Redfish privileges
Redfish privilege authorization subsystem controlled by the
privilege_registy.json configuration file.
PropertyOverrides, SubordinateOverrides and ResourceURIOverrides
are not yet implemented.
Change-Id: I4d5670d557f4da172460ada3512e015830dab667
Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
diff --git a/redfish-core/include/node.hpp b/redfish-core/include/node.hpp
index 70b85222..6a58cb2 100644
--- a/redfish-core/include/node.hpp
+++ b/redfish-core/include/node.hpp
@@ -28,13 +28,12 @@
class Node {
public:
template <typename CrowApp, typename... Params>
- Node(CrowApp& app, PrivilegeProvider& provider, std::string odataType,
- std::string odataId, Params... params)
- : odataType(odataType), odataId(odataId) {
- // privileges for the node as defined in the privileges_registry.json
- entityPrivileges = provider.getPrivileges(odataId, odataType);
-
- app.route_dynamic(std::move(odataId))
+ Node(CrowApp& app, const PrivilegeProvider& privilegeProvider,
+ const std::string& entityType, const std::string& entityUrl,
+ Params... params)
+ : entityPrivileges(privilegeProvider.getPrivilegesRequiredByEntity(
+ entityUrl, entityType)) {
+ app.route_dynamic(entityUrl.c_str())
.methods("GET"_method, "PATCH"_method, "POST"_method,
"DELETE"_method)([&](const crow::request& req,
crow::response& res, Params... params) {
@@ -43,15 +42,41 @@
});
}
+ virtual ~Node() = default;
+
+ protected:
+ // Node is designed to be an abstract class, so doGet is pure virtual
+ virtual void doGet(crow::response& res, const crow::request& req,
+ const std::vector<std::string>& params) = 0;
+
+ virtual void doPatch(crow::response& res, const crow::request& req,
+ const std::vector<std::string>& params) {
+ res.code = static_cast<int>(HttpRespCode::METHOD_NOT_ALLOWED);
+ res.end();
+ }
+
+ virtual void doPost(crow::response& res, const crow::request& req,
+ const std::vector<std::string>& params) {
+ res.code = static_cast<int>(HttpRespCode::METHOD_NOT_ALLOWED);
+ res.end();
+ }
+
+ virtual void doDelete(crow::response& res, const crow::request& req,
+ const std::vector<std::string>& params) {
+ res.code = static_cast<int>(HttpRespCode::METHOD_NOT_ALLOWED);
+ res.end();
+ }
+
+ private:
template <typename CrowApp>
void dispatchRequest(CrowApp& app, const crow::request& req,
crow::response& res,
const std::vector<std::string>& params) {
- // drop requests without required privileges
auto ctx =
app.template get_context<crow::TokenAuthorization::Middleware>(req);
- if (!entityPrivileges.isMethodAllowed(req.method, ctx.session->username)) {
+ if (!entityPrivileges.isMethodAllowedForUser(req.method,
+ ctx.session->username)) {
res.code = static_cast<int>(HttpRespCode::METHOD_NOT_ALLOWED);
res.end();
return;
@@ -81,33 +106,7 @@
return;
}
- protected:
- const std::string odataType;
- const std::string odataId;
-
- // Node is designed to be an abstract class, so doGet is pure virutal
- virtual void doGet(crow::response& res, const crow::request& req,
- const std::vector<std::string>& params) = 0;
-
- virtual void doPatch(crow::response& res, const crow::request& req,
- const std::vector<std::string>& params) {
- res.code = static_cast<int>(HttpRespCode::METHOD_NOT_ALLOWED);
- res.end();
- }
-
- virtual void doPost(crow::response& res, const crow::request& req,
- const std::vector<std::string>& params) {
- res.code = static_cast<int>(HttpRespCode::METHOD_NOT_ALLOWED);
- res.end();
- }
-
- virtual void doDelete(crow::response& res, const crow::request& req,
- const std::vector<std::string>& params) {
- res.code = static_cast<int>(HttpRespCode::METHOD_NOT_ALLOWED);
- res.end();
- }
-
- EntityPrivileges entityPrivileges;
+ const EntityPrivileges entityPrivileges;
};
template <typename CrowApp>