1 /* 2 // Copyright (c) 2018 Intel Corporation 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 */ 16 #pragma once 17 18 #include "node.hpp" 19 20 #include <variant> 21 22 namespace redfish 23 { 24 25 inline std::string getRoleFromPrivileges(std::string_view priv) 26 { 27 if (priv == "priv-admin") 28 { 29 return "Administrator"; 30 } 31 else if (priv == "priv-user") 32 { 33 return "ReadOnly"; 34 } 35 else if (priv == "priv-operator") 36 { 37 return "Operator"; 38 } 39 else if (priv == "priv-noaccess") 40 { 41 return "NoAccess"; 42 } 43 return ""; 44 } 45 46 inline bool getAssignedPrivFromRole(std::string_view role, 47 nlohmann::json& privArray) 48 { 49 if (role == "Administrator") 50 { 51 privArray = {"Login", "ConfigureManager", "ConfigureUsers", 52 "ConfigureSelf", "ConfigureComponents"}; 53 } 54 else if (role == "Operator") 55 { 56 privArray = {"Login", "ConfigureSelf", "ConfigureComponents"}; 57 } 58 else if (role == "ReadOnly") 59 { 60 privArray = {"Login", "ConfigureSelf"}; 61 } 62 else if (role == "NoAccess") 63 { 64 privArray = nlohmann::json::array(); 65 } 66 else 67 { 68 return false; 69 } 70 return true; 71 } 72 73 class Roles : public Node 74 { 75 public: 76 Roles(App& app) : 77 Node(app, "/redfish/v1/AccountService/Roles/<str>/", std::string()) 78 { 79 entityPrivileges = { 80 {boost::beast::http::verb::get, {{"Login"}}}, 81 {boost::beast::http::verb::head, {{"Login"}}}, 82 {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, 83 {boost::beast::http::verb::put, {{"ConfigureManager"}}}, 84 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, 85 {boost::beast::http::verb::post, {{"ConfigureManager"}}}}; 86 } 87 88 private: 89 void doGet(crow::Response& res, const crow::Request&, 90 const std::vector<std::string>& params) override 91 { 92 if (params.size() != 1) 93 { 94 messages::internalError(res); 95 res.end(); 96 return; 97 } 98 const std::string& roleId = params[0]; 99 nlohmann::json privArray = nlohmann::json::array(); 100 if (false == getAssignedPrivFromRole(roleId, privArray)) 101 { 102 messages::resourceNotFound(res, "Role", roleId); 103 res.end(); 104 return; 105 } 106 107 res.jsonValue = { 108 {"@odata.type", "#Role.v1_2_2.Role"}, 109 {"Name", "User Role"}, 110 {"Description", roleId + " User Role"}, 111 {"OemPrivileges", nlohmann::json::array()}, 112 {"IsPredefined", true}, 113 {"Id", roleId}, 114 {"RoleId", roleId}, 115 {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId}, 116 {"AssignedPrivileges", std::move(privArray)}}; 117 res.end(); 118 } 119 }; 120 121 class RoleCollection : public Node 122 { 123 public: 124 RoleCollection(App& app) : Node(app, "/redfish/v1/AccountService/Roles/") 125 { 126 entityPrivileges = { 127 {boost::beast::http::verb::get, {{"Login"}}}, 128 {boost::beast::http::verb::head, {{"Login"}}}, 129 {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, 130 {boost::beast::http::verb::put, {{"ConfigureManager"}}}, 131 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, 132 {boost::beast::http::verb::post, {{"ConfigureManager"}}}}; 133 } 134 135 private: 136 void doGet(crow::Response& res, const crow::Request&, 137 const std::vector<std::string>&) override 138 { 139 auto asyncResp = std::make_shared<AsyncResp>(res); 140 res.jsonValue = {{"@odata.id", "/redfish/v1/AccountService/Roles"}, 141 {"@odata.type", "#RoleCollection.RoleCollection"}, 142 {"Name", "Roles Collection"}, 143 {"Description", "BMC User Roles"}}; 144 145 crow::connections::systemBus->async_method_call( 146 [asyncResp](const boost::system::error_code ec, 147 const std::variant<std::vector<std::string>>& resp) { 148 if (ec) 149 { 150 messages::internalError(asyncResp->res); 151 return; 152 } 153 nlohmann::json& memberArray = 154 asyncResp->res.jsonValue["Members"]; 155 memberArray = nlohmann::json::array(); 156 const std::vector<std::string>* privList = 157 std::get_if<std::vector<std::string>>(&resp); 158 if (privList == nullptr) 159 { 160 messages::internalError(asyncResp->res); 161 return; 162 } 163 for (const std::string& priv : *privList) 164 { 165 std::string role = getRoleFromPrivileges(priv); 166 if (!role.empty()) 167 { 168 memberArray.push_back( 169 {{"@odata.id", 170 "/redfish/v1/AccountService/Roles/" + role}}); 171 } 172 } 173 asyncResp->res.jsonValue["Members@odata.count"] = 174 memberArray.size(); 175 }, 176 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 177 "org.freedesktop.DBus.Properties", "Get", 178 "xyz.openbmc_project.User.Manager", "AllPrivileges"); 179 } 180 }; 181 182 } // namespace redfish 183