xref: /openbmc/bmcweb/redfish-core/lib/roles.hpp (revision 504af5a0568171b72caf13234cc81380b261fa21) 
140e9b92eSEd Tanous // SPDX-License-Identifier: Apache-2.0
240e9b92eSEd Tanous // SPDX-FileCopyrightText: Copyright OpenBMC Authors
340e9b92eSEd Tanous // SPDX-FileCopyrightText: Copyright 2018 Intel Corporation
44e49bd4bSLewanczyk, Dawid #pragma once
54e49bd4bSLewanczyk, Dawid 
63ccb3adbSEd Tanous #include "app.hpp"
7d7857201SEd Tanous #include "async_resp.hpp"
83ccb3adbSEd Tanous #include "dbus_utility.hpp"
9d7857201SEd Tanous #include "error_messages.hpp"
10d7857201SEd Tanous #include "http_request.hpp"
113ccb3adbSEd Tanous #include "query.hpp"
123ccb3adbSEd Tanous #include "registries/privilege_registry.hpp"
133ccb3adbSEd Tanous 
14d7857201SEd Tanous #include <boost/beast/http/verb.hpp>
15ef4c65b7SEd Tanous #include <boost/url/format.hpp>
1620fa6a2cSEd Tanous #include <nlohmann/json.hpp>
174e49bd4bSLewanczyk, Dawid 
18d7857201SEd Tanous #include <memory>
1920fa6a2cSEd Tanous #include <optional>
20d7857201SEd Tanous #include <string>
2120fa6a2cSEd Tanous #include <string_view>
22d7857201SEd Tanous #include <utility>
23d7857201SEd Tanous #include <vector>
241abe55efSEd Tanous namespace redfish
251abe55efSEd Tanous {
264e49bd4bSLewanczyk, Dawid 
getRoleFromPrivileges(std::string_view priv)278fcb65b6SAppaRao Puli inline std::string getRoleFromPrivileges(std::string_view priv)
288fcb65b6SAppaRao Puli {
298fcb65b6SAppaRao Puli     if (priv == "priv-admin")
308fcb65b6SAppaRao Puli     {
318fcb65b6SAppaRao Puli         return "Administrator";
328fcb65b6SAppaRao Puli     }
333174e4dfSEd Tanous     if (priv == "priv-user")
348fcb65b6SAppaRao Puli     {
35c80fee55SAppaRao Puli         return "ReadOnly";
368fcb65b6SAppaRao Puli     }
373174e4dfSEd Tanous     if (priv == "priv-operator")
388fcb65b6SAppaRao Puli     {
398fcb65b6SAppaRao Puli         return "Operator";
408fcb65b6SAppaRao Puli     }
418fcb65b6SAppaRao Puli     return "";
428fcb65b6SAppaRao Puli }
438fcb65b6SAppaRao Puli 
getAssignedPrivFromRole(std::string_view role)44*504af5a0SPatrick Williams inline std::optional<nlohmann::json::array_t> getAssignedPrivFromRole(
45*504af5a0SPatrick Williams     std::string_view role)
468fcb65b6SAppaRao Puli {
4720fa6a2cSEd Tanous     nlohmann::json::array_t privArray;
488fcb65b6SAppaRao Puli     if (role == "Administrator")
498fcb65b6SAppaRao Puli     {
5020fa6a2cSEd Tanous         privArray.emplace_back("Login");
5120fa6a2cSEd Tanous         privArray.emplace_back("ConfigureManager");
5220fa6a2cSEd Tanous         privArray.emplace_back("ConfigureUsers");
5320fa6a2cSEd Tanous         privArray.emplace_back("ConfigureSelf");
5420fa6a2cSEd Tanous         privArray.emplace_back("ConfigureComponents");
558fcb65b6SAppaRao Puli     }
568fcb65b6SAppaRao Puli     else if (role == "Operator")
578fcb65b6SAppaRao Puli     {
5820fa6a2cSEd Tanous         privArray.emplace_back("Login");
5920fa6a2cSEd Tanous         privArray.emplace_back("ConfigureSelf");
6020fa6a2cSEd Tanous         privArray.emplace_back("ConfigureComponents");
618fcb65b6SAppaRao Puli     }
62c80fee55SAppaRao Puli     else if (role == "ReadOnly")
638fcb65b6SAppaRao Puli     {
6420fa6a2cSEd Tanous         privArray.emplace_back("Login");
6520fa6a2cSEd Tanous         privArray.emplace_back("ConfigureSelf");
668fcb65b6SAppaRao Puli     }
678fcb65b6SAppaRao Puli     else
688fcb65b6SAppaRao Puli     {
6920fa6a2cSEd Tanous         return std::nullopt;
708fcb65b6SAppaRao Puli     }
7120fa6a2cSEd Tanous     return privArray;
728fcb65b6SAppaRao Puli }
738fcb65b6SAppaRao Puli 
requestRoutesRoles(App & app)747e860f15SJohn Edward Broadbent inline void requestRoutesRoles(App& app)
751abe55efSEd Tanous {
767e860f15SJohn Edward Broadbent     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
77ed398213SEd Tanous         .privileges(redfish::privileges::getRole)
787e860f15SJohn Edward Broadbent         .methods(boost::beast::http::verb::get)(
7945ca1b86SEd Tanous             [&app](const crow::Request& req,
807e860f15SJohn Edward Broadbent                    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
817e860f15SJohn Edward Broadbent                    const std::string& roleId) {
823ba00073SCarson Labrado                 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
8345ca1b86SEd Tanous                 {
8445ca1b86SEd Tanous                     return;
8545ca1b86SEd Tanous                 }
8620fa6a2cSEd Tanous 
8720fa6a2cSEd Tanous                 std::optional<nlohmann::json::array_t> privArray =
8820fa6a2cSEd Tanous                     getAssignedPrivFromRole(roleId);
8920fa6a2cSEd Tanous                 if (!privArray)
908fcb65b6SAppaRao Puli                 {
918d1b46d7Szhanghch05                     messages::resourceNotFound(asyncResp->res, "Role", roleId);
928d1b46d7Szhanghch05 
938fcb65b6SAppaRao Puli                     return;
948fcb65b6SAppaRao Puli                 }
958fcb65b6SAppaRao Puli 
