14e49bd4bSLewanczyk, Dawid /* 24e49bd4bSLewanczyk, Dawid // Copyright (c) 2018 Intel Corporation 34e49bd4bSLewanczyk, Dawid // 44e49bd4bSLewanczyk, Dawid // Licensed under the Apache License, Version 2.0 (the "License"); 54e49bd4bSLewanczyk, Dawid // you may not use this file except in compliance with the License. 64e49bd4bSLewanczyk, Dawid // You may obtain a copy of the License at 74e49bd4bSLewanczyk, Dawid // 84e49bd4bSLewanczyk, Dawid // http://www.apache.org/licenses/LICENSE-2.0 94e49bd4bSLewanczyk, Dawid // 104e49bd4bSLewanczyk, Dawid // Unless required by applicable law or agreed to in writing, software 114e49bd4bSLewanczyk, Dawid // distributed under the License is distributed on an "AS IS" BASIS, 124e49bd4bSLewanczyk, Dawid // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134e49bd4bSLewanczyk, Dawid // See the License for the specific language governing permissions and 144e49bd4bSLewanczyk, Dawid // limitations under the License. 154e49bd4bSLewanczyk, Dawid */ 164e49bd4bSLewanczyk, Dawid #pragma once 174e49bd4bSLewanczyk, Dawid 184e49bd4bSLewanczyk, Dawid #include "node.hpp" 194e49bd4bSLewanczyk, Dawid 20abf2add6SEd Tanous #include <variant> 21abf2add6SEd Tanous 221abe55efSEd Tanous namespace redfish 231abe55efSEd Tanous { 244e49bd4bSLewanczyk, Dawid 258fcb65b6SAppaRao Puli inline std::string getRoleFromPrivileges(std::string_view priv) 268fcb65b6SAppaRao Puli { 278fcb65b6SAppaRao Puli if (priv == "priv-admin") 288fcb65b6SAppaRao Puli { 298fcb65b6SAppaRao Puli return "Administrator"; 308fcb65b6SAppaRao Puli } 313174e4dfSEd Tanous if (priv == "priv-user") 328fcb65b6SAppaRao Puli { 33c80fee55SAppaRao Puli return "ReadOnly"; 348fcb65b6SAppaRao Puli } 353174e4dfSEd Tanous if (priv == "priv-operator") 368fcb65b6SAppaRao Puli { 378fcb65b6SAppaRao Puli return "Operator"; 388fcb65b6SAppaRao Puli } 393174e4dfSEd Tanous if (priv == "priv-noaccess") 40e9e6d240Sjayaprakash Mutyala { 41e9e6d240Sjayaprakash Mutyala return "NoAccess"; 42e9e6d240Sjayaprakash Mutyala } 438fcb65b6SAppaRao Puli return ""; 448fcb65b6SAppaRao Puli } 458fcb65b6SAppaRao Puli 468fcb65b6SAppaRao Puli inline bool getAssignedPrivFromRole(std::string_view role, 478fcb65b6SAppaRao Puli nlohmann::json& privArray) 488fcb65b6SAppaRao Puli { 498fcb65b6SAppaRao Puli if (role == "Administrator") 508fcb65b6SAppaRao Puli { 518fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureManager", "ConfigureUsers", 528fcb65b6SAppaRao Puli "ConfigureSelf", "ConfigureComponents"}; 538fcb65b6SAppaRao Puli } 548fcb65b6SAppaRao Puli else if (role == "Operator") 558fcb65b6SAppaRao Puli { 568fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureSelf", "ConfigureComponents"}; 578fcb65b6SAppaRao Puli } 58c80fee55SAppaRao Puli else if (role == "ReadOnly") 598fcb65b6SAppaRao Puli { 608fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureSelf"}; 618fcb65b6SAppaRao Puli } 62e9e6d240Sjayaprakash Mutyala else if (role == "NoAccess") 63e9e6d240Sjayaprakash Mutyala { 64e9e6d240Sjayaprakash