xref: /openbmc/bmcweb/features/redfish/lib/roles.hpp (revision deae6a789444debc4724fb6902fc5def299afbee) 
14e49bd4bSLewanczyk, Dawid /*
26be832e2SEd Tanous Copyright (c) 2018 Intel Corporation
36be832e2SEd Tanous 
46be832e2SEd Tanous Licensed under the Apache License, Version 2.0 (the "License");
56be832e2SEd Tanous you may not use this file except in compliance with the License.
66be832e2SEd Tanous You may obtain a copy of the License at
76be832e2SEd Tanous 
86be832e2SEd Tanous       http://www.apache.org/licenses/LICENSE-2.0
96be832e2SEd Tanous 
106be832e2SEd Tanous Unless required by applicable law or agreed to in writing, software
116be832e2SEd Tanous distributed under the License is distributed on an "AS IS" BASIS,
126be832e2SEd Tanous WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
136be832e2SEd Tanous See the License for the specific language governing permissions and
146be832e2SEd Tanous limitations under the License.
154e49bd4bSLewanczyk, Dawid */
164e49bd4bSLewanczyk, Dawid #pragma once
174e49bd4bSLewanczyk, Dawid 
183ccb3adbSEd Tanous #include "app.hpp"
193ccb3adbSEd Tanous #include "dbus_utility.hpp"
203ccb3adbSEd Tanous #include "query.hpp"
213ccb3adbSEd Tanous #include "registries/privilege_registry.hpp"
223ccb3adbSEd Tanous 
23ef4c65b7SEd Tanous #include <boost/url/format.hpp>
2420fa6a2cSEd Tanous #include <nlohmann/json.hpp>
251e1e598dSJonathan Doman #include <sdbusplus/asio/property.hpp>
264e49bd4bSLewanczyk, Dawid 
2720fa6a2cSEd Tanous #include <optional>
2820fa6a2cSEd Tanous #include <string_view>
29abf2add6SEd Tanous #include <variant>
301abe55efSEd Tanous namespace redfish
311abe55efSEd Tanous {
324e49bd4bSLewanczyk, Dawid 
338fcb65b6SAppaRao Puli inline std::string getRoleFromPrivileges(std::string_view priv)
348fcb65b6SAppaRao Puli {
358fcb65b6SAppaRao Puli     if (priv == "priv-admin")
368fcb65b6SAppaRao Puli     {
378fcb65b6SAppaRao Puli         return "Administrator";
388fcb65b6SAppaRao Puli     }
393174e4dfSEd Tanous     if (priv == "priv-user")
408fcb65b6SAppaRao Puli     {
41c80fee55SAppaRao Puli         return "ReadOnly";
428fcb65b6SAppaRao Puli     }
433174e4dfSEd Tanous     if (priv == "priv-operator")
448fcb65b6SAppaRao Puli     {
458fcb65b6SAppaRao Puli         return "Operator";
468fcb65b6SAppaRao Puli     }
478fcb65b6SAppaRao Puli     return "";
488fcb65b6SAppaRao Puli }
498fcb65b6SAppaRao Puli 
5020fa6a2cSEd Tanous inline std::optional<nlohmann::json::array_t>
5120fa6a2cSEd Tanous     getAssignedPrivFromRole(std::string_view role)
528fcb65b6SAppaRao Puli {
5320fa6a2cSEd Tanous     nlohmann::json::array_t privArray;
548fcb65b6SAppaRao Puli     if (role == "Administrator")
558fcb65b6SAppaRao Puli     {
5620fa6a2cSEd Tanous         privArray.emplace_back("Login");
5720fa6a2cSEd Tanous         privArray.emplace_back("ConfigureManager");
5820fa6a2cSEd Tanous         privArray.emplace_back("ConfigureUsers");
5920fa6a2cSEd Tanous         privArray.emplace_back("ConfigureSelf");
6020fa6a2cSEd Tanous         privArray.emplace_back("ConfigureComponents");
618fcb65b6SAppaRao Puli     }
628fcb65b6SAppaRao Puli     else if (role == "Operator")
638fcb65b6SAppaRao Puli     {
6420fa6a2cSEd Tanous         privArray.emplace_back("Login");
6520fa6a2cSEd Tanous         privArray.emplace_back("ConfigureSelf");
6620fa6a2cSEd Tanous         privArray.emplace_back("ConfigureComponents");
678fcb65b6SAppaRao Puli     }
68c80fee55SAppaRao Puli     else if (role == "ReadOnly")
698fcb65b6SAppaRao Puli     {
7020fa6a2cSEd Tanous         privArray.emplace_back("Login");
7120fa6a2cSEd Tanous         privArray.emplace_back("ConfigureSelf");
728fcb65b6SAppaRao Puli     }
738fcb65b6SAppaRao Puli     else
748fcb65b6SAppaRao Puli     {
7520fa6a2cSEd Tanous         return std::nullopt;
768fcb65b6SAppaRao Puli     }
7720fa6a2cSEd Tanous     return privArray;
788fcb65b6SAppaRao Puli }
798fcb65b6SAppaRao Puli 
807e860f15SJohn Edward Broadbent inline void requestRoutesRoles(App& app)
811abe55efSEd Tanous {
827e860f15SJohn Edward Broadbent     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
83ed398213SEd Tanous         .privileges(redfish::privileges::getRole)
847e860f15SJohn Edward Broadbent         .methods(boost::beast::http::verb::get)(
8545ca1b86SEd Tanous             [&app](const crow::Request& req,
867e860f15SJohn Edward Broadbent                    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
877e860f15SJohn Edward Broadbent                    const std::string& roleId) {
883ba00073SCarson Labrado                 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
8945ca1b86SEd Tanous                 {
9045ca1b86SEd Tanous                     return;
9145ca1b86SEd Tanous                 }
9220fa6a2cSEd Tanous 
9320fa6a2cSEd Tanous                 std::optional<nlohmann::json::array_t> privArray =
9420fa6a2cSEd Tanous                     getAssignedPrivFromRole(roleId);
9520fa6a2cSEd Tanous                 if (!privArray)
968fcb65b6SAppaRao Puli                 {
978d1b46d7Szhanghch05                     messages::resourceNotFound(asyncResp->res, "Role", roleId);