961476687dSEd Tanous                 asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
971476687dSEd Tanous                 asyncResp->res.jsonValue["Name"] = "User Role";
981476687dSEd Tanous                 asyncResp->res.jsonValue["Description"] = roleId + " User Role";
99bd79bce8SPatrick Williams                 asyncResp->res.jsonValue["OemPrivileges"] =
100bd79bce8SPatrick Williams                     nlohmann::json::array();
1011476687dSEd Tanous                 asyncResp->res.jsonValue["IsPredefined"] = true;
1021476687dSEd Tanous                 asyncResp->res.jsonValue["Id"] = roleId;
1031476687dSEd Tanous                 asyncResp->res.jsonValue["RoleId"] = roleId;
104bd79bce8SPatrick Williams                 asyncResp->res.jsonValue["@odata.id"] = boost::urls::format(
105bd79bce8SPatrick Williams                     "/redfish/v1/AccountService/Roles/{}", roleId);
106bd79bce8SPatrick Williams                 asyncResp->res.jsonValue["AssignedPrivileges"] =
107bd79bce8SPatrick Williams                     std::move(*privArray);
1087e860f15SJohn Edward Broadbent             });
1094e49bd4bSLewanczyk, Dawid }
1104e49bd4bSLewanczyk, Dawid 
requestRoutesRoleCollection(App & app)1117e860f15SJohn Edward Broadbent inline void requestRoutesRoleCollection(App& app)
1121abe55efSEd Tanous {
1137e860f15SJohn Edward Broadbent     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
114ed398213SEd Tanous         .privileges(redfish::privileges::getRoleCollection)
1157e860f15SJohn Edward Broadbent         .methods(boost::beast::http::verb::get)(
11645ca1b86SEd Tanous             [&app](const crow::Request& req,
1177e860f15SJohn Edward Broadbent                    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
1183ba00073SCarson Labrado                 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
11945ca1b86SEd Tanous                 {
12045ca1b86SEd Tanous                     return;
12145ca1b86SEd Tanous                 }
1221476687dSEd Tanous 
1231476687dSEd Tanous                 asyncResp->res.jsonValue["@odata.id"] =
1241476687dSEd Tanous                     "/redfish/v1/AccountService/Roles";
1251476687dSEd Tanous                 asyncResp->res.jsonValue["@odata.type"] =
1261476687dSEd Tanous                     "#RoleCollection.RoleCollection";
1271476687dSEd Tanous                 asyncResp->res.jsonValue["Name"] = "Roles Collection";
1281476687dSEd Tanous                 asyncResp->res.jsonValue["Description"] = "BMC User Roles";
1298fcb65b6SAppaRao Puli 
130deae6a78SEd Tanous                 dbus::utility::getProperty<std::vector<std::string>>(
131bd79bce8SPatrick Williams                     "xyz.openbmc_project.User.Manager",
132bd79bce8SPatrick Williams                     "/xyz/openbmc_project/user",
133bd79bce8SPatrick Williams                     "xyz.openbmc_project.User.Manager", "AllPrivileges",
1345e7e2dc5SEd Tanous                     [asyncResp](const boost::system::error_code& ec,
1351e1e598dSJonathan Doman                                 const std::vector<std::string>& privList) {
1368fcb65b6SAppaRao Puli                         if (ec)
1378fcb65b6SAppaRao Puli                         {
1388fcb65b6SAppaRao Puli                             messages::internalError(asyncResp->res);
1398fcb65b6SAppaRao Puli                             return;
1408fcb65b6SAppaRao Puli                         }
141bd79bce8SPatrick Williams                         nlohmann::json& memberArray =
142bd79bce8SPatrick Williams                             asyncResp->res.jsonValue["Members"];
1438fcb65b6SAppaRao Puli                         memberArray = nlohmann::json::array();
1441e1e598dSJonathan Doman                         for (const std::string& priv : privList)
1458fcb65b6SAppaRao Puli                         {
1468fcb65b6SAppaRao Puli                             std::string role = getRoleFromPrivileges(priv);
1478fcb65b6SAppaRao Puli                             if (!role.empty())
1488fcb65b6SAppaRao Puli                             {
1491476687dSEd Tanous                                 nlohmann::json::object_t member;
150ef4c65b7SEd Tanous                                 member["@odata.id"] = boost::urls::format(
151bd79bce8SPatrick Williams                                     "/redfish/v1/AccountService/Roles/{}",
152bd79bce8SPatrick Williams                                     role);
153b2ba3072SPatrick Williams                                 memberArray.emplace_back(std::move(member));
1548fcb65b6SAppaRao Puli                             }
1558fcb65b6SAppaRao Puli                         }
1568fcb65b6SAppaRao Puli                         asyncResp->res.jsonValue["Members@odata.count"] =
1578fcb65b6SAppaRao Puli                             memberArray.size();
1581e1e598dSJonathan Doman                     });
1597e860f15SJohn Edward Broadbent             });
1604e49bd4bSLewanczyk, Dawid }
1614e49bd4bSLewanczyk, Dawid 
1624e49bd4bSLewanczyk, Dawid } // namespace redfish
163