140e9b92eSEd Tanous // SPDX-License-Identifier: Apache-2.0 240e9b92eSEd Tanous // SPDX-FileCopyrightText: Copyright OpenBMC Authors 340e9b92eSEd Tanous // SPDX-FileCopyrightText: Copyright 2018 Intel Corporation 44e49bd4bSLewanczyk, Dawid #pragma once 54e49bd4bSLewanczyk, Dawid 63ccb3adbSEd Tanous #include "app.hpp" 7d7857201SEd Tanous #include "async_resp.hpp" 83ccb3adbSEd Tanous #include "dbus_utility.hpp" 9d7857201SEd Tanous #include "error_messages.hpp" 10d7857201SEd Tanous #include "http_request.hpp" 113ccb3adbSEd Tanous #include "query.hpp" 123ccb3adbSEd Tanous #include "registries/privilege_registry.hpp" 133ccb3adbSEd Tanous 14d7857201SEd Tanous #include <boost/beast/http/verb.hpp> 15ef4c65b7SEd Tanous #include <boost/url/format.hpp> 1620fa6a2cSEd Tanous #include <nlohmann/json.hpp> 174e49bd4bSLewanczyk, Dawid 18d7857201SEd Tanous #include <memory> 1920fa6a2cSEd Tanous #include <optional> 20d7857201SEd Tanous #include <string> 2120fa6a2cSEd Tanous #include <string_view> 22d7857201SEd Tanous #include <utility> 23d7857201SEd Tanous #include <vector> 241abe55efSEd Tanous namespace redfish 251abe55efSEd Tanous { 264e49bd4bSLewanczyk, Dawid 278fcb65b6SAppaRao Puli inline std::string getRoleFromPrivileges(std::string_view priv) 288fcb65b6SAppaRao Puli { 298fcb65b6SAppaRao Puli if (priv == "priv-admin") 308fcb65b6SAppaRao Puli { 318fcb65b6SAppaRao Puli return "Administrator"; 328fcb65b6SAppaRao Puli } 333174e4dfSEd Tanous if (priv == "priv-user") 348fcb65b6SAppaRao Puli { 35c80fee55SAppaRao Puli return "ReadOnly"; 368fcb65b6SAppaRao Puli } 373174e4dfSEd Tanous if (priv == "priv-operator") 388fcb65b6SAppaRao Puli { 398fcb65b6SAppaRao Puli return "Operator"; 408fcb65b6SAppaRao Puli } 418fcb65b6SAppaRao Puli return ""; 428fcb65b6SAppaRao Puli } 438fcb65b6SAppaRao Puli 44*504af5a0SPatrick Williams inline std::optional<nlohmann::json::array_t> getAssignedPrivFromRole( 45*504af5a0SPatrick Williams std::string_view role) 468fcb65b6SAppaRao Puli { 4720fa6a2cSEd Tanous nlohmann::json::array_t privArray; 488fcb65b6SAppaRao Puli if (role == "Administrator") 498fcb65b6SAppaRao Puli { 5020fa6a2cSEd Tanous privArray.emplace_back("Login"); 5120fa6a2cSEd Tanous privArray.emplace_back("ConfigureManager"); 5220fa6a2cSEd Tanous privArray.emplace_back("ConfigureUsers"); 5320fa6a2cSEd Tanous privArray.emplace_back("ConfigureSelf"); 5420fa6a2cSEd Tanous privArray.emplace_back("ConfigureComponents"); 558fcb65b6SAppaRao Puli } 568fcb65b6SAppaRao Puli else if (role == "Operator") 578fcb65b6SAppaRao Puli { 5820fa6a2cSEd Tanous privArray.emplace_back("Login"); 5920fa6a2cSEd Tanous privArray.emplace_back("ConfigureSelf"); 6020fa6a2cSEd Tanous privArray.emplace_back("ConfigureComponents"); 618fcb65b6SAppaRao Puli } 62c80fee55SAppaRao Puli else if (role == "ReadOnly") 638fcb65b6SAppaRao Puli { 6420fa6a2cSEd Tanous privArray.emplace_back("Login"); 6520fa6a2cSEd Tanous privArray.emplace_back("ConfigureSelf"); 668fcb65b6SAppaRao Puli } 678fcb65b6SAppaRao Puli else 688fcb65b6SAppaRao Puli { 6920fa6a2cSEd Tanous return std::nullopt; 708fcb65b6SAppaRao Puli } 7120fa6a2cSEd Tanous return privArray; 728fcb65b6SAppaRao Puli } 738fcb65b6SAppaRao Puli 747e860f15SJohn Edward Broadbent inline void requestRoutesRoles(App& app) 751abe55efSEd Tanous { 767e860f15SJohn Edward Broadbent BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/") 77ed398213SEd Tanous .privileges(redfish::privileges::getRole) 787e860f15SJohn Edward Broadbent .methods(boost::beast::http::verb::get)( 7945ca1b86SEd Tanous [&app](const crow::Request& req, 807e860f15SJohn Edward Broadbent const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 817e860f15SJohn Edward Broadbent const std::string& roleId) { 823ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 8345ca1b86SEd Tanous { 8445ca1b86SEd Tanous return; 8545ca1b86SEd Tanous } 8620fa6a2cSEd Tanous 8720fa6a2cSEd Tanous std::optional<nlohmann::json::array_t> privArray = 8820fa6a2cSEd Tanous getAssignedPrivFromRole(roleId); 