Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 9b46bc0b4c0c58c426e9bfb5a7d90250862ca9d2 / . / redfish-core / lib / roles.hpp
blob: 98f7085e05c31957fae7912e95a2fa9933c33956 [file] [log] [blame]
Ed Tanous40e9b922024-09-10 13:50:16 -0700[diff] [blame]1// SPDX-License-Identifier: Apache-2.0
2// SPDX-FileCopyrightText: Copyright OpenBMC Authors
3// SPDX-FileCopyrightText: Copyright 2018 Intel Corporation
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]4#pragma once
5
Ed Tanous3ccb3ad2023-01-13 17:40:03 -0800[diff] [blame]6#include "app.hpp"
7#include "dbus_utility.hpp"
8#include "query.hpp"
9#include "registries/privilege_registry.hpp"
10
Ed Tanousef4c65b2023-04-24 15:28:50 -0700[diff] [blame]11#include <boost/url/format.hpp>
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]12#include <nlohmann/json.hpp>
Jonathan Doman1e1e5982021-06-11 09:36:17 -0700[diff] [blame]13#include <sdbusplus/asio/property.hpp>
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]14
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]15#include <optional>
16#include <string_view>
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]17#include <variant>
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]18namespace redfish
19{
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]20
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]21inline std::string getRoleFromPrivileges(std::string_view priv)
22{
23 if (priv == "priv-admin")
24 {
25 return "Administrator";
26 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700[diff] [blame]27 if (priv == "priv-user")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]28 {
AppaRao Pulic80fee52019-10-16 14:49:36 +0530[diff] [blame]29 return "ReadOnly";
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]30 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700[diff] [blame]31 if (priv == "priv-operator")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]32 {
33 return "Operator";
34 }
35 return "";
36}
37
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]38inline std::optional<nlohmann::json::array_t>
39 getAssignedPrivFromRole(std::string_view role)
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]40{
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]41 nlohmann::json::array_t privArray;
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]42 if (role == "Administrator")
43 {
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]44 privArray.emplace_back("Login");
45 privArray.emplace_back("ConfigureManager");
46 privArray.emplace_back("ConfigureUsers");
47 privArray.emplace_back("ConfigureSelf");
48 privArray.emplace_back("ConfigureComponents");
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]49 }
50 else if (role == "Operator")
51 {
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]52 privArray.emplace_back("Login");
53 privArray.emplace_back("ConfigureSelf");
54 privArray.emplace_back("ConfigureComponents");
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]55 }
AppaRao Pulic80fee52019-10-16 14:49:36 +0530[diff] [blame]56 else if (role == "ReadOnly")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]57 {
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]58 privArray.emplace_back("Login");
59 privArray.emplace_back("ConfigureSelf");
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]60 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]61 else
62 {
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]63 return std::nullopt;
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]64 }
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]65 return privArray;
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]66}
67
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]68inline void requestRoutesRoles(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]69{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]70 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]71 .privileges(redfish::privileges::getRole)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]72 .methods(boost::beast::http::verb::get)(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]73 [&app](const crow::Request& req,
74 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
75 const std::string& roleId) {
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]76 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
77 {
78 return;
79 }
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]80
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]81 std::optional<nlohmann::json::array_t> privArray =
82 getAssignedPrivFromRole(roleId);
83 if (!privArray)
84 {
85 messages::resourceNotFound(asyncResp->res, "Role", roleId);
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]86
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]87 return;
88 }
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]89
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]90 asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
91 asyncResp->res.jsonValue["Name"] = "User Role";
92 asyncResp->res.jsonValue["Description"] = roleId + " User Role";
93 asyncResp->res.jsonValue["OemPrivileges"] =
94 nlohmann::json::array();
95 asyncResp->res.jsonValue["IsPredefined"] = true;
96 asyncResp->res.jsonValue["Id"] = roleId;
97 asyncResp->res.jsonValue["RoleId"] = roleId;
98 asyncResp->res.jsonValue["@odata.id"] = boost::urls::format(
99 "/redfish/v1/AccountService/Roles/{}", roleId);
100 asyncResp->res.jsonValue["AssignedPrivileges"] =
101 std::move(*privArray);
102 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]103}
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]104
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]105inline void requestRoutesRoleCollection(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]106{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]107 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]108 .privileges(redfish::privileges::getRoleCollection)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]109 .methods(boost::beast::http::verb::get)(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]110 [&app](const crow::Request& req,
111 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]112 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]113 {
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]114 return;
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]115 }
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]116
117 asyncResp->res.jsonValue["@odata.id"] =
118 "/redfish/v1/AccountService/Roles";
119 asyncResp->res.jsonValue["@odata.type"] =
120 "#RoleCollection.RoleCollection";
121 asyncResp->res.jsonValue["Name"] = "Roles Collection";
122 asyncResp->res.jsonValue["Description"] = "BMC User Roles";
123
Ed Tanousdeae6a72024-11-11 21:58:57 -0800[diff] [blame]124 dbus::utility::getProperty<std::vector<std::string>>(
Patrick Williamsbd79bce2024-08-16 15:22:20 -0400[diff] [blame]125 "xyz.openbmc_project.User.Manager",
126 "/xyz/openbmc_project/user",
127 "xyz.openbmc_project.User.Manager", "AllPrivileges",
128 [asyncResp](const boost::system::error_code& ec,
129 const std::vector<std::string>& privList) {
130 if (ec)
131 {
132 messages::internalError(asyncResp->res);
133 return;
134 }
135 nlohmann::json& memberArray =
136 asyncResp->res.jsonValue["Members"];
137 memberArray = nlohmann::json::array();
138 for (const std::string& priv : privList)
139 {
140 std::string role = getRoleFromPrivileges(priv);
141 if (!role.empty())
142 {
143 nlohmann::json::object_t member;
144 member["@odata.id"] = boost::urls::format(
145 "/redfish/v1/AccountService/Roles/{}",
146 role);
147 memberArray.emplace_back(std::move(member));
148 }
149 }
150 asyncResp->res.jsonValue["Members@odata.count"] =
151 memberArray.size();
152 });
153 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]154}
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]155
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]156} // namespace redfish