14e49bd4bSLewanczyk, Dawid /* 24e49bd4bSLewanczyk, Dawid // Copyright (c) 2018 Intel Corporation 34e49bd4bSLewanczyk, Dawid // 44e49bd4bSLewanczyk, Dawid // Licensed under the Apache License, Version 2.0 (the "License"); 54e49bd4bSLewanczyk, Dawid // you may not use this file except in compliance with the License. 64e49bd4bSLewanczyk, Dawid // You may obtain a copy of the License at 74e49bd4bSLewanczyk, Dawid // 84e49bd4bSLewanczyk, Dawid // http://www.apache.org/licenses/LICENSE-2.0 94e49bd4bSLewanczyk, Dawid // 104e49bd4bSLewanczyk, Dawid // Unless required by applicable law or agreed to in writing, software 114e49bd4bSLewanczyk, Dawid // distributed under the License is distributed on an "AS IS" BASIS, 124e49bd4bSLewanczyk, Dawid // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134e49bd4bSLewanczyk, Dawid // See the License for the specific language governing permissions and 144e49bd4bSLewanczyk, Dawid // limitations under the License. 154e49bd4bSLewanczyk, Dawid */ 164e49bd4bSLewanczyk, Dawid #pragma once 174e49bd4bSLewanczyk, Dawid 18*7e860f15SJohn Edward Broadbent #include <app.hpp> 194e49bd4bSLewanczyk, Dawid 20abf2add6SEd Tanous #include <variant> 21abf2add6SEd Tanous 221abe55efSEd Tanous namespace redfish 231abe55efSEd Tanous { 244e49bd4bSLewanczyk, Dawid 258fcb65b6SAppaRao Puli inline std::string getRoleFromPrivileges(std::string_view priv) 268fcb65b6SAppaRao Puli { 278fcb65b6SAppaRao Puli if (priv == "priv-admin") 288fcb65b6SAppaRao Puli { 298fcb65b6SAppaRao Puli return "Administrator"; 308fcb65b6SAppaRao Puli } 313174e4dfSEd Tanous if (priv == "priv-user") 328fcb65b6SAppaRao Puli { 33c80fee55SAppaRao Puli return "ReadOnly"; 348fcb65b6SAppaRao Puli } 353174e4dfSEd Tanous if (priv == "priv-operator") 368fcb65b6SAppaRao Puli { 378fcb65b6SAppaRao Puli return "Operator"; 388fcb65b6SAppaRao Puli } 393174e4dfSEd Tanous if (priv == "priv-noaccess") 40e9e6d240Sjayaprakash Mutyala { 41e9e6d240Sjayaprakash Mutyala return "NoAccess"; 42e9e6d240Sjayaprakash Mutyala } 438fcb65b6SAppaRao Puli return ""; 448fcb65b6SAppaRao Puli } 458fcb65b6SAppaRao Puli 468fcb65b6SAppaRao Puli inline bool getAssignedPrivFromRole(std::string_view role, 478fcb65b6SAppaRao Puli nlohmann::json& privArray) 488fcb65b6SAppaRao Puli { 498fcb65b6SAppaRao Puli if (role == "Administrator") 508fcb65b6SAppaRao Puli { 518fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureManager", "ConfigureUsers", 528fcb65b6SAppaRao Puli "ConfigureSelf", "ConfigureComponents"}; 538fcb65b6SAppaRao Puli } 548fcb65b6SAppaRao Puli else if (role == "Operator") 558fcb65b6SAppaRao Puli { 568fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureSelf", "ConfigureComponents"}; 578fcb65b6SAppaRao Puli } 58c80fee55SAppaRao Puli else if (role == "ReadOnly") 598fcb65b6SAppaRao Puli { 608fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureSelf"}; 618fcb65b6SAppaRao Puli } 62e9e6d240Sjayaprakash Mutyala else if (role == "NoAccess") 63e9e6d240Sjayaprakash Mutyala { 64e9e6d240Sjayaprakash Mutyala privArray = nlohmann::json::array(); 65e9e6d240Sjayaprakash Mutyala } 668fcb65b6SAppaRao Puli else 678fcb65b6SAppaRao Puli { 688fcb65b6SAppaRao Puli return false; 698fcb65b6SAppaRao Puli } 708fcb65b6SAppaRao Puli return true; 718fcb65b6SAppaRao Puli } 728fcb65b6SAppaRao Puli 73*7e860f15SJohn Edward Broadbent inline void requestRoutesRoles(App& app) 741abe55efSEd Tanous { 75*7e860f15SJohn Edward Broadbent BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/") 76*7e860f15SJohn Edward Broadbent .privileges({"Login"}) 77*7e860f15SJohn Edward Broadbent .methods(boost::beast::http::verb::get)( 78*7e860f15SJohn Edward Broadbent [](const crow::Request&, 79*7e860f15SJohn Edward Broadbent const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 80*7e860f15SJohn Edward Broadbent const std::string& roleId) { 818fcb65b6SAppaRao Puli nlohmann::json privArray = nlohmann::json::array(); 828fcb65b6SAppaRao Puli if (false == getAssignedPrivFromRole(roleId, privArray)) 838fcb65b6SAppaRao Puli { 848d1b46d7Szhanghch05 messages::resourceNotFound(asyncResp->res, "Role", roleId); 858d1b46d7Szhanghch05 868fcb65b6SAppaRao Puli return; 878fcb65b6SAppaRao Puli } 888fcb65b6SAppaRao Puli 898d1b46d7Szhanghch05 asyncResp->res.jsonValue = { 90ec8abe60SZbigniew Kurzynski {"@odata.type", "#Role.v1_2_2.Role"}, 918fcb65b6SAppaRao Puli {"Name", "User Role"}, 920f261533SEd Tanous {"Description", roleId + " User Role"}, 938fcb65b6SAppaRao Puli {"OemPrivileges", nlohmann::json::array()}, 948fcb65b6SAppaRao Puli {"IsPredefined", true}, 958fcb65b6SAppaRao Puli {"Id", roleId}, 96ec8abe60SZbigniew Kurzynski {"RoleId", roleId}, 978fcb65b6SAppaRao Puli {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId}, 988fcb65b6SAppaRao Puli {"AssignedPrivileges", std::move(privArray)}}; 99*7e860f15SJohn Edward Broadbent }); 1004e49bd4bSLewanczyk, Dawid } 1014e49bd4bSLewanczyk, Dawid 102*7e860f15SJohn Edward Broadbent inline void requestRoutesRoleCollection(App& app) 1031abe55efSEd Tanous { 104*7e860f15SJohn Edward Broadbent BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/") 105*7e860f15SJohn Edward Broadbent .privileges({"Login"}) 106*7e860f15SJohn Edward Broadbent .methods(boost::beast::http::verb::get)( 107*7e860f15SJohn Edward Broadbent [](const crow::Request&, 108*7e860f15SJohn Edward Broadbent const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { 1098d1b46d7Szhanghch05 asyncResp->res.jsonValue = { 1108d1b46d7Szhanghch05 {"@odata.id", "/redfish/v1/AccountService/Roles"}, 1118fcb65b6SAppaRao Puli {"@odata.type", "#RoleCollection.RoleCollection"}, 1128fcb65b6SAppaRao Puli {"Name", "Roles Collection"}, 1138fcb65b6SAppaRao Puli {"Description", "BMC User Roles"}}; 1148fcb65b6SAppaRao Puli 1158fcb65b6SAppaRao Puli crow::connections::systemBus->async_method_call( 116*7e860f15SJohn Edward Broadbent [asyncResp]( 117*7e860f15SJohn Edward Broadbent const boost::system::error_code ec, 118abf2add6SEd Tanous const std::variant<std::vector<std::string>>& resp) { 1198fcb65b6SAppaRao Puli if (ec) 1208fcb65b6SAppaRao Puli { 1218fcb65b6SAppaRao Puli messages::internalError(asyncResp->res); 1228fcb65b6SAppaRao Puli return; 1238fcb65b6SAppaRao Puli } 1248fcb65b6SAppaRao Puli nlohmann::json& memberArray = 1258fcb65b6SAppaRao Puli asyncResp->res.jsonValue["Members"]; 1268fcb65b6SAppaRao Puli memberArray = nlohmann::json::array(); 1278fcb65b6SAppaRao Puli const std::vector<std::string>* privList = 128abf2add6SEd Tanous std::get_if<std::vector<std::string>>(&resp); 12966664f25SEd Tanous if (privList == nullptr) 13066664f25SEd Tanous { 13166664f25SEd Tanous messages::internalError(asyncResp->res); 13266664f25SEd Tanous return; 13366664f25SEd Tanous } 1348fcb65b6SAppaRao Puli for (const std::string& priv : *privList) 1358fcb65b6SAppaRao Puli { 1368fcb65b6SAppaRao Puli std::string role = getRoleFromPrivileges(priv); 1378fcb65b6SAppaRao Puli if (!role.empty()) 1388fcb65b6SAppaRao Puli { 1398fcb65b6SAppaRao Puli memberArray.push_back( 1408fcb65b6SAppaRao Puli {{"@odata.id", 141*7e860f15SJohn Edward Broadbent "/redfish/v1/AccountService/Roles/" + 142*7e860f15SJohn Edward Broadbent role}}); 1438fcb65b6SAppaRao Puli } 1448fcb65b6SAppaRao Puli } 1458fcb65b6SAppaRao Puli asyncResp->res.jsonValue["Members@odata.count"] = 1468fcb65b6SAppaRao Puli memberArray.size(); 1478fcb65b6SAppaRao Puli }, 148*7e860f15SJohn Edward Broadbent "xyz.openbmc_project.User.Manager", 149*7e860f15SJohn Edward Broadbent "/xyz/openbmc_project/user", 1508fcb65b6SAppaRao Puli "org.freedesktop.DBus.Properties", "Get", 1518fcb65b6SAppaRao Puli "xyz.openbmc_project.User.Manager", "AllPrivileges"); 152*7e860f15SJohn Edward Broadbent }); 1534e49bd4bSLewanczyk, Dawid } 1544e49bd4bSLewanczyk, Dawid 1554e49bd4bSLewanczyk, Dawid } // namespace redfish 156