blob: c17a2256be54e8d188044f8cecd89d04e9483ef3 [file] [log] [blame]
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +01001/*
Ed Tanous6be832e2024-09-10 11:44:48 -07002Copyright (c) 2018 Intel Corporation
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +010015*/
16#pragma once
17
Ed Tanous3ccb3ad2023-01-13 17:40:03 -080018#include "app.hpp"
19#include "dbus_utility.hpp"
20#include "query.hpp"
21#include "registries/privilege_registry.hpp"
22
Ed Tanousef4c65b2023-04-24 15:28:50 -070023#include <boost/url/format.hpp>
Ed Tanous20fa6a22024-05-20 18:02:58 -070024#include <nlohmann/json.hpp>
Jonathan Doman1e1e5982021-06-11 09:36:17 -070025#include <sdbusplus/asio/property.hpp>
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +010026
Ed Tanous20fa6a22024-05-20 18:02:58 -070027#include <optional>
28#include <string_view>
Ed Tanousabf2add2019-01-22 16:40:12 -080029#include <variant>
Ed Tanous1abe55e2018-09-05 08:30:59 -070030namespace redfish
31{
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +010032
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053033inline std::string getRoleFromPrivileges(std::string_view priv)
34{
35 if (priv == "priv-admin")
36 {
37 return "Administrator";
38 }
Ed Tanous3174e4d2020-10-07 11:41:22 -070039 if (priv == "priv-user")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053040 {
AppaRao Pulic80fee52019-10-16 14:49:36 +053041 return "ReadOnly";
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053042 }
Ed Tanous3174e4d2020-10-07 11:41:22 -070043 if (priv == "priv-operator")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053044 {
45 return "Operator";
46 }
47 return "";
48}
49
Ed Tanous20fa6a22024-05-20 18:02:58 -070050inline std::optional<nlohmann::json::array_t>
51 getAssignedPrivFromRole(std::string_view role)
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053052{
Ed Tanous20fa6a22024-05-20 18:02:58 -070053 nlohmann::json::array_t privArray;
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053054 if (role == "Administrator")
55 {
Ed Tanous20fa6a22024-05-20 18:02:58 -070056 privArray.emplace_back("Login");
57 privArray.emplace_back("ConfigureManager");
58 privArray.emplace_back("ConfigureUsers");
59 privArray.emplace_back("ConfigureSelf");
60 privArray.emplace_back("ConfigureComponents");
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053061 }
62 else if (role == "Operator")
63 {
Ed Tanous20fa6a22024-05-20 18:02:58 -070064 privArray.emplace_back("Login");
65 privArray.emplace_back("ConfigureSelf");
66 privArray.emplace_back("ConfigureComponents");
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053067 }
AppaRao Pulic80fee52019-10-16 14:49:36 +053068 else if (role == "ReadOnly")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053069 {
Ed Tanous20fa6a22024-05-20 18:02:58 -070070 privArray.emplace_back("Login");
71 privArray.emplace_back("ConfigureSelf");
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053072 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053073 else
74 {
Ed Tanous20fa6a22024-05-20 18:02:58 -070075 return std::nullopt;
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053076 }
Ed Tanous20fa6a22024-05-20 18:02:58 -070077 return privArray;
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053078}
79
John Edward Broadbent7e860f12021-04-08 15:57:16 -070080inline void requestRoutesRoles(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -070081{
John Edward Broadbent7e860f12021-04-08 15:57:16 -070082 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -070083 .privileges(redfish::privileges::getRole)
John Edward Broadbent7e860f12021-04-08 15:57:16 -070084 .methods(boost::beast::http::verb::get)(
Ed Tanous45ca1b82022-03-25 13:07:27 -070085 [&app](const crow::Request& req,
86 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
87 const std::string& roleId) {
Patrick Williamsbd79bce2024-08-16 15:22:20 -040088 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
89 {
90 return;
91 }
Ed Tanous20fa6a22024-05-20 18:02:58 -070092
Patrick Williamsbd79bce2024-08-16 15:22:20 -040093 std::optional<nlohmann::json::array_t> privArray =
94 getAssignedPrivFromRole(roleId);
95 if (!privArray)
96 {
97 messages::resourceNotFound(asyncResp->res, "Role", roleId);
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +010098
Patrick Williamsbd79bce2024-08-16 15:22:20 -040099 return;
100 }
zhanghch058d1b46d2021-04-01 11:18:24 +0800101
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400102 asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
103 asyncResp->res.jsonValue["Name"] = "User Role";
104 asyncResp->res.jsonValue["Description"] = roleId + " User Role";
105 asyncResp->res.jsonValue["OemPrivileges"] =
106 nlohmann::json::array();
107 asyncResp->res.jsonValue["IsPredefined"] = true;
108 asyncResp->res.jsonValue["Id"] = roleId;
109 asyncResp->res.jsonValue["RoleId"] = roleId;
110 asyncResp->res.jsonValue["@odata.id"] = boost::urls::format(
111 "/redfish/v1/AccountService/Roles/{}", roleId);
112 asyncResp->res.jsonValue["AssignedPrivileges"] =
113 std::move(*privArray);
114 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700115}
zhanghch058d1b46d2021-04-01 11:18:24 +0800116
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700117inline void requestRoutesRoleCollection(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700118{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700119 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
Ed Tanoused398212021-06-09 17:05:54 -0700120 .privileges(redfish::privileges::getRoleCollection)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700121 .methods(boost::beast::http::verb::get)(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700122 [&app](const crow::Request& req,
123 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400124 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -0700125 {
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400126 return;
Ed Tanous45ca1b82022-03-25 13:07:27 -0700127 }
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400128
129 asyncResp->res.jsonValue["@odata.id"] =
130 "/redfish/v1/AccountService/Roles";
131 asyncResp->res.jsonValue["@odata.type"] =
132 "#RoleCollection.RoleCollection";
133 asyncResp->res.jsonValue["Name"] = "Roles Collection";
134 asyncResp->res.jsonValue["Description"] = "BMC User Roles";
135
136 sdbusplus::asio::getProperty<std::vector<std::string>>(
137 *crow::connections::systemBus,
138 "xyz.openbmc_project.User.Manager",
139 "/xyz/openbmc_project/user",
140 "xyz.openbmc_project.User.Manager", "AllPrivileges",
141 [asyncResp](const boost::system::error_code& ec,
142 const std::vector<std::string>& privList) {
143 if (ec)
144 {
145 messages::internalError(asyncResp->res);
146 return;
147 }
148 nlohmann::json& memberArray =
149 asyncResp->res.jsonValue["Members"];
150 memberArray = nlohmann::json::array();
151 for (const std::string& priv : privList)
152 {
153 std::string role = getRoleFromPrivileges(priv);
154 if (!role.empty())
155 {
156 nlohmann::json::object_t member;
157 member["@odata.id"] = boost::urls::format(
158 "/redfish/v1/AccountService/Roles/{}",
159 role);
160 memberArray.emplace_back(std::move(member));
161 }
162 }
163 asyncResp->res.jsonValue["Members@odata.count"] =
164 memberArray.size();
165 });
166 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700167}
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100168
Ed Tanous1abe55e2018-09-05 08:30:59 -0700169} // namespace redfish