privileges: Added noAccess privilege check Issue: NoAccess user able to get the Systems/system in Redfish Fix: Added privilege check for NoAccess Tested: 1. Verified redfish validator passed 2. Verified NoAccess privilege user on Redfish for /Systems/system url GET: https://<BMC IP>/redfish/v1/Systems/system Result: Status is 403 Forbidden Body log: Forbidden Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Change-Id: Ib0ccb3382a9c33608ef354f1e545c328aec40179

commit: d7e080295f1f3c2517a440e3911600cec0c190fa [log] [tgz]
author: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Thu Dec 05 23:29:13 2019 +0000
committer: mutyalax.jayaprakash <mutyalax.jayaprakash@intel.com> Fri Dec 06 17:42:39 2019 +0000
tree: 2444c07a1a80fc26047219060039c6e7f26dbe10
parent: a78d3e618eb919a62731c54223e7851a912c9450 [diff] [blame]
diff --git a/redfish-core/include/privileges.hpp b/redfish-core/include/privileges.hpp
index 61253b8..423f95b 100644
--- a/redfish-core/include/privileges.hpp
+++ b/redfish-core/include/privileges.hpp

@@ -192,12 +192,18 @@
         static Privileges op{"Login", "ConfigureSelf", "ConfigureComponents"};
         return op;
     }
-    else
+    else if (userRole == "priv-user")
     {
         // Redfish privilege : Readonly
         static Privileges readOnly{"Login", "ConfigureSelf"};
         return readOnly;
     }
+    else
+    {
+        // Redfish privilege : NoAccess
+        static Privileges noaccess;
+        return noaccess;
+    }
 }
 
 using OperationMap = boost::container::flat_map<boost::beast::http::verb,
commit	d7e080295f1f3c2517a440e3911600cec0c190fa	[log] [tgz]
author	jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>	Thu Dec 05 23:29:13 2019 +0000
committer	mutyalax.jayaprakash <mutyalax.jayaprakash@intel.com>	Fri Dec 06 17:42:39 2019 +0000
tree	2444c07a1a80fc26047219060039c6e7f26dbe10
parent	a78d3e618eb919a62731c54223e7851a912c9450 [diff] [blame]