14e49bd4bSLewanczyk, Dawid /* 24e49bd4bSLewanczyk, Dawid // Copyright (c) 2018 Intel Corporation 34e49bd4bSLewanczyk, Dawid // 44e49bd4bSLewanczyk, Dawid // Licensed under the Apache License, Version 2.0 (the "License"); 54e49bd4bSLewanczyk, Dawid // you may not use this file except in compliance with the License. 64e49bd4bSLewanczyk, Dawid // You may obtain a copy of the License at 74e49bd4bSLewanczyk, Dawid // 84e49bd4bSLewanczyk, Dawid // http://www.apache.org/licenses/LICENSE-2.0 94e49bd4bSLewanczyk, Dawid // 104e49bd4bSLewanczyk, Dawid // Unless required by applicable law or agreed to in writing, software 114e49bd4bSLewanczyk, Dawid // distributed under the License is distributed on an "AS IS" BASIS, 124e49bd4bSLewanczyk, Dawid // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134e49bd4bSLewanczyk, Dawid // See the License for the specific language governing permissions and 144e49bd4bSLewanczyk, Dawid // limitations under the License. 154e49bd4bSLewanczyk, Dawid */ 164e49bd4bSLewanczyk, Dawid #pragma once 174e49bd4bSLewanczyk, Dawid 183ccb3adbSEd Tanous #include "app.hpp" 193ccb3adbSEd Tanous #include "dbus_utility.hpp" 203ccb3adbSEd Tanous #include "query.hpp" 213ccb3adbSEd Tanous #include "registries/privilege_registry.hpp" 223ccb3adbSEd Tanous 23ef4c65b7SEd Tanous #include <boost/url/format.hpp> 2420fa6a2cSEd Tanous #include <nlohmann/json.hpp> 251e1e598dSJonathan Doman #include <sdbusplus/asio/property.hpp> 264e49bd4bSLewanczyk, Dawid 2720fa6a2cSEd Tanous #include <optional> 2820fa6a2cSEd Tanous #include <string_view> 29abf2add6SEd Tanous #include <variant> 301abe55efSEd Tanous namespace redfish 311abe55efSEd Tanous { 324e49bd4bSLewanczyk, Dawid 338fcb65b6SAppaRao Puli inline std::string getRoleFromPrivileges(std::string_view priv) 348fcb65b6SAppaRao Puli { 358fcb65b6SAppaRao Puli if (priv == "priv-admin") 368fcb65b6SAppaRao Puli { 378fcb65b6SAppaRao Puli return "Administrator"; 388fcb65b6SAppaRao Puli } 393174e4dfSEd Tanous if (priv == "priv-user") 408fcb65b6SAppaRao Puli { 41c80fee55SAppaRao Puli return "ReadOnly"; 428fcb65b6SAppaRao Puli } 433174e4dfSEd Tanous if (priv == "priv-operator") 448fcb65b6SAppaRao Puli { 458fcb65b6SAppaRao Puli return "Operator"; 468fcb65b6SAppaRao Puli } 478fcb65b6SAppaRao Puli return ""; 488fcb65b6SAppaRao Puli } 498fcb65b6SAppaRao Puli 5020fa6a2cSEd Tanous inline std::optional<nlohmann::json::array_t> 5120fa6a2cSEd Tanous getAssignedPrivFromRole(std::string_view role) 528fcb65b6SAppaRao Puli { 5320fa6a2cSEd Tanous nlohmann::json::array_t privArray; 548fcb65b6SAppaRao Puli if (role == "Administrator") 558fcb65b6SAppaRao Puli { 5620fa6a2cSEd Tanous privArray.emplace_back("Login"); 5720fa6a2cSEd Tanous privArray.emplace_back("ConfigureManager"); 5820fa6a2cSEd Tanous privArray.emplace_back("ConfigureUsers"); 5920fa6a2cSEd Tanous privArray.emplace_back("ConfigureSelf"); 6020fa6a2cSEd Tanous privArray.emplace_back("ConfigureComponents"); 618fcb65b6SAppaRao Puli } 628fcb65b6SAppaRao Puli else if (role == "Operator") 638fcb65b6SAppaRao Puli { 6420fa6a2cSEd Tanous privArray.emplace_back("Login"); 6520fa6a2cSEd Tanous privArray.emplace_back("ConfigureSelf"); 6620fa6a2cSEd Tanous privArray.emplace_back("ConfigureComponents"); 678fcb65b6SAppaRao Puli } 68c80fee55SAppaRao Puli else if (role == "ReadOnly") 698fcb65b6SAppaRao Puli { 7020fa6a2cSEd Tanous privArray.emplace_back("Login"); 7120fa6a2cSEd Tanous privArray.emplace_back("ConfigureSelf"); 728fcb65b6SAppaRao Puli } 738fcb65b6SAppaRao Puli else 748fcb65b6SAppaRao Puli { 7520fa6a2cSEd Tanous return std::nullopt; 768fcb65b6SAppaRao Puli } 7720fa6a2cSEd Tanous return privArray; 788fcb65b6SAppaRao Puli } 798fcb65b6SAppaRao Puli 807e860f15SJohn Edward Broadbent inline void requestRoutesRoles(App& app) 811abe55efSEd Tanous { 827e860f15SJohn Edward Broadbent BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/") 83ed398213SEd Tanous .privileges(redfish::privileges::getRole) 847e860f15SJohn Edward Broadbent .methods(boost::beast::http::verb::get)( 8545ca1b86SEd Tanous [&app](const crow::Request& req, 867e860f15SJohn Edward Broadbent const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 877e860f15SJohn Edward Broadbent const std::string& roleId) { 883ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 8945ca1b86SEd Tanous { 