Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / bacb216228c45ca715163f4c81717b1af39889ab / . / redfish-core / lib / roles.hpp
blob: dd8a790800564d522e7de488c3ab21f111abac0c [file] [log] [blame]
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]1/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
17
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]18#include <app.hpp>
Ed Tanous168e20c2021-12-13 14:39:53 -0800[diff] [blame]19#include <dbus_utility.hpp>
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]20#include <query.hpp>
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]21#include <registries/privilege_registry.hpp>
Jonathan Doman1e1e5982021-06-11 09:36:17 -0700[diff] [blame]22#include <sdbusplus/asio/property.hpp>
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]23
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]24#include <variant>
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]25namespace redfish
26{
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]27
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]28inline std::string getRoleFromPrivileges(std::string_view priv)
29{
30 if (priv == "priv-admin")
31 {
32 return "Administrator";
33 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700[diff] [blame]34 if (priv == "priv-user")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]35 {
AppaRao Pulic80fee52019-10-16 14:49:36 +0530[diff] [blame]36 return "ReadOnly";
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]37 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700[diff] [blame]38 if (priv == "priv-operator")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]39 {
40 return "Operator";
41 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700[diff] [blame]42 if (priv == "priv-noaccess")
jayaprakash Mutyalae9e6d242019-07-29 11:59:08 +0000[diff] [blame]43 {
44 return "NoAccess";
45 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]46 return "";
47}
48
49inline bool getAssignedPrivFromRole(std::string_view role,
50 nlohmann::json& privArray)
51{
52 if (role == "Administrator")
53 {
54 privArray = {"Login", "ConfigureManager", "ConfigureUsers",
55 "ConfigureSelf", "ConfigureComponents"};
56 }
57 else if (role == "Operator")
58 {
59 privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
60 }
AppaRao Pulic80fee52019-10-16 14:49:36 +0530[diff] [blame]61 else if (role == "ReadOnly")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]62 {
63 privArray = {"Login", "ConfigureSelf"};
64 }
jayaprakash Mutyalae9e6d242019-07-29 11:59:08 +0000[diff] [blame]65 else if (role == "NoAccess")
66 {
67 privArray = nlohmann::json::array();
68 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530[diff] [blame]69 else
70 {
71 return false;
72 }
73 return true;
74}
75
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]76inline void requestRoutesRoles(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]77{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]78 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]79 .privileges(redfish::privileges::getRole)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]80 .methods(boost::beast::http::verb::get)(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]81 [&app](const crow::Request& req,
82 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
83 const std::string& roleId) {
84 if (!redfish::setUpRedfishRoute(app, req, asyncResp->res))
85 {
86 return;
87 }
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]88 nlohmann::json privArray = nlohmann::json::array();
Ed Tanouse05aec52022-01-25 10:28:56 -0800[diff] [blame]89 if (!getAssignedPrivFromRole(roleId, privArray))
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]90 {
91 messages::resourceNotFound(asyncResp->res, "Role", roleId);
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]92
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]93 return;
94 }
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]95
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]96 asyncResp->res.jsonValue = {
97 {"@odata.type", "#Role.v1_2_2.Role"},
98 {"Name", "User Role"},
99 {"Description", roleId + " User Role"},
100 {"OemPrivileges", nlohmann::json::array()},
101 {"IsPredefined", true},
102 {"Id", roleId},
103 {"RoleId", roleId},
104 {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId},
105 {"AssignedPrivileges", std::move(privArray)}};
106 });
107}
zhanghch058d1b46d2021-04-01 11:18:24 +0800[diff] [blame]108
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]109inline void requestRoutesRoleCollection(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]110{
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]111 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
Ed Tanoused398212021-06-09 17:05:54 -0700[diff] [blame]112 .privileges(redfish::privileges::getRoleCollection)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]113 .methods(boost::beast::http::verb::get)(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700[diff] [blame]114 [&app](const crow::Request& req,
115 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
116 if (!redfish::setUpRedfishRoute(app, req, asyncResp->res))
117 {
118 return;
119 }
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]120 asyncResp->res.jsonValue = {
121 {"@odata.id", "/redfish/v1/AccountService/Roles"},
122 {"@odata.type", "#RoleCollection.RoleCollection"},
123 {"Name", "Roles Collection"},
124 {"Description", "BMC User Roles"}};
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]125
Jonathan Doman1e1e5982021-06-11 09:36:17 -0700[diff] [blame]126 sdbusplus::asio::getProperty<std::vector<std::string>>(
127 *crow::connections::systemBus,
128 "xyz.openbmc_project.User.Manager",
129 "/xyz/openbmc_project/user",
130 "xyz.openbmc_project.User.Manager", "AllPrivileges",
Ed Tanous168e20c2021-12-13 14:39:53 -0800[diff] [blame]131 [asyncResp](const boost::system::error_code ec,
Jonathan Doman1e1e5982021-06-11 09:36:17 -0700[diff] [blame]132 const std::vector<std::string>& privList) {
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]133 if (ec)
134 {
135 messages::internalError(asyncResp->res);
136 return;
137 }
138 nlohmann::json& memberArray =
139 asyncResp->res.jsonValue["Members"];
140 memberArray = nlohmann::json::array();
Jonathan Doman1e1e5982021-06-11 09:36:17 -0700[diff] [blame]141 for (const std::string& priv : privList)
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]142 {
143 std::string role = getRoleFromPrivileges(priv);
144 if (!role.empty())
145 {
146 memberArray.push_back(
147 {{"@odata.id",
148 "/redfish/v1/AccountService/Roles/" +
149 role}});
150 }
151 }
152 asyncResp->res.jsonValue["Members@odata.count"] =
153 memberArray.size();
Jonathan Doman1e1e5982021-06-11 09:36:17 -0700[diff] [blame]154 });
John Edward Broadbent7e860f12021-04-08 15:57:16 -0700[diff] [blame]155 });
156}
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100[diff] [blame]157
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]158} // namespace redfish