish/v1/AccountService/Accounts/
Body:
{
    "UserName": "user2",
    "RoleId": "NoAccess",
    "Password": "asdf1234"
}
Response:
{
  "@Message.ExtendedInfo": [
    {
      "@odata.type": "#Message.v1_0_0.Message",
      "Message": "The resource has been created successfully",
      "MessageArgs": [],
      "MessageId": "Base.1.4.0.Created",
      "Resolution": "None",
      "Severity": "OK"
    }
  ]
}
3. Create NoAccess user with empty privilege
POST: https://<BMC-IP>/redfish/v1/AccountService/Accounts/
Body:
{
    "UserName": "user3",
    "RoleId": "",
    "Password": "asdf1234"
}
Response:
{
  "@Message.ExtendedInfo": [
    {
      "@odata.type": "#Message.v1_0_0.Message",
      "Message": "The resource has been created successfully",
      "MessageArgs": [],
      "MessageId": "Base.1.4.0.Created",
      "Resolution": "None",
      "Severity": "OK"
    }
  ]
}
4. Verified Patch, by updating the "NoAccess" RoleId to "Operator"
5. Verified Patch, by updating the "" RoleId to "ReadOnly"
6. Display user list
ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
1   root             false   true       true       ADMINISTRATOR
2   user2            false   true       true       NO ACCESS
3   user3            false   true       true       NO ACCESS
4   user4            false   true       true       USER
5   user5            false   true       true       OPERATOR

Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ied8bd452d1a57409bfdbe231332986d36bd07c72

diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index 9f98991..c711983 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp

@@ -109,7 +109,7 @@
     {
         return "priv-operator";
     }
-    else if (role == "NoAccess")
+    else if ((role == "NoAccess") || (role == ""))
     {
         return "priv-noaccess";
     }
@@ -1417,7 +1417,18 @@
             messages::propertyValueNotInList(asyncResp->res, *roleId, "RoleId");
             return;
         }
-        roleId = priv;
+        // TODO: Following override will be reverted once support in
+        // phosphor-user-manager is added. In order to avoid dependency issues,
+        // this is added in bmcweb, which will removed, once
+        // phosphor-user-manager supports priv-noaccess.
+        if (priv == "priv-noaccess")
+        {
+            roleId = "";
+        }
+        else
+        {
+            roleId = priv;
+        }
 
         // Reading AllGroups property
         crow::connections::systemBus->async_method_call(
@@ -1804,6 +1815,10 @@
                                                          *roleId, "RoleId");
                         return;
                     }
+                    if (priv == "priv-noaccess")
+                    {
+                        priv = "";
+                    }
 
                     crow::connections::systemBus->async_method_call(
                         [asyncResp](const boost::system::error_code ec) {