14e49bd4bSLewanczyk, Dawid /* 24e49bd4bSLewanczyk, Dawid // Copyright (c) 2018 Intel Corporation 34e49bd4bSLewanczyk, Dawid // 44e49bd4bSLewanczyk, Dawid // Licensed under the Apache License, Version 2.0 (the "License"); 54e49bd4bSLewanczyk, Dawid // you may not use this file except in compliance with the License. 64e49bd4bSLewanczyk, Dawid // You may obtain a copy of the License at 74e49bd4bSLewanczyk, Dawid // 84e49bd4bSLewanczyk, Dawid // http://www.apache.org/licenses/LICENSE-2.0 94e49bd4bSLewanczyk, Dawid // 104e49bd4bSLewanczyk, Dawid // Unless required by applicable law or agreed to in writing, software 114e49bd4bSLewanczyk, Dawid // distributed under the License is distributed on an "AS IS" BASIS, 124e49bd4bSLewanczyk, Dawid // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134e49bd4bSLewanczyk, Dawid // See the License for the specific language governing permissions and 144e49bd4bSLewanczyk, Dawid // limitations under the License. 154e49bd4bSLewanczyk, Dawid */ 164e49bd4bSLewanczyk, Dawid #pragma once 174e49bd4bSLewanczyk, Dawid 184e49bd4bSLewanczyk, Dawid #include "node.hpp" 194e49bd4bSLewanczyk, Dawid 201abe55efSEd Tanous namespace redfish 211abe55efSEd Tanous { 224e49bd4bSLewanczyk, Dawid 23*8fcb65b6SAppaRao Puli inline std::string getRoleFromPrivileges(std::string_view priv) 24*8fcb65b6SAppaRao Puli { 25*8fcb65b6SAppaRao Puli if (priv == "priv-admin") 26*8fcb65b6SAppaRao Puli { 27*8fcb65b6SAppaRao Puli return "Administrator"; 28*8fcb65b6SAppaRao Puli } 29*8fcb65b6SAppaRao Puli else if (priv == "priv-callback") 30*8fcb65b6SAppaRao Puli { 31*8fcb65b6SAppaRao Puli return "Callback"; 32*8fcb65b6SAppaRao Puli } 33*8fcb65b6SAppaRao Puli else if (priv == "priv-user") 34*8fcb65b6SAppaRao Puli { 35*8fcb65b6SAppaRao Puli return "User"; 36*8fcb65b6SAppaRao Puli } 37*8fcb65b6SAppaRao Puli else if (priv == "priv-operator") 38*8fcb65b6SAppaRao Puli { 39*8fcb65b6SAppaRao Puli return "Operator"; 40*8fcb65b6SAppaRao Puli } 41*8fcb65b6SAppaRao Puli return ""; 42*8fcb65b6SAppaRao Puli } 43*8fcb65b6SAppaRao Puli 44*8fcb65b6SAppaRao Puli inline bool getAssignedPrivFromRole(std::string_view role, 45*8fcb65b6SAppaRao Puli nlohmann::json& privArray) 46*8fcb65b6SAppaRao Puli { 47*8fcb65b6SAppaRao Puli if (role == "Administrator") 48*8fcb65b6SAppaRao Puli { 49*8fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureManager", "ConfigureUsers", 50*8fcb65b6SAppaRao Puli "ConfigureSelf", "ConfigureComponents"}; 51*8fcb65b6SAppaRao Puli } 52*8fcb65b6SAppaRao Puli else if (role == "Operator") 53*8fcb65b6SAppaRao Puli { 54*8fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureSelf", "ConfigureComponents"}; 55*8fcb65b6SAppaRao Puli } 56*8fcb65b6SAppaRao Puli else if (role == "User") 57*8fcb65b6SAppaRao Puli { 58*8fcb65b6SAppaRao Puli privArray = {"Login", "ConfigureSelf"}; 59*8fcb65b6SAppaRao Puli } 60*8fcb65b6SAppaRao Puli else if (role == "Callback") 61*8fcb65b6SAppaRao Puli { 62*8fcb65b6SAppaRao Puli privArray = {"Login"}; 63*8fcb65b6SAppaRao Puli } 64*8fcb65b6SAppaRao Puli else 