xref: /openbmc/bmcweb/features/redfish/lib/roles.hpp (revision 1476687deb1697d865b20458a0097c9ab5fd44e2) 
14e49bd4bSLewanczyk, Dawid /*
24e49bd4bSLewanczyk, Dawid // Copyright (c) 2018 Intel Corporation
34e49bd4bSLewanczyk, Dawid //
44e49bd4bSLewanczyk, Dawid // Licensed under the Apache License, Version 2.0 (the "License");
54e49bd4bSLewanczyk, Dawid // you may not use this file except in compliance with the License.
64e49bd4bSLewanczyk, Dawid // You may obtain a copy of the License at
74e49bd4bSLewanczyk, Dawid //
84e49bd4bSLewanczyk, Dawid //      http://www.apache.org/licenses/LICENSE-2.0
94e49bd4bSLewanczyk, Dawid //
104e49bd4bSLewanczyk, Dawid // Unless required by applicable law or agreed to in writing, software
114e49bd4bSLewanczyk, Dawid // distributed under the License is distributed on an "AS IS" BASIS,
124e49bd4bSLewanczyk, Dawid // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
134e49bd4bSLewanczyk, Dawid // See the License for the specific language governing permissions and
144e49bd4bSLewanczyk, Dawid // limitations under the License.
154e49bd4bSLewanczyk, Dawid */
164e49bd4bSLewanczyk, Dawid #pragma once
174e49bd4bSLewanczyk, Dawid 
187e860f15SJohn Edward Broadbent #include <app.hpp>
19168e20c1SEd Tanous #include <dbus_utility.hpp>
2045ca1b86SEd Tanous #include <query.hpp>
21ed398213SEd Tanous #include <registries/privilege_registry.hpp>
221e1e598dSJonathan Doman #include <sdbusplus/asio/property.hpp>
234e49bd4bSLewanczyk, Dawid 
24abf2add6SEd Tanous #include <variant>
251abe55efSEd Tanous namespace redfish
261abe55efSEd Tanous {
274e49bd4bSLewanczyk, Dawid 
288fcb65b6SAppaRao Puli inline std::string getRoleFromPrivileges(std::string_view priv)
298fcb65b6SAppaRao Puli {
308fcb65b6SAppaRao Puli     if (priv == "priv-admin")
318fcb65b6SAppaRao Puli     {
328fcb65b6SAppaRao Puli         return "Administrator";
338fcb65b6SAppaRao Puli     }
343174e4dfSEd Tanous     if (priv == "priv-user")
358fcb65b6SAppaRao Puli     {
36c80fee55SAppaRao Puli         return "ReadOnly";
378fcb65b6SAppaRao Puli     }
383174e4dfSEd Tanous     if (priv == "priv-operator")
398fcb65b6SAppaRao Puli     {
408fcb65b6SAppaRao Puli         return "Operator";
418fcb65b6SAppaRao Puli     }
423174e4dfSEd Tanous     if (priv == "priv-noaccess")
43e9e6d240Sjayaprakash Mutyala     {
44e9e6d240Sjayaprakash Mutyala         return "NoAccess";
45e9e6d240Sjayaprakash Mutyala     }
468fcb65b6SAppaRao Puli     return "";
478fcb65b6SAppaRao Puli }
488fcb65b6SAppaRao Puli 
498fcb65b6SAppaRao Puli inline bool getAssignedPrivFromRole(std::string_view role,
508fcb65b6SAppaRao Puli                                     nlohmann::json& privArray)
518fcb65b6SAppaRao Puli {
528fcb65b6SAppaRao Puli     if (role == "Administrator")
538fcb65b6SAppaRao Puli     {
548fcb65b6SAppaRao Puli         privArray = {"Login", "ConfigureManager", "ConfigureUsers",
558fcb65b6SAppaRao Puli                      "ConfigureSelf", "ConfigureComponents"};
568fcb65b6SAppaRao Puli     }
578fcb65b6SAppaRao Puli     else if (role == "Operator")
588fcb65b6SAppaRao Puli     {
598fcb65b6SAppaRao Puli         privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
608fcb65b6SAppaRao Puli     }
61c80fee55SAppaRao Puli     else if (role == "ReadOnly")
628fcb65b6SAppaRao Puli     {
638fcb65b6SAppaRao Puli         privArray = {"Login", "ConfigureSelf"};
648fcb65b6SAppaRao Puli     }
65e9e6d240Sjayaprakash Mutyala     else if (role == "NoAccess")
66e9e6d240Sjayaprakash Mutyala     {
67e9e6d240Sjayaprakash Mutyala         privArray = nlohmann::json::array();
68e9e6d240Sjayaprakash Mutyala     }
698fcb65b6SAppaRao Puli     else
708fcb65b6SAppaRao Puli     {
718fcb65b6SAppaRao Puli         return false;
728fcb65b6SAppaRao Puli     }
738fcb65b6SAppaRao Puli     return true;
748fcb65b6SAppaRao Puli }
758fcb65b6SAppaRao Puli 
767e860f15SJohn Edward Broadbent inline void requestRoutesRoles(App& app)
771abe55efSEd Tanous {
787e860f15SJohn Edward Broadbent     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
79ed398213SEd Tanous         .privileges(redfish::privileges::getRole)
807e860f15SJohn Edward Broadbent         .methods(boost::beast::http::verb::get)(
8145ca1b86SEd Tanous             [&app](const crow::Request& req,
827e860f15SJohn Edward Broadbent                    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
837e860f15SJohn Edward Broadbent                    const std::string& roleId) {
8445ca1b86SEd Tanous                 if (!redfish::setUpRedfishRoute(app, req, asyncResp->res))
8545ca1b86SEd Tanous                 {
8645ca1b86SEd Tanous                     return;
8745ca1b86SEd Tanous                 }
888fcb65b6SAppaRao Puli                 nlohmann::json privArray = nlohmann::json::array();
89e05aec50SEd Tanous                 if (!getAssignedPrivFromRole(roleId, privArray))
908fcb65b6SAppaRao Puli                 {
918d1b46d7Szhanghch05                     messages::resourceNotFound(asyncResp->res, "Role", roleId);
928d1b46d7Szhanghch05 
