redfish-core/include/node.hpp

/*
// Copyright (c) 2018 Intel Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
*/
#pragma once

#include "http_request.hpp"
#include "http_response.hpp"
#include "privileges.hpp"

#include <error_messages.hpp>

#include <vector>

namespace redfish
{

/**
 * AsyncResp
 * Gathers data needed for response processing after async calls are done
 */
class AsyncResp
{
  public:
    AsyncResp(crow::Response& response) : res(response)
    {}

    ~AsyncResp()
    {
        res.end();
    }

    crow::Response& res;
};

/**
 * @brief  Abstract class used for implementing Redfish nodes.
 *
 */
class Node
{
  public:
    template <typename... Params>
    Node(App& app, std::string&& entityUrl, [[maybe_unused]] Params... paramsIn)
    {
        crow::DynamicRule& get = app.routeDynamic(entityUrl.c_str());
        getRule = &get;
        get.methods(boost::beast::http::verb::get)(
            [this](const crow::Request& req, crow::Response& res,
                   Params... params) {
                std::vector<std::string> paramVec = {params...};
                doGet(res, req, paramVec);
            });

        crow::DynamicRule& patch = app.routeDynamic(entityUrl.c_str());
        patchRule = &patch;
        patch.methods(boost::beast::http::verb::patch)(
            [this](const crow::Request& req, crow::Response& res,
                   Params... params) {
                std::vector<std::string> paramVec = {params...};
                doPatch(res, req, paramVec);
            });

        crow::DynamicRule& post = app.routeDynamic(entityUrl.c_str());
        postRule = &post;
        post.methods(boost::beast::http::verb::post)(
            [this](const crow::Request& req, crow::Response& res,
                   Params... params) {
                std::vector<std::string> paramVec = {params...};
                doPost(res, req, paramVec);
            });

        crow::DynamicRule& put = app.routeDynamic(entityUrl.c_str());
        putRule = &put;
        put.methods(boost::beast::http::verb::put)(
            [this](const crow::Request& req, crow::Response& res,
                   Params... params) {
                std::vector<std::string> paramVec = {params...};
                doPut(res, req, paramVec);
            });

        crow::DynamicRule& deleteR = app.routeDynamic(entityUrl.c_str());
        deleteRule = &deleteR;
        deleteR.methods(boost::beast::http::verb::delete_)(
            [this](const crow::Request& req, crow::Response& res,
                   Params... params) {
                std::vector<std::string> paramVec = {params...};
                doDelete(res, req, paramVec);
            });
    }

    void initPrivileges()
    {
        auto it = entityPrivileges.find(boost::beast::http::verb::get);
        if (it != entityPrivileges.end())
        {
            if (getRule != nullptr)
            {
                getRule->privileges(it->second);
            }
        }
        it = entityPrivileges.find(boost::beast::http::verb::post);
        if (it != entityPrivileges.end())
        {
            if (postRule != nullptr)
            {
                postRule->privileges(it->second);
            }
        }
        it = entityPrivileges.find(boost::beast::http::verb::patch);
        if (it != entityPrivileges.end())
        {
            if (patchRule != nullptr)
            {
                patchRule->privileges(it->second);
            }
        }
        it = entityPrivileges.find(boost::beast::http::verb::put);
        if (it != entityPrivileges.end())
        {
            if (putRule != nullptr)
            {
                putRule->privileges(it->second);
            }
        }
        it = entityPrivileges.find(boost::beast::http::verb::delete_);
        if (it != entityPrivileges.end())
        {
            if (deleteRule != nullptr)
            {
                deleteRule->privileges(it->second);
            }
        }
    }

    virtual ~Node() = default;

    OperationMap entityPrivileges;

    crow::DynamicRule* getRule = nullptr;
    crow::DynamicRule* postRule = nullptr;
    crow::DynamicRule* patchRule = nullptr;
    crow::DynamicRule* putRule = nullptr;
    crow::DynamicRule* deleteRule = nullptr;

  protected:
    // Node is designed to be an abstract class, so doGet is pure virtual
    virtual void doGet(crow::Response& res, const crow::Request&,
                       const std::vector<std::string>&)
    {
        res.result(boost::beast::http::status::method_not_allowed);
        res.end();
    }

    virtual void doPatch(crow::Response& res, const crow::Request&,
                         const std::vector<std::string>&)
    {
        res.result(boost::beast::http::status::method_not_allowed);
        res.end();
    }

    virtual void doPost(crow::Response& res, const crow::Request&,
                        const std::vector<std::string>&)
    {
        res.result(boost::beast::http::status::method_not_allowed);
        res.end();
    }

    virtual void doPut(crow::Response& res, const crow::Request&,
                       const std::vector<std::string>&)
    {
        res.result(boost::beast::http::status::method_not_allowed);
        res.end();
    }

    virtual void doDelete(crow::Response& res, const crow::Request&,
                          const std::vector<std::string>&)
    {
        res.result(boost::beast::http::status::method_not_allowed);
        res.end();
    }

    /* @brief Would the operation be allowed if the user did not have the
     * ConfigureSelf Privilege?  Also honors session.isConfigureSelfOnly.
     *
     * @param req      the request
     *
     * @returns        True if allowed, false otherwise
     */
    inline bool isAllowedWithoutConfigureSelf(const crow::Request& req)
    {
        const std::string& userRole = req.userRole;
        BMCWEB_LOG_DEBUG << "isAllowedWithoutConfigureSelf for the role "
                         << req.userRole;
        Privileges effectiveUserPrivileges;
        if (req.session && req.session->isConfigureSelfOnly)
        {
            // The session has no privileges because it is limited to
            // configureSelfOnly and we are disregarding that privilege.
            // Note that some operations do not require any privilege.
        }
        else
        {
            effectiveUserPrivileges = redfish::getUserPrivileges(userRole);
            effectiveUserPrivileges.resetSinglePrivilege("ConfigureSelf");
        }
        const auto& requiredPrivilegesIt = entityPrivileges.find(req.method());
        return (requiredPrivilegesIt != entityPrivileges.end()) &&
               isOperationAllowedWithPrivileges(requiredPrivilegesIt->second,
                                                effectiveUserPrivileges);
    }
};

} // namespace redfish