Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 5af690f5a027159e2fd92bbe78d5e1cf98146bf6 / . / redfish-core / include / node.hpp
blob: 1793a5046a8fd0901b5b30acf5e029175d589325 [file] [log] [blame]
Borawski.Lukasz86e1b662018-01-19 14:22:14 +0100[diff] [blame]1/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
17
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]18#include "async_resp.hpp"
Ed Tanous04e438c2020-10-03 08:06:26 -0700[diff] [blame]19#include "http_request.hpp"
20#include "http_response.hpp"
Borawski.Lukasz86e1b662018-01-19 14:22:14 +0100[diff] [blame]21#include "privileges.hpp"
Ed Tanousa8c4ce92021-03-24 08:44:51 -0700[diff] [blame]22#include "redfish_v1.hpp"
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]23
Ed Tanousa0803ef2018-08-29 13:29:23 -0700[diff] [blame]24#include <error_messages.hpp>
Ed Tanousa8c4ce92021-03-24 08:44:51 -0700[diff] [blame]25#include <rf_async_resp.hpp>
Ed Tanousa0803ef2018-08-29 13:29:23 -0700[diff] [blame]26
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]27#include <vector>
Borawski.Lukasz86e1b662018-01-19 14:22:14 +0100[diff] [blame]28
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]29namespace redfish
30{
Borawski.Lukasz86e1b662018-01-19 14:22:14 +0100[diff] [blame]31
32/**
33 * @brief Abstract class used for implementing Redfish nodes.
34 *
35 */
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]36class Node
37{
Ed Tanous4df1bee2021-03-24 08:23:03 -0700[diff] [blame]38 private:
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]39 bool redfishPreChecks(const crow::Request& req,
40 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
Ed Tanous4df1bee2021-03-24 08:23:03 -0700[diff] [blame]41 {
42 std::string_view odataHeader = req.getHeaderValue("OData-Version");
43 if (odataHeader.empty())
44 {
45 // Clients aren't required to provide odata version
46 return true;
47 }
48 if (odataHeader != "4.0")
49 {
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]50 redfish::messages::preconditionFailed(asyncResp->res);
Ed Tanous4df1bee2021-03-24 08:23:03 -0700[diff] [blame]51 return false;
52 }
53
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]54 asyncResp->res.addHeader("OData-Version", "4.0");
Ed Tanous4df1bee2021-03-24 08:23:03 -0700[diff] [blame]55 return true;
56 }
57
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]58 public:
59 template <typename... Params>
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]60 Node(App& app, std::string&& entityUrl,
61 [[maybe_unused]] Params... paramsIn) :
62 app(app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]63 {
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]64 crow::DynamicRule& get = app.routeDynamic(entityUrl.c_str());
65 getRule = &get;
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]66 get.methods(boost::beast::http::verb::get)(
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]67 [this](const crow::Request& req,
68 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]69 Params... params) {
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]70 if (!redfishPreChecks(req, asyncResp))
Ed Tanous4df1bee2021-03-24 08:23:03 -0700[diff] [blame]71 {
72 return;
73 }
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]74 std::vector<std::string> paramVec = {params...};
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]75 doGet(asyncResp, req, paramVec);
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]76 });
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]77
78 crow::DynamicRule& patch = app.routeDynamic(entityUrl.c_str());
79 patchRule = &patch;
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]80 patch.methods(boost::beast::http::verb::patch)(
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]81 [this](const crow::Request& req,
82 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]83 Params... params) {
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]84 if (!redfishPreChecks(req, asyncResp))
Ed Tanous4df1bee2021-03-24 08:23:03 -0700[diff] [blame]85 {
86 return;
87 }
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]88 std::vector<std::string> paramVec = {params...};
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]89 doPatch(asyncResp, req, paramVec);
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]90 });
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]91
92 crow::DynamicRule& post = app.routeDynamic(entityUrl.c_str());
93 postRule = &post;
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]94 post.methods(boost::beast::http::verb::post)(
