1*40e9b92eSEd Tanous // SPDX-License-Identifier: Apache-2.0 2*40e9b92eSEd Tanous // SPDX-FileCopyrightText: Copyright OpenBMC Authors 3*40e9b92eSEd Tanous // SPDX-FileCopyrightText: Copyright 2018 Intel Corporation 44e49bd4bSLewanczyk, Dawid #pragma once 54e49bd4bSLewanczyk, Dawid 63ccb3adbSEd Tanous #include "app.hpp" 73ccb3adbSEd Tanous #include "dbus_utility.hpp" 83ccb3adbSEd Tanous #include "query.hpp" 93ccb3adbSEd Tanous #include "registries/privilege_registry.hpp" 103ccb3adbSEd Tanous 11ef4c65b7SEd Tanous #include <boost/url/format.hpp> 1220fa6a2cSEd Tanous #include <nlohmann/json.hpp> 131e1e598dSJonathan Doman #include <sdbusplus/asio/property.hpp> 144e49bd4bSLewanczyk, Dawid 1520fa6a2cSEd Tanous #include <optional> 1620fa6a2cSEd Tanous #include <string_view> 17abf2add6SEd Tanous #include <variant> 181abe55efSEd Tanous namespace redfish 191abe55efSEd Tanous { 204e49bd4bSLewanczyk, Dawid 218fcb65b6SAppaRao Puli inline std::string getRoleFromPrivileges(std::string_view priv) 228fcb65b6SAppaRao Puli { 238fcb65b6SAppaRao Puli if (priv == "priv-admin") 248fcb65b6SAppaRao Puli { 258fcb65b6SAppaRao Puli return "Administrator"; 268fcb65b6SAppaRao Puli } 273174e4dfSEd Tanous if (priv == "priv-user") 288fcb65b6SAppaRao Puli { 29c80fee55SAppaRao Puli return "ReadOnly"; 308fcb65b6SAppaRao Puli } 313174e4dfSEd Tanous if (priv == "priv-operator") 328fcb65b6SAppaRao Puli { 338fcb65b6SAppaRao Puli return "Operator"; 348fcb65b6SAppaRao Puli } 358fcb65b6SAppaRao Puli return ""; 368fcb65b6SAppaRao Puli } 378fcb65b6SAppaRao Puli 3820fa6a2cSEd Tanous inline std::optional<nlohmann::json::array_t> 3920fa6a2cSEd Tanous getAssignedPrivFromRole(std::string_view role) 408fcb65b6SAppaRao Puli { 4120fa6a2cSEd Tanous nlohmann::json::array_t privArray; 428fcb65b6SAppaRao Puli if (role == "Administrator") 438fcb65b6SAppaRao Puli { 4420fa6a2cSEd Tanous privArray.emplace_back("Login"); 4520fa6a2cSEd Tanous privArray.emplace_back("ConfigureManager"); 4620fa6a2cSEd Tanous privArray.emplace_back("ConfigureUsers"); 4720fa6a2cSEd Tanous privArray.emplace_back("ConfigureSelf"); 4820fa6a2cSEd Tanous privArray.emplace_back("ConfigureComponents"); 498fcb65b6SAppaRao Puli } 508fcb65b6SAppaRao Puli else if (role == "Operator") 518fcb65b6SAppaRao Puli { 5220fa6a2cSEd Tanous privArray.emplace_back("Login"); 5320fa6a2cSEd Tanous privArray.emplace_back("ConfigureSelf"); 5420fa6a2cSEd Tanous privArray.emplace_back("ConfigureComponents"); 558fcb65b6SAppaRao Puli } 56c80fee55SAppaRao Puli else if (role == "ReadOnly") 578fcb65b6SAppaRao Puli { 5820fa6a2cSEd Tanous privArray.emplace_back("Login"); 5920fa6a2cSEd Tanous privArray.emplace_back("ConfigureSelf"); 608fcb65b6SAppaRao Puli } 618fcb65b6SAppaRao Puli else 628fcb65b6SAppaRao Puli { 6320fa6a2cSEd Tanous return std::nullopt; 648fcb65b6SAppaRao Puli } 6520fa6a2cSEd Tanous return privArray; 668fcb65b6SAppaRao Puli } 678fcb65b6SAppaRao Puli 687e860f15SJohn Edward Broadbent inline void requestRoutesRoles(App& app) 691abe55efSEd Tanous { 707e860f15SJohn Edward Broadbent BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/") 71ed398213SEd Tanous .privileges(redfish::privileges::getRole) 727e860f15SJohn Edward Broadbent .methods(boost::beast::http::verb::get)( 7345ca1b86SEd Tanous [&app](const crow::Request& req, 747e860f15SJohn Edward Broadbent const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 757e860f15SJohn Edward Broadbent const std::string& roleId) { 763ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 7745ca1b86SEd Tanous { 7845ca1b86SEd Tanous return; 7945ca1b86SEd Tanous } 8020fa6a2cSEd Tanous 8120fa6a2cSEd Tanous std::optional<nlohmann::json::array_t> privArray = 8220fa6a2cSEd Tanous getAssignedPrivFromRole(roleId); 8320fa6a2cSEd Tanous if (!privArray) 848fcb65b6SAppaRao Puli { 858d1b46d7Szhanghch05 messages::resourceNotFound(asyncResp->res, "Role", roleId); 