xref: /openbmc/bmcweb/features/redfish/lib/roles.hpp (revision 45ca1b868e47978a4d2e8ebb680cb384e804c97e) 
1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16 #pragma once
17 
18 #include <app.hpp>
19 #include <dbus_utility.hpp>
20 #include <query.hpp>
21 #include <registries/privilege_registry.hpp>
22 #include <sdbusplus/asio/property.hpp>
23 
24 #include <variant>
25 namespace redfish
26 {
27 
28 inline std::string getRoleFromPrivileges(std::string_view priv)
29 {
30     if (priv == "priv-admin")
31     {
32         return "Administrator";
33     }
34     if (priv == "priv-user")
35     {
36         return "ReadOnly";
37     }
38     if (priv == "priv-operator")
39     {
40         return "Operator";
41     }
42     if (priv == "priv-noaccess")
43     {
44         return "NoAccess";
45     }
46     return "";
47 }
48 
49 inline bool getAssignedPrivFromRole(std::string_view role,
50                                     nlohmann::json& privArray)
51 {
52     if (role == "Administrator")
53     {
54         privArray = {"Login", "ConfigureManager", "ConfigureUsers",
55                      "ConfigureSelf", "ConfigureComponents"};
56     }
57     else if (role == "Operator")
58     {
59         privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
60     }
61     else if (role == "ReadOnly")
62     {
63         privArray = {"Login", "ConfigureSelf"};
64     }
65     else if (role == "NoAccess")
66     {
67         privArray = nlohmann::json::array();
68     }
69     else
70     {
71         return false;
72     }
73     return true;
74 }
75 
76 inline void requestRoutesRoles(App& app)
77 {
78     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
79         .privileges(redfish::privileges::getRole)
80         .methods(boost::beast::http::verb::get)(
81             [&app](const crow::Request& req,
82                    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
83                    const std::string& roleId) {
84                 if (!redfish::setUpRedfishRoute(app, req, asyncResp->res))
85                 {
86                     return;
87                 }
88                 nlohmann::json privArray = nlohmann::json::array();
89                 if (!getAssignedPrivFromRole(roleId, privArray))
90                 {
91                     messages::resourceNotFound(asyncResp->res, "Role", roleId);
92 
93                     return;
94                 }
95 
96                 asyncResp->res.jsonValue = {
97                     {"@odata.type", "#Role.v1_2_2.Role"},
98                     {"Name", "User Role"},
99                     {"Description", roleId + " User Role"},
100                     {"OemPrivileges", nlohmann::json::array()},
101                     {"IsPredefined", true},
102                     {"Id", roleId},
103                     {"RoleId", roleId},
104                     {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId},
105                     {"AssignedPrivileges", std::move(privArray)}};
106             });
107 }
108 
109 inline void requestRoutesRoleCollection(App& app)
110 {
111     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
112         .privileges(redfish::privileges::getRoleCollection)
113         .methods(boost::beast::http::verb::get)(
114             [&app](const crow::Request& req,
115                    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
116                 if (!redfish::setUpRedfishRoute(app, req, asyncResp->res))
117                 {
118                     return;
119                 }
120                 asyncResp->res.jsonValue = {
121                     {"@odata.id", "/redfish/v1/AccountService/Roles"},
122                     {"@odata.type", "#RoleCollection.RoleCollection"},
123                     {"Name", "Roles Collection"},
124                     {"Description", "BMC User Roles"}};
125 
126                 sdbusplus::asio::getProperty<std::vector<std::string>>(
127                     *crow::connections::systemBus,
128                     "xyz.openbmc_project.User.Manager",
129                     "/xyz/openbmc_project/user",
130                     "xyz.openbmc_project.User.Manager", "AllPrivileges",
131                     [asyncResp](const boost::system::error_code ec,
132                                 const std::vector<std::string>& privList) {
133                         if (ec)
134                         {
135                             messages::internalError(asyncResp->res);
136                             return;
137                         }
138                         nlohmann::json& memberArray =
139                             asyncResp->res.jsonValue["Members"];
140                         memberArray = nlohmann::json::array();
141                         for (const std::string& priv : privList)
142                         {
143                             std::string role = getRoleFromPrivileges(priv);
144                             if (!role.empty())
145                             {
146                                 memberArray.push_back(
147                                     {{"@odata.id",
148                                       "/redfish/v1/AccountService/Roles/" +
149                                           role}});
150                             }
151                         }
152                         asyncResp->res.jsonValue["Members@odata.count"] =
153                             memberArray.size();
154                     });
155             });
156 }
157 
158 } // namespace redfish
159