14e49bd4bSLewanczyk, Dawid /* 24e49bd4bSLewanczyk, Dawid // Copyright (c) 2018 Intel Corporation 34e49bd4bSLewanczyk, Dawid // 44e49bd4bSLewanczyk, Dawid // Licensed under the Apache License, Version 2.0 (the "License"); 54e49bd4bSLewanczyk, Dawid // you may not use this file except in compliance with the License. 64e49bd4bSLewanczyk, Dawid // You may obtain a copy of the License at 74e49bd4bSLewanczyk, Dawid // 84e49bd4bSLewanczyk, Dawid // http://www.apache.org/licenses/LICENSE-2.0 94e49bd4bSLewanczyk, Dawid // 104e49bd4bSLewanczyk, Dawid // Unless required by applicable law or agreed to in writing, software 114e49bd4bSLewanczyk, Dawid // distributed under the License is distributed on an "AS IS" BASIS, 124e49bd4bSLewanczyk, Dawid // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134e49bd4bSLewanczyk, Dawid // See the License for the specific language governing permissions and 144e49bd4bSLewanczyk, Dawid // limitations under the License. 154e49bd4bSLewanczyk, Dawid */ 164e49bd4bSLewanczyk, Dawid #pragma once 174e49bd4bSLewanczyk, Dawid 183ccb3adbSEd Tanous #include "app.hpp" 193ccb3adbSEd Tanous #include "dbus_utility.hpp" 203ccb3adbSEd Tanous #include "query.hpp" 213ccb3adbSEd Tanous #include "registries/privilege_registry.hpp" 223ccb3adbSEd Tanous 231e1e598dSJonathan Doman #include <sdbusplus/asio/property.hpp> 244e49bd4bSLewanczyk, Dawid 25abf2add6SEd Tanous #include <variant> 261abe55efSEd Tanous namespace redfish 271abe55efSEd Tanous { 284e49bd4bSLewanczyk, Dawid 298fcb65b6SAppaRao Puli inline std::string getRoleFromPrivileges(std::string_view priv) 308fcb65b6SAppaRao Puli { 318fcb65b6SAppaRao Puli if (priv == "priv-admin") 328fcb65b6SAppaRao Puli { 338fcb65b6SAppaRao Puli return "Administrator"; 348fcb65b6SAppaRao Puli } 353174e4dfSEd Tanous if (priv == "priv-user") 368fcb65b6SAppaRao Puli { 37c80fee55SAppaRao Puli return "ReadOnly"; 388fcb65b6SAppaRao Puli } 393174e4dfSEd Tanous if (priv == "priv-operator") 408fcb65b6SAppaRao Puli { 418fcb65b6SAppaRao Puli return "Operator"; 428fcb65b6SAppaRao Puli } 438fcb65b6SAppaRao Puli return ""; 448fcb65b6SAppaRao Puli } 458fcb65b6SAppaRao Puli 468fcb65b6SAppaRao Puli inline bool getAssignedPrivFromRole(std::string_view role, 478fcb65b6SAppaRao Puli nlohmann::json& privArray) 488fcb65b6SAppaRao Puli { 498fcb65b6SAppaRao Puli if (role == "Administrator") 508fcb65b6SAppaRao Puli { 518fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureManager", "ConfigureUsers", 528fcb65b6SAppaRao Puli "ConfigureSelf", "ConfigureComponents"}; 538fcb65b6SAppaRao Puli } 548fcb65b6SAppaRao Puli else if (role == "Operator") 558fcb65b6SAppaRao Puli { 568fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureSelf", "ConfigureComponents"}; 578fcb65b6SAppaRao Puli } 58c80fee55SAppaRao Puli else if (role == "ReadOnly") 598fcb65b6SAppaRao Puli { 608fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureSelf"}; 618fcb65b6SAppaRao Puli } 628fcb65b6SAppaRao Puli else 638fcb65b6SAppaRao Puli { 648fcb65b6SAppaRao Puli return false; 658fcb65b6SAppaRao Puli } 668fcb65b6SAppaRao Puli return true; 678fcb65b6SAppaRao Puli } 688fcb65b6SAppaRao Puli 697e860f15SJohn Edward Broadbent inline void requestRoutesRoles(App& app) 701abe55efSEd Tanous { 717e860f15SJohn Edward Broadbent BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/") 72ed398213SEd Tanous .privileges(redfish::privileges::getRole) 737e860f15SJohn Edward Broadbent .methods(boost::beast::http::verb::get)( 7445ca1b86SEd Tanous [&app](const crow::Request& req, 757e860f15SJohn Edward Broadbent const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 767e860f15SJohn Edward Broadbent const std::string& roleId) { 773ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 7845ca1b86SEd Tanous { 7945ca1b86SEd Tanous return; 8045ca1b86SEd Tanous } 818fcb65b6SAppaRao Puli nlohmann::json privArray = nlohmann::json::array(); 