blob: 610c08663bc8f32fb3fef1ef9da3083379c154cd [file] [log] [blame]
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +01001/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
17
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +010018#include "node.hpp"
19
Ed Tanousabf2add2019-01-22 16:40:12 -080020#include <variant>
21
Ed Tanous1abe55e2018-09-05 08:30:59 -070022namespace redfish
23{
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +010024
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053025inline std::string getRoleFromPrivileges(std::string_view priv)
26{
27 if (priv == "priv-admin")
28 {
29 return "Administrator";
30 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053031 else if (priv == "priv-user")
32 {
AppaRao Pulic80fee52019-10-16 14:49:36 +053033 return "ReadOnly";
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053034 }
35 else if (priv == "priv-operator")
36 {
37 return "Operator";
38 }
jayaprakash Mutyalae9e6d242019-07-29 11:59:08 +000039 else if (priv == "priv-noaccess")
40 {
41 return "NoAccess";
42 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053043 return "";
44}
45
46inline bool getAssignedPrivFromRole(std::string_view role,
47 nlohmann::json& privArray)
48{
49 if (role == "Administrator")
50 {
51 privArray = {"Login", "ConfigureManager", "ConfigureUsers",
52 "ConfigureSelf", "ConfigureComponents"};
53 }
54 else if (role == "Operator")
55 {
56 privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
57 }
AppaRao Pulic80fee52019-10-16 14:49:36 +053058 else if (role == "ReadOnly")
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053059 {
60 privArray = {"Login", "ConfigureSelf"};
61 }
jayaprakash Mutyalae9e6d242019-07-29 11:59:08 +000062 else if (role == "NoAccess")
63 {
64 privArray = nlohmann::json::array();
65 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053066 else
67 {
68 return false;
69 }
70 return true;
71}
72
Ed Tanous1abe55e2018-09-05 08:30:59 -070073class Roles : public Node
74{
75 public:
Ed Tanous52cc1122020-07-18 13:51:21 -070076 Roles(App& app) :
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053077 Node(app, "/redfish/v1/AccountService/Roles/<str>/", std::string())
Ed Tanous1abe55e2018-09-05 08:30:59 -070078 {
Ed Tanous1abe55e2018-09-05 08:30:59 -070079 entityPrivileges = {
80 {boost::beast::http::verb::get, {{"Login"}}},
81 {boost::beast::http::verb::head, {{"Login"}}},
82 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
83 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
84 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
85 {boost::beast::http::verb::post, {{"ConfigureManager"}}}};
86 }
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +010087
Ed Tanous1abe55e2018-09-05 08:30:59 -070088 private:
Ed Tanouscb13a392020-07-25 19:02:03 +000089 void doGet(crow::Response& res, const crow::Request&,
Ed Tanous1abe55e2018-09-05 08:30:59 -070090 const std::vector<std::string>& params) override
91 {
AppaRao Puli8fcb65b2018-12-27 14:11:55 +053092 if (params.size() != 1)
93 {
94 messages::internalError(res);
95 res.end();
96 return;
97 }
98 const std::string& roleId = params[0];
99 nlohmann::json privArray = nlohmann::json::array();
100 if (false == getAssignedPrivFromRole(roleId, privArray))
101 {
102 messages::resourceNotFound(res, "Role", roleId);
103 res.end();
104 return;
105 }
106
107 res.jsonValue = {
Zbigniew Kurzynskiec8abe62019-05-31 16:59:52 +0200108 {"@odata.type", "#Role.v1_2_2.Role"},
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530109 {"Name", "User Role"},
Ed Tanous0f261532019-02-08 11:13:29 -0800110 {"Description", roleId + " User Role"},
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530111 {"OemPrivileges", nlohmann::json::array()},
112 {"IsPredefined", true},
113 {"Id", roleId},
Zbigniew Kurzynskiec8abe62019-05-31 16:59:52 +0200114 {"RoleId", roleId},
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530115 {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId},
116 {"AssignedPrivileges", std::move(privArray)}};
Ed Tanous1abe55e2018-09-05 08:30:59 -0700117 res.end();
118 }
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100119};
120
Ed Tanous1abe55e2018-09-05 08:30:59 -0700121class RoleCollection : public Node
122{
123 public:
Ed Tanous52cc1122020-07-18 13:51:21 -0700124 RoleCollection(App& app) : Node(app, "/redfish/v1/AccountService/Roles/")
Ed Tanous1abe55e2018-09-05 08:30:59 -0700125 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700126 entityPrivileges = {
127 {boost::beast::http::verb::get, {{"Login"}}},
128 {boost::beast::http::verb::head, {{"Login"}}},
129 {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
130 {boost::beast::http::verb::put, {{"ConfigureManager"}}},
131 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
132 {boost::beast::http::verb::post, {{"ConfigureManager"}}}};
133 }
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100134
Ed Tanous1abe55e2018-09-05 08:30:59 -0700135 private:
Ed Tanouscb13a392020-07-25 19:02:03 +0000136 void doGet(crow::Response& res, const crow::Request&,
137 const std::vector<std::string>&) override
Ed Tanous1abe55e2018-09-05 08:30:59 -0700138 {
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530139 auto asyncResp = std::make_shared<AsyncResp>(res);
Gunnar Mills2475db82020-02-19 16:20:14 -0600140 res.jsonValue = {{"@odata.id", "/redfish/v1/AccountService/Roles"},
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530141 {"@odata.type", "#RoleCollection.RoleCollection"},
142 {"Name", "Roles Collection"},
143 {"Description", "BMC User Roles"}};
144
145 crow::connections::systemBus->async_method_call(
Ed Tanousabf2add2019-01-22 16:40:12 -0800146 [asyncResp](const boost::system::error_code ec,
147 const std::variant<std::vector<std::string>>& resp) {
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530148 if (ec)
149 {
150 messages::internalError(asyncResp->res);
151 return;
152 }
153 nlohmann::json& memberArray =
154 asyncResp->res.jsonValue["Members"];
155 memberArray = nlohmann::json::array();
156 const std::vector<std::string>* privList =
Ed Tanousabf2add2019-01-22 16:40:12 -0800157 std::get_if<std::vector<std::string>>(&resp);
Ed Tanous66664f22019-10-11 13:05:49 -0700158 if (privList == nullptr)
159 {
160 messages::internalError(asyncResp->res);
161 return;
162 }
AppaRao Puli8fcb65b2018-12-27 14:11:55 +0530163 for (const std::string& priv : *privList)
164 {
165 std::string role = getRoleFromPrivileges(priv);
166 if (!role.empty())
167 {
168 memberArray.push_back(
169 {{"@odata.id",
170 "/redfish/v1/AccountService/Roles/" + role}});
171 }
172 }
173 asyncResp->res.jsonValue["Members@odata.count"] =
174 memberArray.size();
175 },
176 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
177 "org.freedesktop.DBus.Properties", "Get",
178 "xyz.openbmc_project.User.Manager", "AllPrivileges");
Ed Tanous1abe55e2018-09-05 08:30:59 -0700179 }
Lewanczyk, Dawid4e49bd42018-01-25 11:30:19 +0100180};
181
Ed Tanous1abe55e2018-09-05 08:30:59 -0700182} // namespace redfish