Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 0bce6a9516a120d86488d4243f95dae94be447c6 / . / redfish-core / lib / roles.hpp
blob: c1a0c58b17848df6b9e8fbc04a33ad231ebc184e [file] [log] [blame]
Ed Tanous40e9b922024-09-10 13:50:16 -0700[diff] [blame]1// SPDX-License-Identifier: Apache-2.0
2// SPDX-FileCopyrightText: Copyright OpenBMC Authors
3// SPDX-FileCopyrightText: Copyright 2018 Intel Corporation
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]4#pragma once
5
Ed Tanous3ccb3ad2023-01-13 17:40:03 -0800[diff] [blame]6#include "app.hpp"
Ed Tanousd7857202025-01-28 15:32:26 -0800[diff] [blame]7#include "async_resp.hpp"
Ed Tanous3ccb3ad2023-01-13 17:40:03 -0800[diff] [blame]8#include "dbus_utility.hpp"
Ed Tanousd7857202025-01-28 15:32:26 -0800[diff] [blame]9#include "error_messages.hpp"
10#include "http_request.hpp"
Ed Tanous3ccb3ad2023-01-13 17:40:03 -0800[diff] [blame]11#include "query.hpp"
12#include "registries/privilege_registry.hpp"
13
Ed Tanousd7857202025-01-28 15:32:26 -0800[diff] [blame]14#include <boost/beast/http/verb.hpp>
Ed Tanousef4c65b2023-04-24 15:28:50 -0700[diff] [blame]15#include <boost/url/format.hpp>
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]16#include <nlohmann/json.hpp>
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]17
Ed Tanousd7857202025-01-28 15:32:26 -0800[diff] [blame]18#include <memory>
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]19#include <optional>
Ed Tanousd7857202025-01-28 15:32:26 -0800[diff] [blame]20#include <string>
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]21#include <string_view>
Ed Tanousd7857202025-01-28 15:32:26 -0800[diff] [blame]22#include <utility>
23#include <vector>
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]24namespace redfish
25{
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]26
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]27inline std::string getRoleFromPrivileges(std::string_view priv)
28{
29 if (priv == "priv-admin")
30 {
31 return "Administrator";
32 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700[diff] [blame]33 if (priv == "priv-user")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]34 {
AppaRao Pulic80fee52019-10-16 14:49:36 +0530[diff] [blame]35 return "ReadOnly";
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]36 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700[diff] [blame]37 if (priv == "priv-operator")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]38 {
39 return "Operator";
40 }
41 return "";
42}
43
Patrick Williams504af5a2025-02-03 14:29:03 -0500[diff] [blame]44inline std::optional<nlohmann::json::array_t> getAssignedPrivFromRole(
45 std::string_view role)
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]46{
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]47 nlohmann::json::array_t privArray;
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]48 if (role == "Administrator")
49 {
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]50 privArray.emplace_back("Login");
51 privArray.emplace_back("ConfigureManager");
52 privArray.emplace_back("ConfigureUsers");
53 privArray.emplace_back("ConfigureSelf");
54 privArray.emplace_back("ConfigureComponents");
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]55 }
56 else if (role == "Operator")
57 {
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]58 privArray.emplace_back("Login");
59 privArray.emplace_back("ConfigureSelf");
60 privArray.emplace_back("ConfigureComponents");
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]61 }
AppaRao Pulic80fee52019-10-16 14:49:36 +0530[diff] [blame]62 else if (role == "ReadOnly")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]63 {
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]64 privArray.emplace_back("Login");
65 privArray.emplace_back("ConfigureSelf");
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]66 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]67 else
68 {
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]69 return std::nullopt;
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]70 }
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]71 return privArray;
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]72}
73
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]74inline void requestRoutesRoles(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]75{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]76 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]77 .privileges(redfish::privileges::getRole)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]78 .methods(boost::beast::http::verb::get)(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]79 [&app](const crow::Request& req,
80 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
81 const std::string& roleId) {
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]82 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
83 {
84 return;
85 }
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]86
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]87 std::optional<nlohmann::json::array_t> privArray =
88 getAssignedPrivFromRole(roleId);
89 if (!privArray)
90 {
91 messages::resourceNotFound(asyncResp->res, "Role", roleId);
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]92
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]93 return;
94 }
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]95
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]96 asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
97 asyncResp->res.jsonValue["Name"] = "User Role";
98 asyncResp->res.jsonValue["Description"] = roleId + " User Role";
99 asyncResp->res.jsonValue["OemPrivileges"] =
100 nlohmann::json::array();
101 asyncResp->res.jsonValue["IsPredefined"] = true;
102 asyncResp->res.jsonValue["Id"] = roleId;
103 asyncResp->res.jsonValue["RoleId"] = roleId;
104 asyncResp->res.jsonValue["@odata.id"] = boost::urls::format(
105 "/redfish/v1/AccountService/Roles/{}", roleId);
106 asyncResp->res.jsonValue["AssignedPrivileges"] =
107 std::move(*privArray);
108 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]109}
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]110
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]111inline void requestRoutesRoleCollection(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]112{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]113 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]114 .privileges(redfish::privileges::getRoleCollection)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]115 .methods(boost::beast::http::verb::get)(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]116 [&app](const crow::Request& req,
117 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]118 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]119 {
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]120 return;
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]121 }
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]122
123 asyncResp->res.jsonValue["@odata.id"] =
124 "/redfish/v1/AccountService/Roles";
125 asyncResp->res.jsonValue["@odata.type"] =
126 "#RoleCollection.RoleCollection";
127 asyncResp->res.jsonValue["Name"] = "Roles Collection";
128 asyncResp->res.jsonValue["Description"] = "BMC User Roles";
129
Ed Tanousdeae6a72024-11-11 21:58:57 -0800[diff] [blame]130 dbus::utility::getProperty<std::vector<std::string>>(
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]131 "xyz.openbmc_project.User.Manager",
132 "/xyz/openbmc_project/user",
133 "xyz.openbmc_project.User.Manager", "AllPrivileges",
134 [asyncResp](const boost::system::error_code& ec,
135 const std::vector<std::string>& privList) {
136 if (ec)
137 {
138 messages::internalError(asyncResp->res);
139 return;
140 }
141 nlohmann::json& memberArray =
142 asyncResp->res.jsonValue["Members"];
143 memberArray = nlohmann::json::array();
144 for (const std::string& priv : privList)
145 {
146 std::string role = getRoleFromPrivileges(priv);
147 if (!role.empty())
148 {
149 nlohmann::json::object_t member;
150 member["@odata.id"] = boost::urls::format(
151 "/redfish/v1/AccountService/Roles/{}",
152 role);
153 memberArray.emplace_back(std::move(member));
154 }
155 }
156 asyncResp->res.jsonValue["Members@odata.count"] =
157 memberArray.size();
158 });
159 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]160}
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]161
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]162} // namespace redfish