xref: /openbmc/bmcweb/redfish-core/lib/roles.hpp (revision 4cee35e7)

/*
// Copyright (c) 2018 Intel Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
*/
#pragma once

#include <app.hpp>
#include <dbus_utility.hpp>
#include <query.hpp>
#include <registries/privilege_registry.hpp>
#include <sdbusplus/asio/property.hpp>

#include <variant>
namespace redfish
{

inline std::string getRoleFromPrivileges(std::string_view priv)
{
    if (priv == "priv-admin")
    {
        return "Administrator";
    }
    if (priv == "priv-user")
    {
        return "ReadOnly";
    }
    if (priv == "priv-operator")
    {
        return "Operator";
    }
    if (priv == "priv-noaccess")
    {
        return "NoAccess";
    }
    return "";
}

inline bool getAssignedPrivFromRole(std::string_view role,
                                    nlohmann::json& privArray)
{
    if (role == "Administrator")
    {
        privArray = {"Login", "ConfigureManager", "ConfigureUsers",
                     "ConfigureSelf", "ConfigureComponents"};
    }
    else if (role == "Operator")
    {
        privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
    }
    else if (role == "ReadOnly")
    {
        privArray = {"Login", "ConfigureSelf"};
    }
    else if (role == "NoAccess")
    {
        privArray = nlohmann::json::array();
    }
    else
    {
        return false;
    }
    return true;
}

inline void requestRoutesRoles(App& app)
{
    BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
        .privileges(redfish::privileges::getRole)
        .methods(boost::beast::http::verb::get)(
            [&app](const crow::Request& req,
                   const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
                   const std::string& roleId) {
                if (!redfish::setUpRedfishRoute(app, req, asyncResp->res))
                {
                    return;
                }
                nlohmann::json privArray = nlohmann::json::array();
                if (!getAssignedPrivFromRole(roleId, privArray))
                {
                    messages::resourceNotFound(asyncResp->res, "Role", roleId);

                    return;
                }

                asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
                asyncResp->res.jsonValue["Name"] = "User Role";
                asyncResp->res.jsonValue["Description"] = roleId + " User Role";
                asyncResp->res.jsonValue["OemPrivileges"] =
                    nlohmann::json::array();
                asyncResp->res.jsonValue["IsPredefined"] = true;
                asyncResp->res.jsonValue["Id"] = roleId;
                asyncResp->res.jsonValue["RoleId"] = roleId;
                asyncResp->res.jsonValue["@odata.id"] =
                    "/redfish/v1/AccountService/Roles/" + roleId;
                asyncResp->res.jsonValue["AssignedPrivileges"] =
                    std::move(privArray);
            });
}

inline void requestRoutesRoleCollection(App& app)
{
    BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
        .privileges(redfish::privileges::getRoleCollection)
        .methods(boost::beast::http::verb::get)(
            [&app](const crow::Request& req,
                   const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
                if (!redfish::setUpRedfishRoute(app, req, asyncResp->res))
                {
                    return;
                }

                asyncResp->res.jsonValue["@odata.id"] =
                    "/redfish/v1/AccountService/Roles";
                asyncResp->res.jsonValue["@odata.type"] =
                    "#RoleCollection.RoleCollection";
                asyncResp->res.jsonValue["Name"] = "Roles Collection";
                asyncResp->res.jsonValue["Description"] = "BMC User Roles";

                sdbusplus::asio::getProperty<std::vector<std::string>>(
                    *crow::connections::systemBus,
                    "xyz.openbmc_project.User.Manager",
                    "/xyz/openbmc_project/user",
                    "xyz.openbmc_project.User.Manager", "AllPrivileges",
                    [asyncResp](const boost::system::error_code ec,
                                const std::vector<std::string>& privList) {
                        if (ec)
                        {
                            messages::internalError(asyncResp->res);
                            return;
                        }
                        nlohmann::json& memberArray =
                            asyncResp->res.jsonValue["Members"];
                        memberArray = nlohmann::json::array();
                        for (const std::string& priv : privList)
                        {
                            std::string role = getRoleFromPrivileges(priv);
                            if (!role.empty())
                            {
                                nlohmann::json::object_t member;
                                member["@odata.id"] =
                                    "/redfish/v1/AccountService/Roles/" + role;
                                memberArray.push_back(std::move(member));
                            }
                        }
                        asyncResp->res.jsonValue["Members@odata.count"] =
                            memberArray.size();
                    });
            });
}

} // namespace redfish