xref: /openbmc/bmcweb/redfish-core/lib/roles.hpp (revision 141d9431) 
1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16 #pragma once
17 
18 #include <app.hpp>
19 #include <dbus_utility.hpp>
20 #include <registries/privilege_registry.hpp>
21 #include <sdbusplus/asio/property.hpp>
22 
23 #include <variant>
24 namespace redfish
25 {
26 
27 inline std::string getRoleFromPrivileges(std::string_view priv)
28 {
29     if (priv == "priv-admin")
30     {
31         return "Administrator";
32     }
33     if (priv == "priv-user")
34     {
35         return "ReadOnly";
36     }
37     if (priv == "priv-operator")
38     {
39         return "Operator";
40     }
41     if (priv == "priv-noaccess")
42     {
43         return "NoAccess";
44     }
45     return "";
46 }
47 
48 inline bool getAssignedPrivFromRole(std::string_view role,
49                                     nlohmann::json& privArray)
50 {
51     if (role == "Administrator")
52     {
53         privArray = {"Login", "ConfigureManager", "ConfigureUsers",
54                      "ConfigureSelf", "ConfigureComponents"};
55     }
56     else if (role == "Operator")
57     {
58         privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
59     }
60     else if (role == "ReadOnly")
61     {
62         privArray = {"Login", "ConfigureSelf"};
63     }
64     else if (role == "NoAccess")
65     {
66         privArray = nlohmann::json::array();
67     }
68     else
69     {
70         return false;
71     }
72     return true;
73 }
74 
75 inline void requestRoutesRoles(App& app)
76 {
77     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
78         .privileges(redfish::privileges::getRole)
79         .methods(boost::beast::http::verb::get)(
80             [](const crow::Request&,
81                const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
82                const std::string& roleId) {
83                 nlohmann::json privArray = nlohmann::json::array();
84                 if (false == getAssignedPrivFromRole(roleId, privArray))
85                 {
86                     messages::resourceNotFound(asyncResp->res, "Role", roleId);
87 
88                     return;
89                 }
90 
91                 asyncResp->res.jsonValue = {
92                     {"@odata.type", "#Role.v1_2_2.Role"},
93                     {"Name", "User Role"},
94                     {"Description", roleId + " User Role"},
95                     {"OemPrivileges", nlohmann::json::array()},
96                     {"IsPredefined", true},
97                     {"Id", roleId},
98                     {"RoleId", roleId},
99                     {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId},
100                     {"AssignedPrivileges", std::move(privArray)}};
101             });
102 }
103 
104 inline void requestRoutesRoleCollection(App& app)
105 {
106     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
107         .privileges(redfish::privileges::getRoleCollection)
108         .methods(boost::beast::http::verb::get)(
109             [](const crow::Request&,
110                const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
111                 asyncResp->res.jsonValue = {
112                     {"@odata.id", "/redfish/v1/AccountService/Roles"},
113                     {"@odata.type", "#RoleCollection.RoleCollection"},
114                     {"Name", "Roles Collection"},
115                     {"Description", "BMC User Roles"}};
116 
117                 sdbusplus::asio::getProperty<std::vector<std::string>>(
118                     *crow::connections::systemBus,
119                     "xyz.openbmc_project.User.Manager",
120                     "/xyz/openbmc_project/user",
121                     "xyz.openbmc_project.User.Manager", "AllPrivileges",
122                     [asyncResp](const boost::system::error_code ec,
123                                 const std::vector<std::string>& privList) {
124                         if (ec)
125                         {
126                             messages::internalError(asyncResp->res);
127                             return;
128                         }
129                         nlohmann::json& memberArray =
130                             asyncResp->res.jsonValue["Members"];
131                         memberArray = nlohmann::json::array();
132                         for (const std::string& priv : privList)
133                         {
134                             std::string role = getRoleFromPrivileges(priv);
135                             if (!role.empty())
136                             {
137                                 memberArray.push_back(
138                                     {{"@odata.id",
139                                       "/redfish/v1/AccountService/Roles/" +
140                                           role}});
141                             }
142                         }
143                         asyncResp->res.jsonValue["Members@odata.count"] =
144                             memberArray.size();
145                     });
146             });
147 }
148 
149 } // namespace redfish
150