Mutyala privArray = nlohmann::json::array(); 65e9e6d240Sjayaprakash Mutyala } 668fcb65b6SAppaRao Puli else 678fcb65b6SAppaRao Puli { 688fcb65b6SAppaRao Puli return false; 698fcb65b6SAppaRao Puli } 708fcb65b6SAppaRao Puli return true; 718fcb65b6SAppaRao Puli } 728fcb65b6SAppaRao Puli 731abe55efSEd Tanous class Roles : public Node 741abe55efSEd Tanous { 754e49bd4bSLewanczyk, Dawid public: 7652cc112dSEd Tanous Roles(App& app) : 778fcb65b6SAppaRao Puli Node(app, "/redfish/v1/AccountService/Roles/<str>/", std::string()) 781abe55efSEd Tanous { 7955c7b7a2SEd Tanous entityPrivileges = { 8055c7b7a2SEd Tanous {boost::beast::http::verb::get, {{"Login"}}}, 81e0d918bcSEd Tanous {boost::beast::http::verb::head, {{"Login"}}}, 82e0d918bcSEd Tanous {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, 83e0d918bcSEd Tanous {boost::beast::http::verb::put, {{"ConfigureManager"}}}, 84e0d918bcSEd Tanous {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, 85e0d918bcSEd Tanous {boost::beast::http::verb::post, {{"ConfigureManager"}}}}; 864e49bd4bSLewanczyk, Dawid } 874e49bd4bSLewanczyk, Dawid 884e49bd4bSLewanczyk, Dawid private: 89*8d1b46d7Szhanghch05 void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 90*8d1b46d7Szhanghch05 const crow::Request&, 911abe55efSEd Tanous const std::vector<std::string>& params) override 921abe55efSEd Tanous { 938fcb65b6SAppaRao Puli if (params.size() != 1) 948fcb65b6SAppaRao Puli { 95*8d1b46d7Szhanghch05 messages::internalError(asyncResp->res); 96*8d1b46d7Szhanghch05 978fcb65b6SAppaRao Puli return; 988fcb65b6SAppaRao Puli } 998fcb65b6SAppaRao Puli const std::string& roleId = params[0]; 1008fcb65b6SAppaRao Puli nlohmann::json privArray = nlohmann::json::array(); 1018fcb65b6SAppaRao Puli if (false == getAssignedPrivFromRole(roleId, privArray)) 1028fcb65b6SAppaRao Puli { 103*8d1b46d7Szhanghch05 messages::resourceNotFound(asyncResp->res, "Role", roleId); 104*8d1b46d7Szhanghch05 1058fcb65b6SAppaRao Puli return; 1068fcb65b6SAppaRao Puli } 1078fcb65b6SAppaRao Puli 108*8d1b46d7Szhanghch05 asyncResp->res.jsonValue = { 109ec8abe60SZbigniew Kurzynski {"@odata.type", "#Role.v1_2_2.Role"}, 1108fcb65b6SAppaRao Puli {"Name", "User Role"}, 1110f261533SEd Tanous {"Description", roleId + " User Role"}, 1128fcb65b6SAppaRao Puli {"OemPrivileges", nlohmann::json::array()}, 1138fcb65b6SAppaRao Puli {"IsPredefined", true}, 1148fcb65b6SAppaRao Puli {"Id", roleId}, 115ec8abe60SZbigniew Kurzynski {"RoleId", roleId}, 1168fcb65b6SAppaRao Puli {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId}, 1178fcb65b6SAppaRao Puli {"AssignedPrivileges", std::move(privArray)}}; 1184e49bd4bSLewanczyk, Dawid } 1194e49bd4bSLewanczyk, Dawid }; 1204e49bd4bSLewanczyk, Dawid 1211abe55efSEd Tanous class RoleCollection : public Node 1221abe55efSEd Tanous { 1234e49bd4bSLewanczyk, Dawid public: 12452cc112dSEd Tanous RoleCollection(App& app) : Node(app, "/redfish/v1/AccountService/Roles/") 1251abe55efSEd Tanous { 12655c7b7a2SEd Tanous entityPrivileges = { 12755c7b7a2SEd