blob: 962a1c2491519bf1b2d374c96a144fd46e1cc650 [file] [log] [blame]
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +01001/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
17
John Edward Broadbent7e860f12021-04-08 15:57:16 -070018#include <app.hpp>
Ed Tanous168e20c2021-12-13 14:39:53 -080019#include <dbus_utility.hpp>
Ed Tanous45ca1b82022-03-25 13:07:27 -070020#include <query.hpp>
Ed Tanoused398212021-06-09 17:05:54 -070021#include <registries/privilege_registry.hpp>
Jonathan Doman1e1e5982021-06-11 09:36:17 -070022#include <sdbusplus/asio/property.hpp>
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +010023
Ed Tanousabf2add2019-01-22 16:40:12 -080024#include <variant>
Ed Tanous1abe55e2018-09-05 08:30:59 -070025namespace redfish
26{
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +010027
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053028inline std::string getRoleFromPrivileges(std::string_view priv)
29{
30 if (priv == "priv-admin")
31 {
32 return "Administrator";
33 }
Ed Tanous3174e4d2020-10-07 11:41:22 -070034 if (priv == "priv-user")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053035 {
AppaRao Pulic80fee52019-10-16 14:49:36 +053036 return "ReadOnly";
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053037 }
Ed Tanous3174e4d2020-10-07 11:41:22 -070038 if (priv == "priv-operator")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053039 {
40 return "Operator";
41 }
42 return "";
43}
44
45inline bool getAssignedPrivFromRole(std::string_view role,
46 nlohmann::json& privArray)
47{
48 if (role == "Administrator")
49 {
50 privArray = {"Login", "ConfigureManager", "ConfigureUsers",
51 "ConfigureSelf", "ConfigureComponents"};
52 }
53 else if (role == "Operator")
54 {
55 privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
56 }
AppaRao Pulic80fee52019-10-16 14:49:36 +053057 else if (role == "ReadOnly")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053058 {
59 privArray = {"Login", "ConfigureSelf"};
60 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053061 else
62 {
63 return false;
64 }
65 return true;
66}
67
John Edward Broadbent7e860f12021-04-08 15:57:16 -070068inline void requestRoutesRoles(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -070069{
John Edward Broadbent7e860f12021-04-08 15:57:16 -070070 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -070071 .privileges(redfish::privileges::getRole)
John Edward Broadbent7e860f12021-04-08 15:57:16 -070072 .methods(boost::beast::http::verb::get)(
Ed Tanous45ca1b82022-03-25 13:07:27 -070073 [&app](const crow::Request& req,
74 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
75 const std::string& roleId) {
Carson Labrado3ba00072022-06-06 19:40:56 +000076 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous002d39b2022-05-31 08:59:27 -070077 {
78 return;
79 }
80 nlohmann::json privArray = nlohmann::json::array();
81 if (!getAssignedPrivFromRole(roleId, privArray))
82 {
83 messages::resourceNotFound(asyncResp->res, "Role", roleId);
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +010084
Ed Tanous002d39b2022-05-31 08:59:27 -070085 return;
86 }
zhanghch058d1b46d2021-04-01 11:18:24 +080087
Ed Tanous002d39b2022-05-31 08:59:27 -070088 asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
89 asyncResp->res.jsonValue["Name"] = "User Role";
90 asyncResp->res.jsonValue["Description"] = roleId + " User Role";
91 asyncResp->res.jsonValue["OemPrivileges"] = nlohmann::json::array();
92 asyncResp->res.jsonValue["IsPredefined"] = true;
93 asyncResp->res.jsonValue["Id"] = roleId;
94 asyncResp->res.jsonValue["RoleId"] = roleId;
95 asyncResp->res.jsonValue["@odata.id"] =
96 "/redfish/v1/AccountService/Roles/" + roleId;
97 asyncResp->res.jsonValue["AssignedPrivileges"] = std::move(privArray);
98 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -070099}
zhanghch058d1b46d2021-04-01 11:18:24 +0800100
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700101inline void requestRoutesRoleCollection(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700102{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700103 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
Ed Tanoused398212021-06-09 17:05:54 -0700104 .privileges(redfish::privileges::getRoleCollection)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700105 .methods(boost::beast::http::verb::get)(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700106 [&app](const crow::Request& req,
107 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
Carson Labrado3ba00072022-06-06 19:40:56 +0000108 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous002d39b2022-05-31 08:59:27 -0700109 {
110 return;
111 }
112
113 asyncResp->res.jsonValue["@odata.id"] =
114 "/redfish/v1/AccountService/Roles";
115 asyncResp->res.jsonValue["@odata.type"] =
116 "#RoleCollection.RoleCollection";
117 asyncResp->res.jsonValue["Name"] = "Roles Collection";
118 asyncResp->res.jsonValue["Description"] = "BMC User Roles";
119
120 sdbusplus::asio::getProperty<std::vector<std::string>>(
121 *crow::connections::systemBus, "xyz.openbmc_project.User.Manager",
122 "/xyz/openbmc_project/user", "xyz.openbmc_project.User.Manager",
123 "AllPrivileges",
124 [asyncResp](const boost::system::error_code ec,
125 const std::vector<std::string>& privList) {
126 if (ec)
127 {
128 messages::internalError(asyncResp->res);
129 return;
130 }
131 nlohmann::json& memberArray = asyncResp->res.jsonValue["Members"];
132 memberArray = nlohmann::json::array();
133 for (const std::string& priv : privList)
134 {
135 std::string role = getRoleFromPrivileges(priv);
136 if (!role.empty())
Ed Tanous45ca1b82022-03-25 13:07:27 -0700137 {
Ed Tanous002d39b2022-05-31 08:59:27 -0700138 nlohmann::json::object_t member;
139 member["@odata.id"] =
140 "/redfish/v1/AccountService/Roles/" + role;
141 memberArray.push_back(std::move(member));
Ed Tanous45ca1b82022-03-25 13:07:27 -0700142 }
Ed Tanous002d39b2022-05-31 08:59:27 -0700143 }
144 asyncResp->res.jsonValue["Members@odata.count"] =
145 memberArray.size();
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700146 });
Ed Tanous002d39b2022-05-31 08:59:27 -0700147 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700148}
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100149
Ed Tanous1abe55e2018-09-05 08:30:59 -0700150} // namespace redfish