8920fa6a2cSEd Tanous if (!privArray) 908fcb65b6SAppaRao Puli { 918d1b46d7Szhanghch05 messages::resourceNotFound(asyncResp->res, "Role", roleId); 928d1b46d7Szhanghch05 938fcb65b6SAppaRao Puli return; 948fcb65b6SAppaRao Puli } 958fcb65b6SAppaRao Puli 961476687dSEd Tanous asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role"; 971476687dSEd Tanous asyncResp->res.jsonValue["Name"] = "User Role"; 981476687dSEd Tanous asyncResp->res.jsonValue["Description"] = roleId + " User Role"; 99bd79bce8SPatrick Williams asyncResp->res.jsonValue["OemPrivileges"] = 100bd79bce8SPatrick Williams nlohmann::json::array(); 1011476687dSEd Tanous asyncResp->res.jsonValue["IsPredefined"] = true; 1021476687dSEd Tanous asyncResp->res.jsonValue["Id"] = roleId; 1031476687dSEd Tanous asyncResp->res.jsonValue["RoleId"] = roleId; 104bd79bce8SPatrick Williams asyncResp->res.jsonValue["@odata.id"] = boost::urls::format( 105bd79bce8SPatrick Williams "/redfish/v1/AccountService/Roles/{}", roleId); 106bd79bce8SPatrick Williams asyncResp->res.jsonValue["AssignedPrivileges"] = 107bd79bce8SPatrick Williams std::move(*privArray); 1087e860f15SJohn Edward Broadbent }); 1094e49bd4bSLewanczyk, Dawid } 1104e49bd4bSLewanczyk, Dawid 1117e860f15SJohn Edward Broadbent inline void requestRoutesRoleCollection(App& app) 1121abe55efSEd Tanous { 1137e860f15SJohn Edward Broadbent BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/") 114ed398213SEd Tanous .privileges(redfish::privileges::getRoleCollection) 1157e860f15SJohn Edward Broadbent .methods(boost::beast::http::verb::get)( 11645ca1b86SEd Tanous [&app](const crow::Request& req, 1177e860f15SJohn Edward Broadbent const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { 1183ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 11945ca1b86SEd Tanous { 12045ca1b86SEd Tanous return; 12145ca1b86SEd Tanous } 1221476687dSEd Tanous 1231476687dSEd Tanous asyncResp->res.jsonValue["@odata.id"] = 1241476687dSEd Tanous "/redfish/v1/AccountService/Roles"; 1251476687dSEd Tanous asyncResp->res.jsonValue["@odata.type"] = 1261476687dSEd Tanous "#RoleCollection.RoleCollection"; 1271476687dSEd Tanous asyncResp->res.jsonValue["Name"] = "Roles Collection"; 1281476687dSEd Tanous asyncResp->res.jsonValue["Description"] = "BMC User Roles"; 1298fcb65b6SAppaRao Puli 130deae6a78SEd Tanous dbus::utility::getProperty<std::vector<std::string>>( 131bd79bce8SPatrick Williams "xyz.openbmc_project.User.Manager", 132bd79bce8SPatrick Williams "/xyz/openbmc_project/user", 133bd79bce8SPatrick Williams "xyz.openbmc_project.User.Manager", "AllPrivileges", 1345e7e2dc5SEd Tanous [asyncResp](const boost::system::error_code& ec, 1351e1e598dSJonathan Doman const std::vector<std::string>& privList) { 1368fcb65b6SAppaRao Puli if (ec) 1378fcb65b6SAppaRao Puli { 1388fcb65b6SAppaRao Puli messages::internalError(asyncResp->res); 1398fcb65b6SAppaRao Puli return; 1408fcb65b6SAppaRao Puli } 141bd79bce8SPatrick Williams nlohmann::json& memberArray = 142bd79bce8SPatrick Williams asyncResp->res.jsonValue["Members"]; 1438fcb65b6SAppaRao Puli memberArray = nlohmann::json::array(); 1441e1e598dSJonathan Doman for (const std::string& priv : privList) 1458fcb65b6SAppaRao Puli { 1468fcb65b6SAppaRao Puli std::string role = getRoleFromPrivileges(priv); 1478fcb65b6SAppaRao Puli if (!role.empty()) 1488fcb65b6SAppaRao Puli { 1491476687dSEd Tanous nlohmann::json::object_t member; 150ef4c65b7SEd Tanous member["@odata.id"] = boost::urls::format( 151bd79bce8SPatrick Williams "/redfish/v1/AccountService/Roles/{}", 152bd79bce8SPatrick Williams role); 153b2ba3072SPatrick Williams memberArray.emplace_back(std::move(member)); 1548fcb65b6SAppaRao Puli } 1558fcb65b6SAppaRao Puli } 1568fcb65b6SAppaRao Puli asyncResp->res.jsonValue["Members@odata.count"] = 1578fcb65b6SAppaRao Puli memberArray.size(); 1581e1e598dSJonathan Doman }); 1597e860f15SJohn Edward Broadbent }); 1604e49bd4bSLewanczyk, Dawid } 1614e49bd4bSLewanczyk, Dawid 1624e49bd4bSLewanczyk, Dawid } // namespace redfish 163