blob: 8f14b2e3d50a0b7ee0fb2cb0764f62619749db8a [file] [log] [blame]
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +01001/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
17
John Edward Broadbent7e860f12021-04-08 15:57:16 -070018#include <app.hpp>
Ed Tanoused398212021-06-09 17:05:54 -070019#include <registries/privilege_registry.hpp>
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +010020
Ed Tanousabf2add2019-01-22 16:40:12 -080021#include <variant>
22
Ed Tanous1abe55e2018-09-05 08:30:59 -070023namespace redfish
24{
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +010025
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053026inline std::string getRoleFromPrivileges(std::string_view priv)
27{
28 if (priv == "priv-admin")
29 {
30 return "Administrator";
31 }
Ed Tanous3174e4d2020-10-07 11:41:22 -070032 if (priv == "priv-user")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053033 {
AppaRao Pulic80fee52019-10-16 14:49:36 +053034 return "ReadOnly";
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053035 }
Ed Tanous3174e4d2020-10-07 11:41:22 -070036 if (priv == "priv-operator")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053037 {
38 return "Operator";
39 }
Ed Tanous3174e4d2020-10-07 11:41:22 -070040 if (priv == "priv-noaccess")
jayaprakash Mutyalae9e6d242019-07-29 11:59:08 +000041 {
42 return "NoAccess";
43 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053044 return "";
45}
46
47inline bool getAssignedPrivFromRole(std::string_view role,
48 nlohmann::json& privArray)
49{
50 if (role == "Administrator")
51 {
52 privArray = {"Login", "ConfigureManager", "ConfigureUsers",
53 "ConfigureSelf", "ConfigureComponents"};
54 }
55 else if (role == "Operator")
56 {
57 privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
58 }
AppaRao Pulic80fee52019-10-16 14:49:36 +053059 else if (role == "ReadOnly")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053060 {
61 privArray = {"Login", "ConfigureSelf"};
62 }
jayaprakash Mutyalae9e6d242019-07-29 11:59:08 +000063 else if (role == "NoAccess")
64 {
65 privArray = nlohmann::json::array();
66 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053067 else
68 {
69 return false;
70 }
71 return true;
72}
73
John Edward Broadbent7e860f12021-04-08 15:57:16 -070074inline void requestRoutesRoles(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -070075{
John Edward Broadbent7e860f12021-04-08 15:57:16 -070076 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -070077 .privileges(redfish::privileges::getRole)
John Edward Broadbent7e860f12021-04-08 15:57:16 -070078 .methods(boost::beast::http::verb::get)(
79 [](const crow::Request&,
80 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
81 const std::string& roleId) {
82 nlohmann::json privArray = nlohmann::json::array();
83 if (false == getAssignedPrivFromRole(roleId, privArray))
84 {
85 messages::resourceNotFound(asyncResp->res, "Role", roleId);
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +010086
John Edward Broadbent7e860f12021-04-08 15:57:16 -070087 return;
88 }
zhanghch058d1b46d2021-04-01 11:18:24 +080089
John Edward Broadbent7e860f12021-04-08 15:57:16 -070090 asyncResp->res.jsonValue = {
91 {"@odata.type", "#Role.v1_2_2.Role"},
92 {"Name", "User Role"},
93 {"Description", roleId + " User Role"},
94 {"OemPrivileges", nlohmann::json::array()},
95 {"IsPredefined", true},
96 {"Id", roleId},
97 {"RoleId", roleId},
98 {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId},
99 {"AssignedPrivileges", std::move(privArray)}};
100 });
101}
zhanghch058d1b46d2021-04-01 11:18:24 +0800102
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700103inline void requestRoutesRoleCollection(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700104{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700105 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
Ed Tanoused398212021-06-09 17:05:54 -0700106 .privileges(redfish::privileges::getRoleCollection)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700107 .methods(boost::beast::http::verb::get)(
108 [](const crow::Request&,
109 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
110 asyncResp->res.jsonValue = {
111 {"@odata.id", "/redfish/v1/AccountService/Roles"},
112 {"@odata.type", "#RoleCollection.RoleCollection"},
113 {"Name", "Roles Collection"},
114 {"Description", "BMC User Roles"}};
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100115
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700116 crow::connections::systemBus->async_method_call(
117 [asyncResp](
118 const boost::system::error_code ec,
Ed Tanousabf2add2019-01-22 16:40:12 -0800119 const std::variant<std::vector<std::string>>& resp) {
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700120 if (ec)
121 {
122 messages::internalError(asyncResp->res);
123 return;
124 }
125 nlohmann::json& memberArray =
126 asyncResp->res.jsonValue["Members"];
127 memberArray = nlohmann::json::array();
128 const std::vector<std::string>* privList =
129 std::get_if<std::vector<std::string>>(&resp);
130 if (privList == nullptr)
131 {
132 messages::internalError(asyncResp->res);
133 return;
134 }
135 for (const std::string& priv : *privList)
136 {
137 std::string role = getRoleFromPrivileges(priv);
138 if (!role.empty())
139 {
140 memberArray.push_back(
141 {{"@odata.id",
142 "/redfish/v1/AccountService/Roles/" +
143 role}});
144 }
145 }
146 asyncResp->res.jsonValue["Members@odata.count"] =
147 memberArray.size();
148 },
149 "xyz.openbmc_project.User.Manager",
150 "/xyz/openbmc_project/user",
151 "org.freedesktop.DBus.Properties", "Get",
152 "xyz.openbmc_project.User.Manager", "AllPrivileges");
153 });
154}
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100155
Ed Tanous1abe55e2018-09-05 08:30:59 -0700156} // namespace redfish