868d1b46d7Szhanghch05 878fcb65b6SAppaRao Puli return; 888fcb65b6SAppaRao Puli } 898fcb65b6SAppaRao Puli 901476687dSEd Tanous asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role"; 911476687dSEd Tanous asyncResp->res.jsonValue["Name"] = "User Role"; 921476687dSEd Tanous asyncResp->res.jsonValue["Description"] = roleId + " User Role"; 93bd79bce8SPatrick Williams asyncResp->res.jsonValue["OemPrivileges"] = 94bd79bce8SPatrick Williams nlohmann::json::array(); 951476687dSEd Tanous asyncResp->res.jsonValue["IsPredefined"] = true; 961476687dSEd Tanous asyncResp->res.jsonValue["Id"] = roleId; 971476687dSEd Tanous asyncResp->res.jsonValue["RoleId"] = roleId; 98bd79bce8SPatrick Williams asyncResp->res.jsonValue["@odata.id"] = boost::urls::format( 99bd79bce8SPatrick Williams "/redfish/v1/AccountService/Roles/{}", roleId); 100bd79bce8SPatrick Williams asyncResp->res.jsonValue["AssignedPrivileges"] = 101bd79bce8SPatrick Williams std::move(*privArray); 1027e860f15SJohn Edward Broadbent }); 1034e49bd4bSLewanczyk, Dawid } 1044e49bd4bSLewanczyk, Dawid 1057e860f15SJohn Edward Broadbent inline void requestRoutesRoleCollection(App& app) 1061abe55efSEd Tanous { 1077e860f15SJohn Edward Broadbent BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/") 108ed398213SEd Tanous .privileges(redfish::privileges::getRoleCollection) 1097e860f15SJohn Edward Broadbent .methods(boost::beast::http::verb::get)( 11045ca1b86SEd Tanous [&app](const crow::Request& req, 1117e860f15SJohn Edward Broadbent const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { 1123ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 11345ca1b86SEd Tanous { 11445ca1b86SEd Tanous return; 11545ca1b86SEd Tanous } 1161476687dSEd Tanous 1171476687dSEd Tanous asyncResp->res.jsonValue["@odata.id"] = 1181476687dSEd Tanous "/redfish/v1/AccountService/Roles"; 1191476687dSEd Tanous asyncResp->res.jsonValue["@odata.type"] = 1201476687dSEd Tanous "#RoleCollection.RoleCollection"; 1211476687dSEd Tanous asyncResp->res.jsonValue["Name"] = "Roles Collection"; 1221476687dSEd Tanous asyncResp->res.jsonValue["Description"] = "BMC User Roles"; 1238fcb65b6SAppaRao Puli 124deae6a78SEd Tanous dbus::utility::getProperty<std::vector<std::string>>( 125bd79bce8SPatrick Williams "xyz.openbmc_project.User.Manager", 126bd79bce8SPatrick Williams "/xyz/openbmc_project/user", 127bd79bce8SPatrick Williams "xyz.openbmc_project.User.Manager", "AllPrivileges", 1285e7e2dc5SEd Tanous [asyncResp](const boost::system::error_code& ec, 1291e1e598dSJonathan Doman const std::vector<std::string>& privList) { 1308fcb65b6SAppaRao Puli if (ec) 1318fcb65b6SAppaRao Puli { 1328fcb65b6SAppaRao Puli messages::internalError(asyncResp->res); 1338fcb65b6SAppaRao Puli return; 1348fcb65b6SAppaRao Puli } 135bd79bce8SPatrick Williams nlohmann::json& memberArray = 136bd79bce8SPatrick Williams asyncResp->res.jsonValue["Members"]; 1378fcb65b6SAppaRao Puli memberArray = nlohmann::json::array(); 1381e1e598dSJonathan Doman for (const std::string& priv : privList) 1398fcb65b6SAppaRao Puli { 1408fcb65b6SAppaRao Puli std::string role = getRoleFromPrivileges(priv); 1418fcb65b6SAppaRao Puli if (!role.empty()) 1428fcb65b6SAppaRao Puli { 1431476687dSEd Tanous nlohmann::json::object_t member; 144ef4c65b7SEd Tanous member["@odata.id"] = boost::urls::format( 145bd79bce8SPatrick Williams "/redfish/v1/AccountService/Roles/{}", 146bd79bce8SPatrick Williams role); 147b2ba3072SPatrick Williams memberArray.emplace_back(std::move(member)); 1488fcb65b6SAppaRao Puli } 1498fcb65b6SAppaRao Puli } 1508fcb65b6SAppaRao Puli asyncResp->res.jsonValue["Members@odata.count"] = 1518fcb65b6SAppaRao Puli memberArray.size(); 1521e1e598dSJonathan Doman }); 1537e860f15SJohn Edward Broadbent }); 1544e49bd4bSLewanczyk, Dawid } 1554e49bd4bSLewanczyk, Dawid 1564e49bd4bSLewanczyk, Dawid } // namespace redfish 157