988d1b46d7Szhanghch05 
998fcb65b6SAppaRao Puli                     return;
1008fcb65b6SAppaRao Puli                 }
1018fcb65b6SAppaRao Puli 
1021476687dSEd Tanous                 asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
1031476687dSEd Tanous                 asyncResp->res.jsonValue["Name"] = "User Role";
1041476687dSEd Tanous                 asyncResp->res.jsonValue["Description"] = roleId + " User Role";
105bd79bce8SPatrick Williams                 asyncResp->res.jsonValue["OemPrivileges"] =
106bd79bce8SPatrick Williams                     nlohmann::json::array();
1071476687dSEd Tanous                 asyncResp->res.jsonValue["IsPredefined"] = true;
1081476687dSEd Tanous                 asyncResp->res.jsonValue["Id"] = roleId;
1091476687dSEd Tanous                 asyncResp->res.jsonValue["RoleId"] = roleId;
110bd79bce8SPatrick Williams                 asyncResp->res.jsonValue["@odata.id"] = boost::urls::format(
111bd79bce8SPatrick Williams                     "/redfish/v1/AccountService/Roles/{}", roleId);
112bd79bce8SPatrick Williams                 asyncResp->res.jsonValue["AssignedPrivileges"] =
113bd79bce8SPatrick Williams                     std::move(*privArray);
1147e860f15SJohn Edward Broadbent             });
1154e49bd4bSLewanczyk, Dawid }
1164e49bd4bSLewanczyk, Dawid 
1177e860f15SJohn Edward Broadbent inline void requestRoutesRoleCollection(App& app)
1181abe55efSEd Tanous {
1197e860f15SJohn Edward Broadbent     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
120ed398213SEd Tanous         .privileges(redfish::privileges::getRoleCollection)
1217e860f15SJohn Edward Broadbent         .methods(boost::beast::http::verb::get)(
12245ca1b86SEd Tanous             [&app](const crow::Request& req,
1237e860f15SJohn Edward Broadbent                    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
1243ba00073SCarson Labrado                 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
12545ca1b86SEd Tanous                 {
12645ca1b86SEd Tanous                     return;
12745ca1b86SEd Tanous                 }
1281476687dSEd Tanous 
1291476687dSEd Tanous                 asyncResp->res.jsonValue["@odata.id"] =
1301476687dSEd Tanous                     "/redfish/v1/AccountService/Roles";
1311476687dSEd Tanous                 asyncResp->res.jsonValue["@odata.type"] =
1321476687dSEd Tanous                     "#RoleCollection.RoleCollection";
1331476687dSEd Tanous                 asyncResp->res.jsonValue["Name"] = "Roles Collection";
1341476687dSEd Tanous                 asyncResp->res.jsonValue["Description"] = "BMC User Roles";
1358fcb65b6SAppaRao Puli 
136*deae6a78SEd Tanous                 dbus::utility::getProperty<std::vector<std::string>>(
137bd79bce8SPatrick Williams                     "xyz.openbmc_project.User.Manager",
138bd79bce8SPatrick Williams                     "/xyz/openbmc_project/user",
139bd79bce8SPatrick Williams                     "xyz.openbmc_project.User.Manager", "AllPrivileges",
1405e7e2dc5SEd Tanous                     [asyncResp](const boost::system::error_code& ec,
1411e1e598dSJonathan Doman                                 const std::vector<std::string>& privList) {
1428fcb65b6SAppaRao Puli                         if (ec)
1438fcb65b6SAppaRao Puli                         {
1448fcb65b6SAppaRao Puli                             messages::internalError(asyncResp->res);
1458fcb65b6SAppaRao Puli                             return;
1468fcb65b6SAppaRao Puli                         }
147bd79bce8SPatrick Williams                         nlohmann::json& memberArray =
148bd79bce8SPatrick Williams                             asyncResp->res.jsonValue["Members"];
1498fcb65b6SAppaRao Puli                         memberArray = nlohmann::json::array();
1501e1e598dSJonathan Doman                         for (const std::string& priv : privList)
1518fcb65b6SAppaRao Puli                         {
1528fcb65b6SAppaRao Puli                             std::string role = getRoleFromPrivileges(priv);
1538fcb65b6SAppaRao Puli                             if (!role.empty())
1548fcb65b6SAppaRao Puli                             {
1551476687dSEd Tanous                                 nlohmann::json::object_t member;
156ef4c65b7SEd Tanous                                 member["@odata.id"] = boost::urls::format(
157bd79bce8SPatrick Williams                                     "/redfish/v1/AccountService/Roles/{}",
158bd79bce8SPatrick Williams                                     role);
159b2ba3072SPatrick Williams                                 memberArray.emplace_back(std::move(member));
1608fcb65b6SAppaRao Puli                             }
1618fcb65b6SAppaRao Puli                         }
1628fcb65b6SAppaRao Puli                         asyncResp->res.jsonValue["Members@odata.count"] =
1638fcb65b6SAppaRao Puli                             memberArray.size();
1641e1e598dSJonathan Doman                     });
1657e860f15SJohn Edward Broadbent             });
1664e49bd4bSLewanczyk, Dawid }
1674e49bd4bSLewanczyk, Dawid 
1684e49bd4bSLewanczyk, Dawid } // namespace redfish
169