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]95 [this](const crow::Request& req,
96 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]97 Params... params) {
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]98 if (!redfishPreChecks(req, asyncResp))
Ed Tanous4df1bee2021-03-24 08:23:03 -0700[diff] [blame]99 {
100 return;
101 }
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]102 std::vector<std::string> paramVec = {params...};
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]103 doPost(asyncResp, req, paramVec);
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]104 });
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]105
Adrian Ambrożewicz15302612020-07-16 11:24:47 +0200[diff] [blame]106 crow::DynamicRule& put = app.routeDynamic(entityUrl.c_str());
107 putRule = &put;
108 put.methods(boost::beast::http::verb::put)(
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]109 [this](const crow::Request& req,
110 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
Adrian Ambrożewicz15302612020-07-16 11:24:47 +0200[diff] [blame]111 Params... params) {
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]112 if (!redfishPreChecks(req, asyncResp))
Ed Tanous4df1bee2021-03-24 08:23:03 -0700[diff] [blame]113 {
114 return;
115 }
Adrian Ambrożewicz15302612020-07-16 11:24:47 +0200[diff] [blame]116 std::vector<std::string> paramVec = {params...};
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]117 doPut(asyncResp, req, paramVec);
Adrian Ambrożewicz15302612020-07-16 11:24:47 +0200[diff] [blame]118 });
119
Ed Tanous2c70f802020-09-28 14:29:23 -0700[diff] [blame]120 crow::DynamicRule& deleteR = app.routeDynamic(entityUrl.c_str());
121 deleteRule = &deleteR;
122 deleteR.methods(boost::beast::http::verb::delete_)(
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]123 [this](const crow::Request& req,
124 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]125 Params... params) {
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]126 if (!redfishPreChecks(req, asyncResp))
Ed Tanous4df1bee2021-03-24 08:23:03 -0700[diff] [blame]127 {
128 return;
129 }
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]130 std::vector<std::string> paramVec = {params...};
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]131 doDelete(asyncResp, req, paramVec);
Ed Tanousb41187f2019-10-24 16:30:02 -0700[diff] [blame]132 });
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]133 }
134
135 void initPrivileges()
136 {
137 auto it = entityPrivileges.find(boost::beast::http::verb::get);
138 if (it != entityPrivileges.end())
139 {
140 if (getRule != nullptr)
141 {
Ed Tanous23a21a12020-07-25 04:45:05 +0000[diff] [blame]142 getRule->privileges(it->second);
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]143 }
144 }
145 it = entityPrivileges.find(boost::beast::http::verb::post);
146 if (it != entityPrivileges.end())
147 {
148 if (postRule != nullptr)
149 {
Ed Tanous23a21a12020-07-25 04:45:05 +0000[diff] [blame]150 postRule->privileges(it->second);
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]151 }
152 }
153 it = entityPrivileges.find(boost::beast::http::verb::patch);
154 if (it != entityPrivileges.end())
155 {
156 if (patchRule != nullptr)
157 {
Ed Tanous23a21a12020-07-25 04:45:05 +0000[diff] [blame]158 patchRule->privileges(it->second);
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]159 }
160 }
Adrian Ambrożewicz15302612020-07-16 11:24:47 +0200[diff] [blame]161 it = entityPrivileges.find(boost::beast::http::verb::put);
162 if (it != entityPrivileges.end())
163 {
164 if (putRule != nullptr)
165 {
Ed Tanous23a21a12020-07-25 04:45:05 +0000[diff] [blame]166 putRule->privileges(it->second);
Adrian Ambrożewicz15302612020-07-16 11:24:47 +0200[diff] [blame]167 }
168 }
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]169 it = entityPrivileges.find(boost::beast::http::verb::delete_);
170 if (it != entityPrivileges.end())
171 {
172 if (deleteRule != nullptr)
173 {
Ed Tanous23a21a12020-07-25 04:45:05 +0000[diff] [blame]174 deleteRule->privileges(it->second);
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]175 }
176 }
Borawski.Lukaszc1a46bd2018-02-08 13:31:59 +0100[diff] [blame]177 }
Ed Tanouscbbfa962018-03-13 16:46:28 -0700[diff] [blame]178
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]179 virtual ~Node() = default;
Borawski.Lukaszc1a46bd2018-02-08 13:31:59 +0100[diff] [blame]180
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]181 OperationMap entityPrivileges;
Borawski.Lukasz86e1b662018-01-19 14:22:14 +0100[diff] [blame]182