9045ca1b86SEd Tanous return; 9145ca1b86SEd Tanous } 9220fa6a2cSEd Tanous 9320fa6a2cSEd Tanous std::optional<nlohmann::json::array_t> privArray = 9420fa6a2cSEd Tanous getAssignedPrivFromRole(roleId); 9520fa6a2cSEd Tanous if (!privArray) 968fcb65b6SAppaRao Puli { 978d1b46d7Szhanghch05 messages::resourceNotFound(asyncResp->res, "Role", roleId); 988d1b46d7Szhanghch05 998fcb65b6SAppaRao Puli return; 1008fcb65b6SAppaRao Puli } 1018fcb65b6SAppaRao Puli 1021476687dSEd Tanous asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role"; 1031476687dSEd Tanous asyncResp->res.jsonValue["Name"] = "User Role"; 1041476687dSEd Tanous asyncResp->res.jsonValue["Description"] = roleId + " User Role"; 105*bd79bce8SPatrick Williams asyncResp->res.jsonValue["OemPrivileges"] = 106*bd79bce8SPatrick Williams nlohmann::json::array(); 1071476687dSEd Tanous asyncResp->res.jsonValue["IsPredefined"] = true; 1081476687dSEd Tanous asyncResp->res.jsonValue["Id"] = roleId; 1091476687dSEd Tanous asyncResp->res.jsonValue["RoleId"] = roleId; 110*bd79bce8SPatrick Williams asyncResp->res.jsonValue["@odata.id"] = boost::urls::format( 111*bd79bce8SPatrick Williams "/redfish/v1/AccountService/Roles/{}", roleId); 112*bd79bce8SPatrick Williams asyncResp->res.jsonValue["AssignedPrivileges"] = 113*bd79bce8SPatrick Williams std::move(*privArray); 1147e860f15SJohn Edward Broadbent }); 1154e49bd4bSLewanczyk, Dawid } 1164e49bd4bSLewanczyk, Dawid 1177e860f15SJohn Edward Broadbent inline void requestRoutesRoleCollection(App& app) 1181abe55efSEd Tanous { 1197e860f15SJohn Edward Broadbent BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/") 120ed398213SEd Tanous .privileges(redfish::privileges::getRoleCollection) 1217e860f15SJohn Edward Broadbent .methods(boost::beast::http::verb::get)( 12245ca1b86SEd Tanous [&app](const crow::Request& req, 1237e860f15SJohn Edward Broadbent const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { 1243ba00073SCarson Labrado if (!redfish::setUpRedfishRoute(app, req, asyncResp)) 12545ca1b86SEd Tanous { 12645ca1b86SEd Tanous return; 12745ca1b86SEd Tanous } 1281476687dSEd Tanous 1291476687dSEd Tanous asyncResp->res.jsonValue["@odata.id"] = 1301476687dSEd Tanous "/redfish/v1/AccountService/Roles"; 1311476687dSEd Tanous asyncResp->res.jsonValue["@odata.type"] = 1321476687dSEd Tanous "#RoleCollection.RoleCollection"; 1331476687dSEd Tanous asyncResp->res.jsonValue["Name"] = "Roles Collection"; 1341476687dSEd Tanous asyncResp->res.jsonValue["Description"] = "BMC User Roles"; 1358fcb65b6SAppaRao Puli 1361e1e598dSJonathan Doman sdbusplus::asio::getProperty<std::vector<std::string>>( 137*bd79bce8SPatrick Williams *crow::connections::systemBus, 138*bd79bce8SPatrick Williams "xyz.openbmc_project.User.Manager", 139*bd79bce8SPatrick Williams "/xyz/openbmc_project/user", 140*bd79bce8SPatrick Williams "xyz.openbmc_project.User.Manager", "AllPrivileges", 1415e7e2dc5SEd Tanous [asyncResp](const boost::system::error_code& ec, 1421e1e598dSJonathan Doman const std::vector<std::string>& privList) { 1438fcb65b6SAppaRao Puli if (ec) 1448fcb65b6SAppaRao Puli { 1458fcb65b6SAppaRao Puli messages::internalError(asyncResp->res); 1468fcb65b6SAppaRao Puli return; 1478fcb65b6SAppaRao Puli } 148*bd79bce8SPatrick Williams nlohmann::json& memberArray = 149*bd79bce8SPatrick Williams asyncResp->res.jsonValue["Members"]; 1508fcb65b6SAppaRao Puli memberArray = nlohmann::json::array(); 1511e1e598dSJonathan Doman for (const std::string& priv : privList) 1528fcb65b6SAppaRao Puli { 1538fcb65b6SAppaRao Puli std::string role = getRoleFromPrivileges(priv); 1548fcb65b6SAppaRao Puli if (!role.empty()) 1558fcb65b6SAppaRao Puli { 1561476687dSEd Tanous nlohmann::json::object_t member; 157ef4c65b7SEd Tanous member["@odata.id"] = boost::urls::format( 158*bd79bce8SPatrick Williams "/redfish/v1/AccountService/Roles/{}", 159*bd79bce8SPatrick Williams role); 160b2ba3072SPatrick Williams memberArray.emplace_back(std::move(member)); 1618fcb65b6SAppaRao Puli } 1628fcb65b6SAppaRao Puli } 1638fcb65b6SAppaRao Puli asyncResp->res.jsonValue["Members@odata.count"] = 1648fcb65b6SAppaRao Puli memberArray.size(); 1651e1e598dSJonathan Doman }); 1667e860f15SJohn Edward Broadbent }); 1674e49bd4bSLewanczyk, Dawid } 1684e49bd4bSLewanczyk, Dawid 1694e49bd4bSLewanczyk, Dawid } // namespace redfish 170