Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 168e20c1306e3e689907ba43e14ea679e2328611 / . / redfish-core / lib / roles.hpp
blob: 5aa1a22bfdc9fdfe793e296f5c9da3efef885bb2 [file] [log] [blame]
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]1/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
17
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]18#include <app.hpp>
Ed Tanous168e20c2021-12-13 14:39:53 -0800[diff] [blame^]19#include <dbus_utility.hpp>
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]20#include <registries/privilege_registry.hpp>
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]21
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]22#include <variant>
23
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]24namespace redfish
25{
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]26
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]27inline std::string getRoleFromPrivileges(std::string_view priv)
28{
29 if (priv == "priv-admin")
30 {
31 return "Administrator";
32 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700[diff] [blame]33 if (priv == "priv-user")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]34 {
AppaRao Pulic80fee52019-10-16 14:49:36 +0530[diff] [blame]35 return "ReadOnly";
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]36 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700[diff] [blame]37 if (priv == "priv-operator")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]38 {
39 return "Operator";
40 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700[diff] [blame]41 if (priv == "priv-noaccess")
jayaprakash Mutyalae9e6d242019-07-29 11:59:08 +0000[diff] [blame]42 {
43 return "NoAccess";
44 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]45 return "";
46}
47
48inline bool getAssignedPrivFromRole(std::string_view role,
49 nlohmann::json& privArray)
50{
51 if (role == "Administrator")
52 {
53 privArray = {"Login", "ConfigureManager", "ConfigureUsers",
54 "ConfigureSelf", "ConfigureComponents"};
55 }
56 else if (role == "Operator")
57 {
58 privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
59 }
AppaRao Pulic80fee52019-10-16 14:49:36 +0530[diff] [blame]60 else if (role == "ReadOnly")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]61 {
62 privArray = {"Login", "ConfigureSelf"};
63 }
jayaprakash Mutyalae9e6d242019-07-29 11:59:08 +0000[diff] [blame]64 else if (role == "NoAccess")
65 {
66 privArray = nlohmann::json::array();
67 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]68 else
69 {
70 return false;
71 }
72 return true;
73}
74
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]75inline void requestRoutesRoles(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]76{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]77 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]78 .privileges(redfish::privileges::getRole)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]79 .methods(boost::beast::http::verb::get)(
80 [](const crow::Request&,
81 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
82 const std::string& roleId) {
83 nlohmann::json privArray = nlohmann::json::array();
84 if (false == getAssignedPrivFromRole(roleId, privArray))
85 {
86 messages::resourceNotFound(asyncResp->res, "Role", roleId);
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]87
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]88 return;
89 }
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]90
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]91 asyncResp->res.jsonValue = {
92 {"@odata.type", "#Role.v1_2_2.Role"},
93 {"Name", "User Role"},
94 {"Description", roleId + " User Role"},
95 {"OemPrivileges", nlohmann::json::array()},
96 {"IsPredefined", true},
97 {"Id", roleId},
98 {"RoleId", roleId},
99 {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId},
100 {"AssignedPrivileges", std::move(privArray)}};
101 });
102}
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]103
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]104inline void requestRoutesRoleCollection(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]105{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]106 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]107 .privileges(redfish::privileges::getRoleCollection)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]108 .methods(boost::beast::http::verb::get)(
109 [](const crow::Request&,
110 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
111 asyncResp->res.jsonValue = {
112 {"@odata.id", "/redfish/v1/AccountService/Roles"},
113 {"@odata.type", "#RoleCollection.RoleCollection"},
114 {"Name", "Roles Collection"},
115 {"Description", "BMC User Roles"}};
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]116
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]117 crow::connections::systemBus->async_method_call(
Ed Tanous168e20c2021-12-13 14:39:53 -0800[diff] [blame^]118 [asyncResp](const boost::system::error_code ec,
119 const dbus::utility::DbusVariantType& resp) {
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]120 if (ec)
121 {
122 messages::internalError(asyncResp->res);
123 return;
124 }
125 nlohmann::json& memberArray =
126 asyncResp->res.jsonValue["Members"];
127 memberArray = nlohmann::json::array();
128 const std::vector<std::string>* privList =
129 std::get_if<std::vector<std::string>>(&resp);
130 if (privList == nullptr)
131 {
132 messages::internalError(asyncResp->res);
133 return;
134 }
135 for (const std::string& priv : *privList)
136 {
137 std::string role = getRoleFromPrivileges(priv);
138 if (!role.empty())
139 {
140 memberArray.push_back(
141 {{"@odata.id",
142 "/redfish/v1/AccountService/Roles/" +
143 role}});
144 }
145 }
146 asyncResp->res.jsonValue["Members@odata.count"] =
147 memberArray.size();
148 },
149 "xyz.openbmc_project.User.Manager",
150 "/xyz/openbmc_project/user",
151 "org.freedesktop.DBus.Properties", "Get",
152 "xyz.openbmc_project.User.Manager", "AllPrivileges");
153 });
154}
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]155
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]156} // namespace redfish