blob: 962a1c2491519bf1b2d374c96a144fd46e1cc650 [file] [log] [blame]
/*
// Copyright (c) 2018 Intel Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
*/
#pragma once
#include <app.hpp>
#include <dbus_utility.hpp>
#include <query.hpp>
#include <registries/privilege_registry.hpp>
#include <sdbusplus/asio/property.hpp>
#include <variant>
namespace redfish
{
inline std::string getRoleFromPrivileges(std::string_view priv)
{
if (priv == "priv-admin")
{
return "Administrator";
}
if (priv == "priv-user")
{
return "ReadOnly";
}
if (priv == "priv-operator")
{
return "Operator";
}
return "";
}
inline bool getAssignedPrivFromRole(std::string_view role,
nlohmann::json& privArray)
{
if (role == "Administrator")
{
privArray = {"Login", "ConfigureManager", "ConfigureUsers",
"ConfigureSelf", "ConfigureComponents"};
}
else if (role == "Operator")
{
privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
}
else if (role == "ReadOnly")
{
privArray = {"Login", "ConfigureSelf"};
}
else
{
return false;
}
return true;
}
inline void requestRoutesRoles(App& app)
{
BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
.privileges(redfish::privileges::getRole)
.methods(boost::beast::http::verb::get)(
[&app](const crow::Request& req,
const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
const std::string& roleId) {
if (!redfish::setUpRedfishRoute(app, req, asyncResp))
{
return;
}
nlohmann::json privArray = nlohmann::json::array();
if (!getAssignedPrivFromRole(roleId, privArray))
{
messages::resourceNotFound(asyncResp->res, "Role", roleId);
return;
}
asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
asyncResp->res.jsonValue["Name"] = "User Role";
asyncResp->res.jsonValue["Description"] = roleId + " User Role";
asyncResp->res.jsonValue["OemPrivileges"] = nlohmann::json::array();
asyncResp->res.jsonValue["IsPredefined"] = true;
asyncResp->res.jsonValue["Id"] = roleId;
asyncResp->res.jsonValue["RoleId"] = roleId;
asyncResp->res.jsonValue["@odata.id"] =
"/redfish/v1/AccountService/Roles/" + roleId;
asyncResp->res.jsonValue["AssignedPrivileges"] = std::move(privArray);
});
}
inline void requestRoutesRoleCollection(App& app)
{
BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
.privileges(redfish::privileges::getRoleCollection)
.methods(boost::beast::http::verb::get)(
[&app](const crow::Request& req,
const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
if (!redfish::setUpRedfishRoute(app, req, asyncResp))
{
return;
}
asyncResp->res.jsonValue["@odata.id"] =
"/redfish/v1/AccountService/Roles";
asyncResp->res.jsonValue["@odata.type"] =
"#RoleCollection.RoleCollection";
asyncResp->res.jsonValue["Name"] = "Roles Collection";
asyncResp->res.jsonValue["Description"] = "BMC User Roles";
sdbusplus::asio::getProperty<std::vector<std::string>>(
*crow::connections::systemBus, "xyz.openbmc_project.User.Manager",
"/xyz/openbmc_project/user", "xyz.openbmc_project.User.Manager",
"AllPrivileges",
[asyncResp](const boost::system::error_code ec,
const std::vector<std::string>& privList) {
if (ec)
{
messages::internalError(asyncResp->res);
return;
}
nlohmann::json& memberArray = asyncResp->res.jsonValue["Members"];
memberArray = nlohmann::json::array();
for (const std::string& priv : privList)
{
std::string role = getRoleFromPrivileges(priv);
if (!role.empty())
{
nlohmann::json::object_t member;
member["@odata.id"] =
"/redfish/v1/AccountService/Roles/" + role;
memberArray.push_back(std::move(member));
}
}
asyncResp->res.jsonValue["Members@odata.count"] =
memberArray.size();
});
});
}
} // namespace redfish