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]183 crow::DynamicRule* getRule = nullptr;
184 crow::DynamicRule* postRule = nullptr;
185 crow::DynamicRule* patchRule = nullptr;
Adrian Ambrożewicz15302612020-07-16 11:24:47 +0200[diff] [blame]186 crow::DynamicRule* putRule = nullptr;
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]187 crow::DynamicRule* deleteRule = nullptr;
188
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]189 protected:
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]190 App& app;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]191 // Node is designed to be an abstract class, so doGet is pure virtual
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]192 virtual void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
193 const crow::Request&, const std::vector<std::string>&)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]194 {
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]195 asyncResp->res.result(boost::beast::http::status::method_not_allowed);
Borawski.Lukasz86e1b662018-01-19 14:22:14 +0100[diff] [blame]196 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]197
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]198 virtual void doPatch(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
199 const crow::Request&, const std::vector<std::string>&)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]200 {
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]201 asyncResp->res.result(boost::beast::http::status::method_not_allowed);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]202 }
203
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]204 virtual void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
205 const crow::Request&, const std::vector<std::string>&)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]206 {
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]207 asyncResp->res.result(boost::beast::http::status::method_not_allowed);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]208 }
209
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]210 virtual void doPut(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
211 const crow::Request&, const std::vector<std::string>&)
Adrian Ambrożewicz15302612020-07-16 11:24:47 +0200[diff] [blame]212 {
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]213 asyncResp->res.result(boost::beast::http::status::method_not_allowed);
Adrian Ambrożewicz15302612020-07-16 11:24:47 +0200[diff] [blame]214 }
215
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]216 virtual void doDelete(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
217 const crow::Request&, const std::vector<std::string>&)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]218 {
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]219 asyncResp->res.result(boost::beast::http::status::method_not_allowed);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]220 }
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]221
Joseph Reynolds3bf4e632020-02-06 14:44:32 -0600[diff] [blame]222 /* @brief Would the operation be allowed if the user did not have the
223 * ConfigureSelf Privilege? Also honors session.isConfigureSelfOnly.
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]224 *
225 * @param req the request
226 *
227 * @returns True if allowed, false otherwise
228 */
229 inline bool isAllowedWithoutConfigureSelf(const crow::Request& req)
230 {
RAJESWARAN THILLAIGOVINDAN61dbeef2019-12-13 04:26:54 -0600[diff] [blame]231 const std::string& userRole = req.userRole;
232 BMCWEB_LOG_DEBUG << "isAllowedWithoutConfigureSelf for the role "
233 << req.userRole;
Joseph Reynolds3bf4e632020-02-06 14:44:32 -0600[diff] [blame]234 Privileges effectiveUserPrivileges;
235 if (req.session && req.session->isConfigureSelfOnly)
236 {
237 // The session has no privileges because it is limited to
238 // configureSelfOnly and we are disregarding that privilege.
239 // Note that some operations do not require any privilege.
240 }
241 else
242 {
243 effectiveUserPrivileges = redfish::getUserPrivileges(userRole);
244 effectiveUserPrivileges.resetSinglePrivilege("ConfigureSelf");
245 }
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]246 const auto& requiredPrivilegesIt = entityPrivileges.find(req.method());
247 return (requiredPrivilegesIt != entityPrivileges.end()) &&
248 isOperationAllowedWithPrivileges(requiredPrivilegesIt->second,
249 effectiveUserPrivileges);
250 }
Borawski.Lukasz86e1b662018-01-19 14:22:14 +0100[diff] [blame]251};
252
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]253} // namespace redfish