Tanous {boost::beast::http::verb::get, {{"Login"}}}, 128e0d918bcSEd Tanous {boost::beast::http::verb::head, {{"Login"}}}, 129e0d918bcSEd Tanous {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, 130e0d918bcSEd Tanous {boost::beast::http::verb::put, {{"ConfigureManager"}}}, 131e0d918bcSEd Tanous {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, 132e0d918bcSEd Tanous {boost::beast::http::verb::post, {{"ConfigureManager"}}}}; 1334e49bd4bSLewanczyk, Dawid } 1344e49bd4bSLewanczyk, Dawid 1354e49bd4bSLewanczyk, Dawid private: 136*8d1b46d7Szhanghch05 void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 137*8d1b46d7Szhanghch05 const crow::Request&, const std::vector<std::string>&) override 1381abe55efSEd Tanous { 139*8d1b46d7Szhanghch05 140*8d1b46d7Szhanghch05 asyncResp->res.jsonValue = { 141*8d1b46d7Szhanghch05 {"@odata.id", "/redfish/v1/AccountService/Roles"}, 1428fcb65b6SAppaRao Puli {"@odata.type", "#RoleCollection.RoleCollection"}, 1438fcb65b6SAppaRao Puli {"Name", "Roles Collection"}, 1448fcb65b6SAppaRao Puli {"Description", "BMC User Roles"}}; 1458fcb65b6SAppaRao Puli 1468fcb65b6SAppaRao Puli crow::connections::systemBus->async_method_call( 147abf2add6SEd Tanous [asyncResp](const boost::system::error_code ec, 148abf2add6SEd Tanous const std::variant<std::vector<std::string>>& resp) { 1498fcb65b6SAppaRao Puli if (ec) 1508fcb65b6SAppaRao Puli { 1518fcb65b6SAppaRao Puli messages::internalError(asyncResp->res); 1528fcb65b6SAppaRao Puli return; 1538fcb65b6SAppaRao Puli } 1548fcb65b6SAppaRao Puli nlohmann::json& memberArray = 1558fcb65b6SAppaRao Puli asyncResp->res.jsonValue["Members"]; 1568fcb65b6SAppaRao Puli memberArray = nlohmann::json::array(); 1578fcb65b6SAppaRao Puli const std::vector<std::string>* privList = 158abf2add6SEd Tanous std::get_if<std::vector<std::string>>(&resp); 15966664f25SEd Tanous if (privList == nullptr) 16066664f25SEd Tanous { 16166664f25SEd Tanous messages::internalError(asyncResp->res); 16266664f25SEd Tanous return; 16366664f25SEd Tanous } 1648fcb65b6SAppaRao Puli for (const std::string& priv : *privList) 1658fcb65b6SAppaRao Puli { 1668fcb65b6SAppaRao Puli std::string role = getRoleFromPrivileges(priv); 1678fcb65b6SAppaRao Puli if (!role.empty()) 1688fcb65b6SAppaRao Puli { 1698fcb65b6SAppaRao Puli memberArray.push_back( 1708fcb65b6SAppaRao Puli {{"@odata.id", 1718fcb65b6SAppaRao Puli "/redfish/v1/AccountService/Roles/" + role}}); 1728fcb65b6SAppaRao Puli } 1738fcb65b6SAppaRao Puli } 1748fcb65b6SAppaRao Puli asyncResp->res.jsonValue["Members@odata.count"] = 1758fcb65b6SAppaRao Puli memberArray.size(); 1768fcb65b6SAppaRao Puli }, 1778fcb65b6SAppaRao Puli "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 1788fcb65b6SAppaRao Puli "org.freedesktop.DBus.Properties", "Get", 1798fcb65b6SAppaRao Puli "xyz.openbmc_project.User.Manager", "AllPrivileges"); 1804e49bd4bSLewanczyk, Dawid } 1814e49bd4bSLewanczyk, Dawid }; 1824e49bd4bSLewanczyk, Dawid 1834e49bd4bSLewanczyk, Dawid } // namespace redfish 184