Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / e9e6d240ab85e515f8d264e39b47a75043b73374^! / .
commite9e6d240ab85e515f8d264e39b47a75043b73374[log] [tgz]
authorjayaprakash Mutyala <mutyalax.jayaprakash@intel.com>Mon Jul 29 11:59:08 2019 +0000
committerRichard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>Tue Nov 12 01:08:41 2019 +0000
tree285cafebe08fd448fb4afddc0056bc34aed5782c
parent173d18179732f9aa08f54a1229e3ba29d5bec2db [diff]
account_service: Added NoAccess role to Redfish

Added NoAccess role to the Redfish, to properly show
users created using IPMI with NoAccess privilege.
This patch will add NoAccess role & will use the same
when the user privilege is empty.
Note: This code was reverted due to redfish validator failure
and the same has been fixed in this patch, by creating
proper json array empty object.

Tested:
1. Verified redfish validator passed and the earlier issue of
failNullCollection for the NoAccess role is resolved.
2. Verified NoAccess role is listed properly
Get: https://<BMC IP>/redfish/v1/AccountService/Roles/NoAccess
{
  "@odata.context": "/redfish/v1/$metadata#Role.Role",
  "@odata.id": "/redfish/v1/AccountService/Roles/NoAccess",
  "@odata.type": "#Role.v1_2_2.Role",
  "AssignedPrivileges": [],
  "Description": "NoAccess User Role",
  "Id": "NoAccess",
  "IsPredefined": true,
  "Name": "User Role",
  "OemPrivileges": [],
  "RoleId": "NoAccess"
}
3. Verified user with No Privilege is listed without any error.
Get: https://<BMC IP>/redfish/v1/AccountService/Accounts/user6
{
  "@odata.context": "/redfish/v1/$metadata#ManagerAccount.
                     ManagerAccount",
  "@odata.id": "/redfish/v1/AccountService/Accounts/user6",
  "@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
  "Description": "User Account",
  "Enabled": false,
  "Id": "user6",
  "Links": {
    "Role": {
      "@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
    }
  },
  "Locked": false,
  "Locked@Redfish.AllowableValues": [
    "false"
  ],
  "Name": "User Account",
  "Password": null,
  "RoleId": "NoAccess",
  "UserName": "user6"
}

Change-Id: If9577598e0a6215cf76f5db031ad5f8bcf2387a7
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index fa10c04..8f28ea4 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp

@@ -86,6 +86,10 @@
     {
         return "Operator";
     }
+    else if ((role == "") || (role == "priv-noaccess"))
+    {
+        return "NoAccess";
+    }
     return "";
 }
 inline std::string getPrivilegeFromRoleId(std::string_view role)
@@ -102,6 +106,10 @@
     {
         return "priv-operator";
     }
+    else if (role == "NoAccess")
+    {
+        return "priv-noaccess";
+    }
     return "";
 }
 

diff --git a/redfish-core/lib/roles.hpp b/redfish-core/lib/roles.hpp
index 4256c7e..d2071a5 100644
--- a/redfish-core/lib/roles.hpp
+++ b/redfish-core/lib/roles.hpp

@@ -36,6 +36,10 @@
     {
         return "Operator";
     }
+    else if (priv == "priv-noaccess")
+    {
+        return "NoAccess";
+    }
     return "";
 }
 
@@ -55,6 +59,10 @@
     {
         privArray = {"Login", "ConfigureSelf"};
     }
+    else if (role == "NoAccess")
+    {
+        privArray = nlohmann::json::array();
+    }
     else
     {
         return false;