938fcb65b6SAppaRao Puli                     return;
948fcb65b6SAppaRao Puli                 }
958fcb65b6SAppaRao Puli 
96*1476687dSEd Tanous                 asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
97*1476687dSEd Tanous                 asyncResp->res.jsonValue["Name"] = "User Role";
98*1476687dSEd Tanous                 asyncResp->res.jsonValue["Description"] = roleId + " User Role";
99*1476687dSEd Tanous                 asyncResp->res.jsonValue["OemPrivileges"] =
100*1476687dSEd Tanous                     nlohmann::json::array();
101*1476687dSEd Tanous                 asyncResp->res.jsonValue["IsPredefined"] = true;
102*1476687dSEd Tanous                 asyncResp->res.jsonValue["Id"] = roleId;
103*1476687dSEd Tanous                 asyncResp->res.jsonValue["RoleId"] = roleId;
104*1476687dSEd Tanous                 asyncResp->res.jsonValue["@odata.id"] =
105*1476687dSEd Tanous                     "/redfish/v1/AccountService/Roles/" + roleId;
106*1476687dSEd Tanous                 asyncResp->res.jsonValue["AssignedPrivileges"] =
107*1476687dSEd Tanous                     std::move(privArray);
1087e860f15SJohn Edward Broadbent             });
1094e49bd4bSLewanczyk, Dawid }
1104e49bd4bSLewanczyk, Dawid 
1117e860f15SJohn Edward Broadbent inline void requestRoutesRoleCollection(App& app)
1121abe55efSEd Tanous {
1137e860f15SJohn Edward Broadbent     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
114ed398213SEd Tanous         .privileges(redfish::privileges::getRoleCollection)
1157e860f15SJohn Edward Broadbent         .methods(boost::beast::http::verb::get)(
11645ca1b86SEd Tanous             [&app](const crow::Request& req,
1177e860f15SJohn Edward Broadbent                    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
11845ca1b86SEd Tanous                 if (!redfish::setUpRedfishRoute(app, req, asyncResp->res))
11945ca1b86SEd Tanous                 {
12045ca1b86SEd Tanous                     return;
12145ca1b86SEd Tanous                 }
122*1476687dSEd Tanous 
123*1476687dSEd Tanous                 asyncResp->res.jsonValue["@odata.id"] =
124*1476687dSEd Tanous                     "/redfish/v1/AccountService/Roles";
125*1476687dSEd Tanous                 asyncResp->res.jsonValue["@odata.type"] =
126*1476687dSEd Tanous                     "#RoleCollection.RoleCollection";
127*1476687dSEd Tanous                 asyncResp->res.jsonValue["Name"] = "Roles Collection";
128*1476687dSEd Tanous                 asyncResp->res.jsonValue["Description"] = "BMC User Roles";
1298fcb65b6SAppaRao Puli 
1301e1e598dSJonathan Doman                 sdbusplus::asio::getProperty<std::vector<std::string>>(
1311e1e598dSJonathan Doman                     *crow::connections::systemBus,
1321e1e598dSJonathan Doman                     "xyz.openbmc_project.User.Manager",
1331e1e598dSJonathan Doman                     "/xyz/openbmc_project/user",
1341e1e598dSJonathan Doman                     "xyz.openbmc_project.User.Manager", "AllPrivileges",
135168e20c1SEd Tanous                     [asyncResp](const boost::system::error_code ec,
1361e1e598dSJonathan Doman                                 const std::vector<std::string>& privList) {
1378fcb65b6SAppaRao Puli                         if (ec)
1388fcb65b6SAppaRao Puli                         {
1398fcb65b6SAppaRao Puli                             messages::internalError(asyncResp->res);
1408fcb65b6SAppaRao Puli                             return;
1418fcb65b6SAppaRao Puli                         }
1428fcb65b6SAppaRao Puli                         nlohmann::json& memberArray =
1438fcb65b6SAppaRao Puli                             asyncResp->res.jsonValue["Members"];
1448fcb65b6SAppaRao Puli                         memberArray = nlohmann::json::array();
1451e1e598dSJonathan Doman                         for (const std::string& priv : privList)
1468fcb65b6SAppaRao Puli                         {
1478fcb65b6SAppaRao Puli                             std::string role = getRoleFromPrivileges(priv);
1488fcb65b6SAppaRao Puli                             if (!role.empty())
1498fcb65b6SAppaRao Puli                             {
150*1476687dSEd Tanous                                 nlohmann::json::object_t member;
151*1476687dSEd Tanous                                 member["@odata.id"] =
152*1476687dSEd Tanous                                     "/redfish/v1/AccountService/Roles/" + role;
153*1476687dSEd Tanous                                 memberArray.push_back(std::move(member));
1548fcb65b6SAppaRao Puli                             }
1558fcb65b6SAppaRao Puli                         }
1568fcb65b6SAppaRao Puli                         asyncResp->res.jsonValue["Members@odata.count"] =
1578fcb65b6SAppaRao Puli                             memberArray.size();
1581e1e598dSJonathan Doman                     });
1597e860f15SJohn Edward Broadbent             });
1604e49bd4bSLewanczyk, Dawid }
1614e49bd4bSLewanczyk, Dawid 
1624e49bd4bSLewanczyk, Dawid } // namespace redfish
163