14e49bd4bSLewanczyk, Dawid /* 24e49bd4bSLewanczyk, Dawid // Copyright (c) 2018 Intel Corporation 34e49bd4bSLewanczyk, Dawid // 44e49bd4bSLewanczyk, Dawid // Licensed under the Apache License, Version 2.0 (the "License"); 54e49bd4bSLewanczyk, Dawid // you may not use this file except in compliance with the License. 64e49bd4bSLewanczyk, Dawid // You may obtain a copy of the License at 74e49bd4bSLewanczyk, Dawid // 84e49bd4bSLewanczyk, Dawid // http://www.apache.org/licenses/LICENSE-2.0 94e49bd4bSLewanczyk, Dawid // 104e49bd4bSLewanczyk, Dawid // Unless required by applicable law or agreed to in writing, software 114e49bd4bSLewanczyk, Dawid // distributed under the License is distributed on an "AS IS" BASIS, 124e49bd4bSLewanczyk, Dawid // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134e49bd4bSLewanczyk, Dawid // See the License for the specific language governing permissions and 144e49bd4bSLewanczyk, Dawid // limitations under the License. 154e49bd4bSLewanczyk, Dawid */ 164e49bd4bSLewanczyk, Dawid #pragma once 174e49bd4bSLewanczyk, Dawid 187e860f15SJohn Edward Broadbent #include <app.hpp> 19*168e20c1SEd Tanous #include <dbus_utility.hpp> 20ed398213SEd Tanous #include <registries/privilege_registry.hpp> 214e49bd4bSLewanczyk, Dawid 22abf2add6SEd Tanous #include <variant> 23abf2add6SEd Tanous 241abe55efSEd Tanous namespace redfish 251abe55efSEd Tanous { 264e49bd4bSLewanczyk, Dawid 278fcb65b6SAppaRao Puli inline std::string getRoleFromPrivileges(std::string_view priv) 288fcb65b6SAppaRao Puli { 298fcb65b6SAppaRao Puli if (priv == "priv-admin") 308fcb65b6SAppaRao Puli { 318fcb65b6SAppaRao Puli return "Administrator"; 328fcb65b6SAppaRao Puli } 333174e4dfSEd Tanous if (priv == "priv-user") 348fcb65b6SAppaRao Puli { 35c80fee55SAppaRao Puli return "ReadOnly"; 368fcb65b6SAppaRao Puli } 373174e4dfSEd Tanous if (priv == "priv-operator") 388fcb65b6SAppaRao Puli { 398fcb65b6SAppaRao Puli return "Operator"; 408fcb65b6SAppaRao Puli } 413174e4dfSEd Tanous if (priv == "priv-noaccess") 42e9e6d240Sjayaprakash Mutyala { 43e9e6d240Sjayaprakash Mutyala return "NoAccess"; 44e9e6d240Sjayaprakash Mutyala } 458fcb65b6SAppaRao Puli return ""; 468fcb65b6SAppaRao Puli } 478fcb65b6SAppaRao Puli 488fcb65b6SAppaRao Puli inline bool getAssignedPrivFromRole(std::string_view role, 498fcb65b6SAppaRao Puli nlohmann::json& privArray) 508fcb65b6SAppaRao Puli { 518fcb65b6SAppaRao Puli if (role == "Administrator") 528fcb65b6SAppaRao Puli { 538fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureManager", "ConfigureUsers", 548fcb65b6SAppaRao Puli "ConfigureSelf", "ConfigureComponents"}; 558fcb65b6SAppaRao Puli } 568fcb65b6SAppaRao Puli else if (role == "Operator") 578fcb65b6SAppaRao Puli { 588fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureSelf", "ConfigureComponents"}; 598fcb65b6SAppaRao Puli } 60c80fee55SAppaRao Puli else if (role == "ReadOnly") 618fcb65b6SAppaRao Puli { 628fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureSelf"}; 638fcb65b6SAppaRao Puli } 64e9e6d240Sjayaprakash Mutyala else if (role == "NoAccess") 65e9e6d240Sjayaprakash Mutyala { 66e9e6d240Sjayaprakash Mutyala privArray = nlohmann::json::array(); 67e9e6d240Sjayaprakash Mutyala } 688fcb65b6SAppaRao Puli else 698fcb65b6SAppaRao Puli { 708fcb65b6SAppaRao Puli return false; 718fcb65b6SAppaRao Puli } 728fcb65b6SAppaRao Puli return true; 738fcb65b6SAppaRao Puli } 748fcb65b6SAppaRao Puli 757e860f15SJohn Edward Broadbent inline void requestRoutesRoles(App& app) 761abe55efSEd Tanous { 777e860f15SJohn Edward Broadbent BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/") 78ed398213SEd Tanous .privileges(redfish::privileges::getRole) 797e860f15SJohn Edward Broadbent .methods(boost::beast::http::verb::get)( 807e860f15SJohn Edward Broadbent [](const crow::Request&, 817e860f15SJohn Edward Broadbent const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 827e860f15SJohn Edward Broadbent const