Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / ac1e1246464e28fe4313ba936a6b8f64ec65bb12 / . / redfish-core / lib / roles.hpp
blob: a0f4f347546aa9a27c5b3c5217c99d6dad23a9e2 [file] [log] [blame]
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]1/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
17
Ed Tanous3ccb3ad2023-01-13 17:40:03 -0800[diff] [blame]18#include "app.hpp"
19#include "dbus_utility.hpp"
20#include "query.hpp"
21#include "registries/privilege_registry.hpp"
22
Ed Tanousef4c65b2023-04-24 15:28:50 -0700[diff] [blame]23#include <boost/url/format.hpp>
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]24#include <nlohmann/json.hpp>
Jonathan Doman1e1e5982021-06-11 09:36:17 -0700[diff] [blame]25#include <sdbusplus/asio/property.hpp>
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]26
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]27#include <optional>
28#include <string_view>
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]29#include <variant>
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]30namespace redfish
31{
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]32
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]33inline std::string getRoleFromPrivileges(std::string_view priv)
34{
35 if (priv == "priv-admin")
36 {
37 return "Administrator";
38 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700[diff] [blame]39 if (priv == "priv-user")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]40 {
AppaRao Pulic80fee52019-10-16 14:49:36 +0530[diff] [blame]41 return "ReadOnly";
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]42 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700[diff] [blame]43 if (priv == "priv-operator")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]44 {
45 return "Operator";
46 }
47 return "";
48}
49
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]50inline std::optional<nlohmann::json::array_t>
51 getAssignedPrivFromRole(std::string_view role)
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]52{
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]53 nlohmann::json::array_t privArray;
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]54 if (role == "Administrator")
55 {
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]56 privArray.emplace_back("Login");
57 privArray.emplace_back("ConfigureManager");
58 privArray.emplace_back("ConfigureUsers");
59 privArray.emplace_back("ConfigureSelf");
60 privArray.emplace_back("ConfigureComponents");
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]61 }
62 else if (role == "Operator")
63 {
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]64 privArray.emplace_back("Login");
65 privArray.emplace_back("ConfigureSelf");
66 privArray.emplace_back("ConfigureComponents");
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]67 }
AppaRao Pulic80fee52019-10-16 14:49:36 +0530[diff] [blame]68 else if (role == "ReadOnly")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]69 {
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]70 privArray.emplace_back("Login");
71 privArray.emplace_back("ConfigureSelf");
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]72 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]73 else
74 {
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]75 return std::nullopt;
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]76 }
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]77 return privArray;
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]78}
79
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]80inline void requestRoutesRoles(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]81{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]82 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]83 .privileges(redfish::privileges::getRole)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]84 .methods(boost::beast::http::verb::get)(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]85 [&app](const crow::Request& req,
86 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
87 const std::string& roleId) {
Carson Labrado3ba00072022-06-06 19:40:56 +0000[diff] [blame]88 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous002d39b2022-05-31 08:59:27 -0700[diff] [blame]89 {
90 return;
91 }
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]92
93 std::optional<nlohmann::json::array_t> privArray =
94 getAssignedPrivFromRole(roleId);
95 if (!privArray)
Ed Tanous002d39b2022-05-31 08:59:27 -0700[diff] [blame]96 {
97 messages::resourceNotFound(asyncResp->res, "Role", roleId);
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]98
Ed Tanous002d39b2022-05-31 08:59:27 -0700[diff] [blame]99 return;
100 }
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]101
Ed Tanous002d39b2022-05-31 08:59:27 -0700[diff] [blame]102 asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
103 asyncResp->res.jsonValue["Name"] = "User Role";
104 asyncResp->res.jsonValue["Description"] = roleId + " User Role";
105 asyncResp->res.jsonValue["OemPrivileges"] = nlohmann::json::array();
106 asyncResp->res.jsonValue["IsPredefined"] = true;
107 asyncResp->res.jsonValue["Id"] = roleId;
108 asyncResp->res.jsonValue["RoleId"] = roleId;
Ed Tanousef4c65b2023-04-24 15:28:50 -0700[diff] [blame]109 asyncResp->res.jsonValue["@odata.id"] =
110 boost::urls::format("/redfish/v1/AccountService/Roles/{}", roleId);
Ed Tanous20fa6a22024-05-20 18:02:58 -0700[diff] [blame]111 asyncResp->res.jsonValue["AssignedPrivileges"] = std::move(*privArray);
Patrick Williams5a39f772023-10-20 11:20:21 -0500[diff] [blame]112 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]113}
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]114
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]115inline void requestRoutesRoleCollection(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]116{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]117 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]118 .privileges(redfish::privileges::getRoleCollection)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]119 .methods(boost::beast::http::verb::get)(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]120 [&app](const crow::Request& req,
121 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
Carson Labrado3ba00072022-06-06 19:40:56 +0000[diff] [blame]122 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous002d39b2022-05-31 08:59:27 -0700[diff] [blame]123 {
124 return;
125 }
126
127 asyncResp->res.jsonValue["@odata.id"] =
128 "/redfish/v1/AccountService/Roles";
129 asyncResp->res.jsonValue["@odata.type"] =
130 "#RoleCollection.RoleCollection";
131 asyncResp->res.jsonValue["Name"] = "Roles Collection";
132 asyncResp->res.jsonValue["Description"] = "BMC User Roles";
133
134 sdbusplus::asio::getProperty<std::vector<std::string>>(
135 *crow::connections::systemBus, "xyz.openbmc_project.User.Manager",
136 "/xyz/openbmc_project/user", "xyz.openbmc_project.User.Manager",
137 "AllPrivileges",
Ed Tanous5e7e2dc2023-02-16 10:37:01 -0800[diff] [blame]138 [asyncResp](const boost::system::error_code& ec,
Ed Tanous002d39b2022-05-31 08:59:27 -0700[diff] [blame]139 const std::vector<std::string>& privList) {
140 if (ec)
141 {
142 messages::internalError(asyncResp->res);
143 return;
144 }
145 nlohmann::json& memberArray = asyncResp->res.jsonValue["Members"];
146 memberArray = nlohmann::json::array();
147 for (const std::string& priv : privList)
148 {
149 std::string role = getRoleFromPrivileges(priv);
150 if (!role.empty())
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]151 {
Ed Tanous002d39b2022-05-31 08:59:27 -0700[diff] [blame]152 nlohmann::json::object_t member;
Ed Tanousef4c65b2023-04-24 15:28:50 -0700[diff] [blame]153 member["@odata.id"] = boost::urls::format(
154 "/redfish/v1/AccountService/Roles/{}", role);
Patrick Williamsb2ba3072023-05-12 10:27:39 -0500[diff] [blame]155 memberArray.emplace_back(std::move(member));
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]156 }
Ed Tanous002d39b2022-05-31 08:59:27 -0700[diff] [blame]157 }
158 asyncResp->res.jsonValue["Members@odata.count"] =
159 memberArray.size();
Ed Tanous002d39b2022-05-31 08:59:27 -0700[diff] [blame]160 });
Patrick Williams5a39f772023-10-20 11:20:21 -0500[diff] [blame]161 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]162}
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]163
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]164} // namespace redfish