82e05aec50SEd Tanous if (!getAssignedPrivFromRole(roleId, privArray)) 838fcb65b6SAppaRao Puli { 848d1b46d7Szhanghch05 messages::resourceNotFound(asyncResp->res, "Role", roleId); 858d1b46d7Szhanghch05 868fcb65b6SAppaRao Puli return; 878fcb65b6SAppaRao Puli } 888fcb65b6SAppaRao Puli 891476687dSEd Tanous asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role"; 901476687dSEd Tanous asyncResp->res.jsonValue["Name"] = "User Role"; 911476687dSEd Tanous asyncResp->res.jsonValue["Description"] = roleId + " User Role"; 92002d39b4SEd Tanous asyncResp->res.jsonValue["OemPrivileges"] = nlohmann::json::array(); 931476687dSEd Tanous asyncResp->res.jsonValue["IsPredefined"] = true; 941476687dSEd Tanous asyncResp->res.jsonValue["Id"] = roleId; 951476687dSEd Tanous asyncResp->res.jsonValue["RoleId"] = roleId; 96eddfc437SWilly Tu asyncResp->res.jsonValue["@odata.id"] = crow::utility::urlFromPieces( 97eddfc437SWilly Tu "redfish", "v1", "AccountService", "Roles", roleId); 98002d39b4SEd Tanous asyncResp->res.jsonValue["AssignedPrivileges"] = std::move(privArray); 997e860f15SJohn Edward Broadbent }); 1004e49bd4bSLewanczyk, Dawid } 1014e49bd4bSLewanczyk, Dawid 1027e860f15SJohn Edward Broadbent inline void requestRoutesRoleCollection(App& app) 1031abe55efSEd Tanous { 1047e860f15SJohn Edward Broadbent BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/") 105ed398213SEd Tanous .privileges(redfish::privileges::getRoleCollection) 1067e860f15SJohn Edward Broadbent .methods(boost::beast::http::verb::get)( 10745ca1b86SEd Tanous [&app](const crow::Request& req, 1087e860f15SJohn Edward Broadbent const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { 1093ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 11045ca1b86SEd Tanous { 11145ca1b86SEd Tanous return; 11245ca1b86SEd Tanous } 1131476687dSEd Tanous 1141476687dSEd Tanous asyncResp->res.jsonValue["@odata.id"] = 1151476687dSEd Tanous "/redfish/v1/AccountService/Roles"; 1161476687dSEd Tanous asyncResp->res.jsonValue["@odata.type"] = 1171476687dSEd Tanous "#RoleCollection.RoleCollection"; 1181476687dSEd Tanous asyncResp->res.jsonValue["Name"] = "Roles Collection"; 1191476687dSEd Tanous asyncResp->res.jsonValue["Description"] = "BMC User Roles"; 1208fcb65b6SAppaRao Puli 1211e1e598dSJonathan Doman sdbusplus::asio::getProperty<std::vector<std::string>>( 122002d39b4SEd Tanous *crow::connections::systemBus, "xyz.openbmc_project.User.Manager", 123002d39b4SEd Tanous "/xyz/openbmc_project/user", "xyz.openbmc_project.User.Manager", 124002d39b4SEd Tanous "AllPrivileges", 125*5e7e2dc5SEd Tanous [asyncResp](const boost::system::error_code& ec, 1261e1e598dSJonathan Doman const std::vector<std::string>& privList) { 1278fcb65b6SAppaRao Puli if (ec) 1288fcb65b6SAppaRao Puli { 1298fcb65b6SAppaRao Puli messages::internalError(asyncResp->res); 1308fcb65b6SAppaRao Puli return; 1318fcb65b6SAppaRao Puli } 132002d39b4SEd Tanous nlohmann::json& memberArray = asyncResp->res.jsonValue["Members"]; 1338fcb65b6SAppaRao Puli memberArray = nlohmann::json::array(); 1341e1e598dSJonathan Doman for (const std::string& priv : privList) 1358fcb65b6SAppaRao Puli { 1368fcb65b6SAppaRao Puli std::string role = getRoleFromPrivileges(priv); 1378fcb65b6SAppaRao Puli if (!role.empty()) 1388fcb65b6SAppaRao Puli { 1391476687dSEd Tanous nlohmann::json::object_t member; 140eddfc437SWilly Tu member["@odata.id"] = crow::utility::urlFromPieces( 141eddfc437SWilly Tu "redfish", "v1", "AccountService", "Roles", role); 1421476687dSEd Tanous memberArray.push_back(std::move(member)); 1438fcb65b6SAppaRao Puli } 1448fcb65b6SAppaRao Puli } 1458fcb65b6SAppaRao Puli asyncResp->res.jsonValue["Members@odata.count"] = 1468fcb65b6SAppaRao Puli memberArray.size(); 1471e1e598dSJonathan Doman }); 1487e860f15SJohn Edward Broadbent }); 1494e49bd4bSLewanczyk, Dawid } 1504e49bd4bSLewanczyk, Dawid 1514e49bd4bSLewanczyk, Dawid } // namespace redfish 152