65*8fcb65b6SAppaRao Puli { 66*8fcb65b6SAppaRao Puli return false; 67*8fcb65b6SAppaRao Puli } 68*8fcb65b6SAppaRao Puli return true; 69*8fcb65b6SAppaRao Puli } 70*8fcb65b6SAppaRao Puli 711abe55efSEd Tanous class Roles : public Node 721abe55efSEd Tanous { 734e49bd4bSLewanczyk, Dawid public: 741abe55efSEd Tanous Roles(CrowApp& app) : 75*8fcb65b6SAppaRao Puli Node(app, "/redfish/v1/AccountService/Roles/<str>/", std::string()) 761abe55efSEd Tanous { 7755c7b7a2SEd Tanous entityPrivileges = { 7855c7b7a2SEd Tanous {boost::beast::http::verb::get, {{"Login"}}}, 79e0d918bcSEd Tanous {boost::beast::http::verb::head, {{"Login"}}}, 80e0d918bcSEd Tanous {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, 81e0d918bcSEd Tanous {boost::beast::http::verb::put, {{"ConfigureManager"}}}, 82e0d918bcSEd Tanous {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, 83e0d918bcSEd Tanous {boost::beast::http::verb::post, {{"ConfigureManager"}}}}; 844e49bd4bSLewanczyk, Dawid } 854e49bd4bSLewanczyk, Dawid 864e49bd4bSLewanczyk, Dawid private: 8755c7b7a2SEd Tanous void doGet(crow::Response& res, const crow::Request& req, 881abe55efSEd Tanous const std::vector<std::string>& params) override 891abe55efSEd Tanous { 90*8fcb65b6SAppaRao Puli if (params.size() != 1) 91*8fcb65b6SAppaRao Puli { 92*8fcb65b6SAppaRao Puli messages::internalError(res); 93*8fcb65b6SAppaRao Puli res.end(); 94*8fcb65b6SAppaRao Puli return; 95*8fcb65b6SAppaRao Puli } 96*8fcb65b6SAppaRao Puli const std::string& roleId = params[0]; 97*8fcb65b6SAppaRao Puli nlohmann::json privArray = nlohmann::json::array(); 98*8fcb65b6SAppaRao Puli if (false == getAssignedPrivFromRole(roleId, privArray)) 99*8fcb65b6SAppaRao Puli { 100*8fcb65b6SAppaRao Puli messages::resourceNotFound(res, "Role", roleId); 101*8fcb65b6SAppaRao Puli res.end(); 102*8fcb65b6SAppaRao Puli return; 103*8fcb65b6SAppaRao Puli } 104*8fcb65b6SAppaRao Puli 105*8fcb65b6SAppaRao Puli res.jsonValue = { 106*8fcb65b6SAppaRao Puli {"@odata.type", "#Role.v1_0_2.Role"}, 107*8fcb65b6SAppaRao Puli {"@odata.context", "/redfish/v1/$metadata#Role.Role"}, 108*8fcb65b6SAppaRao Puli {"Name", "User Role"}, 109*8fcb65b6SAppaRao Puli {"Description", "Administrator User Role"}, 110*8fcb65b6SAppaRao Puli {"OemPrivileges", nlohmann::json::array()}, 111*8fcb65b6SAppaRao Puli {"IsPredefined", true}, 112*8fcb65b6SAppaRao Puli {"Id", roleId}, 113*8fcb65b6SAppaRao Puli {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId}, 114*8fcb65b6SAppaRao Puli {"AssignedPrivileges", std::move(privArray)}}; 1154e49bd4bSLewanczyk, Dawid res.end(); 1164e49bd4bSLewanczyk, Dawid } 1174e49bd4bSLewanczyk, Dawid }; 1184e49bd4bSLewanczyk, Dawid 1191abe55efSEd Tanous class RoleCollection : public Node 1201abe55efSEd Tanous { 1214e49bd4bSLewanczyk, Dawid public: 1221abe55efSEd Tanous RoleCollection(CrowApp& app) : 1231abe55efSEd Tanous Node(app, "/redfish/v1/AccountService/Roles/") 1241abe55efSEd Tanous { 12555c7b7a2SEd Tanous entityPrivileges = { 12655c7b7a2SEd Tanous {boost::beast::http::verb::get, {{"Login"}}}, 127e0d918bcSEd Tanous {boost::beast::http::verb::head, {{"Login"}}}, 128e0d918bcSEd Tanous {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, 129e0d918bcSEd Tanous {boost::beast::http::verb::put, {{"ConfigureManager"}}}, 130e0d918bcSEd Tanous {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, 131e0d918bcSEd Tanous {boost::beast::http::verb::post, {{"ConfigureManager"}}}}; 1324e49bd4bSLewanczyk, Dawid } 1334e49bd4bSLewanczyk, Dawid 1344e49bd4bSLewanczyk, Dawid private: 13555c7b7a2SEd Tanous void doGet(crow::Response& res, const crow::Request& req, 1361abe55efSEd Tanous const std::vector<std::string>& params) override 1371abe55efSEd Tanous { 138*8fcb65b6SAppaRao Puli auto asyncResp = std::make_shared<AsyncResp>(res); 139*8fcb65b6SAppaRao Puli res.jsonValue = {{"@odata.context", 140*8fcb65b6SAppaRao Puli "/redfish/v1/" 141*8fcb65b6SAppaRao Puli "$metadata#RoleCollection.RoleCollection"}, 142*8fcb65b6SAppaRao Puli {"@odata.id", "/redfish/v1/AccountService/Roles"}, 143*8fcb65b6SAppaRao Puli {"@odata.type", "#RoleCollection.RoleCollection"}, 144*8fcb65b6SAppaRao Puli {"Name", "Roles Collection"}, 145*8fcb65b6SAppaRao Puli {"Description", "BMC User Roles"}}; 146*8fcb65b6SAppaRao Puli 147*8fcb65b6SAppaRao Puli crow::connections::systemBus->async_method_call( 148*8fcb65b6SAppaRao Puli [asyncResp]( 149*8fcb65b6SAppaRao Puli const boost::system::error_code ec, 150*8fcb65b6SAppaRao Puli const sdbusplus::message::variant<std::vector<std::string>>& 151*8fcb65b6SAppaRao Puli resp) { 152*8fcb65b6SAppaRao Puli if (ec) 153*8fcb65b6SAppaRao Puli { 154*8fcb65b6SAppaRao Puli messages::internalError(asyncResp->res); 155*8fcb65b6SAppaRao Puli return; 156*8fcb65b6SAppaRao Puli } 157*8fcb65b6SAppaRao Puli nlohmann::json& memberArray = 158*8fcb65b6SAppaRao Puli asyncResp->res.jsonValue["Members"]; 159*8fcb65b6SAppaRao Puli memberArray = nlohmann::json::array(); 160*8fcb65b6SAppaRao Puli const std::vector<std::string>* privList = 161*8fcb65b6SAppaRao Puli sdbusplus::message::variant_ns::get_if< 162*8fcb65b6SAppaRao Puli std::vector<std::string>>(&resp); 163*8fcb65b6SAppaRao Puli for (const std::string& priv : *privList) 164*8fcb65b6SAppaRao Puli { 165*8fcb65b6SAppaRao Puli std::string role = getRoleFromPrivileges(priv); 166*8fcb65b6SAppaRao Puli if (!role.empty()) 167*8fcb65b6SAppaRao Puli { 168*8fcb65b6SAppaRao Puli memberArray.push_back( 169*8fcb65b6SAppaRao Puli {{"@odata.id", 170*8fcb65b6SAppaRao Puli "/redfish/v1/AccountService/Roles/" + role}}); 171*8fcb65b6SAppaRao Puli } 172*8fcb65b6SAppaRao Puli } 173*8fcb65b6SAppaRao Puli asyncResp->res.jsonValue["Members@odata.count"] = 174*8fcb65b6SAppaRao Puli memberArray.size(); 175*8fcb65b6SAppaRao Puli }, 176*8fcb65b6SAppaRao Puli "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 177*8fcb65b6SAppaRao Puli "org.freedesktop.DBus.Properties", "Get", 178*8fcb65b6SAppaRao Puli "xyz.openbmc_project.User.Manager", "AllPrivileges"); 1794e49bd4bSLewanczyk, Dawid } 1804e49bd4bSLewanczyk, Dawid }; 1814e49bd4bSLewanczyk, Dawid 1824e49bd4bSLewanczyk, Dawid } // namespace redfish 183