std::string& roleId) { 838fcb65b6SAppaRao Puli nlohmann::json privArray = nlohmann::json::array(); 848fcb65b6SAppaRao Puli if (false == getAssignedPrivFromRole(roleId, privArray)) 858fcb65b6SAppaRao Puli { 868d1b46d7Szhanghch05 messages::resourceNotFound(asyncResp->res, "Role", roleId); 878d1b46d7Szhanghch05 888fcb65b6SAppaRao Puli return; 898fcb65b6SAppaRao Puli } 908fcb65b6SAppaRao Puli 918d1b46d7Szhanghch05 asyncResp->res.jsonValue = { 92ec8abe60SZbigniew Kurzynski {"@odata.type", "#Role.v1_2_2.Role"}, 938fcb65b6SAppaRao Puli {"Name", "User Role"}, 940f261533SEd Tanous {"Description", roleId + " User Role"}, 958fcb65b6SAppaRao Puli {"OemPrivileges", nlohmann::json::array()}, 968fcb65b6SAppaRao Puli {"IsPredefined", true}, 978fcb65b6SAppaRao Puli {"Id", roleId}, 98ec8abe60SZbigniew Kurzynski {"RoleId", roleId}, 998fcb65b6SAppaRao Puli {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId}, 1008fcb65b6SAppaRao Puli {"AssignedPrivileges", std::move(privArray)}}; 1017e860f15SJohn Edward Broadbent }); 1024e49bd4bSLewanczyk, Dawid } 1034e49bd4bSLewanczyk, Dawid 1047e860f15SJohn Edward Broadbent inline void requestRoutesRoleCollection(App& app) 1051abe55efSEd Tanous { 1067e860f15SJohn Edward Broadbent BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/") 107ed398213SEd Tanous .privileges(redfish::privileges::getRoleCollection) 1087e860f15SJohn Edward Broadbent .methods(boost::beast::http::verb::get)( 1097e860f15SJohn Edward Broadbent [](const crow::Request&, 1107e860f15SJohn Edward Broadbent const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { 1118d1b46d7Szhanghch05 asyncResp->res.jsonValue = { 1128d1b46d7Szhanghch05 {"@odata.id", "/redfish/v1/AccountService/Roles"}, 1138fcb65b6SAppaRao Puli {"@odata.type", "#RoleCollection.RoleCollection"}, 1148fcb65b6SAppaRao Puli {"Name", "Roles Collection"}, 1158fcb65b6SAppaRao Puli {"Description", "BMC User Roles"}}; 1168fcb65b6SAppaRao Puli 1178fcb65b6SAppaRao Puli crow::connections::systemBus->async_method_call( 118*168e20c1SEd Tanous [asyncResp](const boost::system::error_code ec, 119*168e20c1SEd Tanous const dbus::utility::DbusVariantType& resp) { 1208fcb65b6SAppaRao Puli if (ec) 1218fcb65b6SAppaRao Puli { 1228fcb65b6SAppaRao Puli messages::internalError(asyncResp->res); 1238fcb65b6SAppaRao Puli return; 1248fcb65b6SAppaRao Puli } 1258fcb65b6SAppaRao Puli nlohmann::json& memberArray = 1268fcb65b6SAppaRao Puli asyncResp->res.jsonValue["Members"]; 1278fcb65b6SAppaRao Puli memberArray = nlohmann::json::array(); 1288fcb65b6SAppaRao Puli const std::vector<std::string>* privList = 129abf2add6SEd Tanous std::get_if<std::vector<std::string>>(&resp); 13066664f25SEd Tanous if (privList == nullptr) 13166664f25SEd Tanous { 13266664f25SEd Tanous messages::internalError(asyncResp->res); 13366664f25SEd Tanous return; 13466664f25SEd Tanous } 1358fcb65b6SAppaRao Puli for (const std::string& priv : *privList) 1368fcb65b6SAppaRao Puli { 1378fcb65b6SAppaRao Puli std::string role = getRoleFromPrivileges(priv); 1388fcb65b6SAppaRao Puli if (!role.empty()) 1398fcb65b6SAppaRao Puli { 1408fcb65b6SAppaRao Puli memberArray.push_back( 1418fcb65b6SAppaRao Puli {{"@odata.id", 1427e860f15SJohn Edward Broadbent "/redfish/v1/AccountService/Roles/" + 1437e860f15SJohn Edward Broadbent role}}); 1448fcb65b6SAppaRao Puli } 1458fcb65b6SAppaRao Puli } 1468fcb65b6SAppaRao Puli asyncResp->res.jsonValue["Members@odata.count"] = 1478fcb65b6SAppaRao Puli memberArray.size(); 1488fcb65b6SAppaRao Puli }, 1497e860f15SJohn Edward Broadbent "xyz.openbmc_project.User.Manager", 1507e860f15SJohn Edward Broadbent "/xyz/openbmc_project/user", 1518fcb65b6SAppaRao Puli "org.freedesktop.DBus.Properties", "Get", 1528fcb65b6SAppaRao Puli "xyz.openbmc_project.User.Manager", "AllPrivileges"); 1537e860f15SJohn Edward Broadbent }); 1544e49bd4bSLewanczyk, Dawid } 1554e49bd4bSLewanczyk, Dawid 1564e49bd4bSLewanczyk, Dawid } // namespace redfish 157