1 /* 2 // Copyright (c) 2018 Intel Corporation 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 */ 16 #pragma once 17 18 #include "node.hpp" 19 20 namespace redfish 21 { 22 23 inline std::string getRoleFromPrivileges(std::string_view priv) 24 { 25 if (priv == "priv-admin") 26 { 27 return "Administrator"; 28 } 29 else if (priv == "priv-callback") 30 { 31 return "Callback"; 32 } 33 else if (priv == "priv-user") 34 { 35 return "User"; 36 } 37 else if (priv == "priv-operator") 38 { 39 return "Operator"; 40 } 41 return ""; 42 } 43 44 inline bool getAssignedPrivFromRole(std::string_view role, 45 nlohmann::json& privArray) 46 { 47 if (role == "Administrator") 48 { 49 privArray = {"Login", "ConfigureManager", "ConfigureUsers", 50 "ConfigureSelf", "ConfigureComponents"}; 51 } 52 else if (role == "Operator") 53 { 54 privArray = {"Login", "ConfigureSelf", "ConfigureComponents"}; 55 } 56 else if (role == "User") 57 { 58 privArray = {"Login", "ConfigureSelf"}; 59 } 60 else if (role == "Callback") 61 { 62 privArray = {"Login"}; 63 } 64 else 65 { 66 return false; 67 } 68 return true; 69 } 70 71 class Roles : public Node 72 { 73 public: 74 Roles(CrowApp& app) : 75 Node(app, "/redfish/v1/AccountService/Roles/<str>/", std::string()) 76 { 77 entityPrivileges = { 78 {boost::beast::http::verb::get, {{"Login"}}}, 79 {boost::beast::http::verb::head, {{"Login"}}}, 80 {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, 81 {boost::beast::http::verb::put, {{"ConfigureManager"}}}, 82 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, 83 {boost::beast::http::verb::post, {{"ConfigureManager"}}}}; 84 } 85 86 private: 87 void doGet(crow::Response& res, const crow::Request& req, 88 const std::vector<std::string>& params) override 89 { 90 if (params.size() != 1) 91 { 92 messages::internalError(res); 93 res.end(); 94 return; 95 } 96 const std::string& roleId = params[0]; 97 nlohmann::json privArray = nlohmann::json::array(); 98 if (false == getAssignedPrivFromRole(roleId, privArray)) 99 { 100 messages::resourceNotFound(res, "Role", roleId); 101 res.end(); 102 return; 103 } 104 105 res.jsonValue = { 106 {"@odata.type", "#Role.v1_0_2.Role"}, 107 {"@odata.context", "/redfish/v1/$metadata#Role.Role"}, 108 {"Name", "User Role"}, 109 {"Description", "Administrator User Role"}, 110 {"OemPrivileges", nlohmann::json::array()}, 111 {"IsPredefined", true}, 112 {"Id", roleId}, 113 {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId}, 114 {"AssignedPrivileges", std::move(privArray)}}; 115 res.end(); 116 } 117 }; 118 119 class RoleCollection : public Node 120 { 121 public: 122 RoleCollection(CrowApp& app) : 123 Node(app, "/redfish/v1/AccountService/Roles/") 124 { 125 entityPrivileges = { 126 {boost::beast::http::verb::get, {{"Login"}}}, 127 {boost::beast::http::verb::head, {{"Login"}}}, 128 {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, 129 {boost::beast::http::verb::put, {{"ConfigureManager"}}}, 130 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, 131 {boost::beast::http::verb::post, {{"ConfigureManager"}}}}; 132 } 133 134 private: 135 void doGet(crow::Response& res, const crow::Request& req, 136 const std::vector<std::string>& params) override 137 { 138 auto asyncResp = std::make_shared<AsyncResp>(res); 139 res.jsonValue = {{"@odata.context", 140 "/redfish/v1/" 141 "$metadata#RoleCollection.RoleCollection"}, 142 {"@odata.id", "/redfish/v1/AccountService/Roles"}, 143 {"@odata.type", "#RoleCollection.RoleCollection"}, 144 {"Name", "Roles Collection"}, 145 {"Description", "BMC User Roles"}}; 146 147 crow::connections::systemBus->async_method_call( 148 [asyncResp]( 149 const boost::system::error_code ec, 150 const sdbusplus::message::variant<std::vector<std::string>>& 151 resp) { 152 if (ec) 153 { 154 messages::internalError(asyncResp->res); 155 return; 156 } 157 nlohmann::json& memberArray = 158 asyncResp->res.jsonValue["Members"]; 159 memberArray = nlohmann::json::array(); 160 const std::vector<std::string>* privList = 161 sdbusplus::message::variant_ns::get_if< 162 std::vector<std::string>>(&resp); 163 for (const std::string& priv : *privList) 164 { 165 std::string role = getRoleFromPrivileges(priv); 166 if (!role.empty()) 167 { 168 memberArray.push_back( 169 {{"@odata.id", 170 "/redfish/v1/AccountService/Roles/" + role}}); 171 } 172 } 173 asyncResp->res.jsonValue["Members@odata.count"] = 174 memberArray.size(); 175 }, 176 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 177 "org.freedesktop.DBus.Properties", "Get", 178 "xyz.openbmc_project.User.Manager", "AllPrivileges"); 179 } 180 }; 181 182 } // namespace redfish 183