1 /* 2 // Copyright (c) 2018 Intel Corporation 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 */ 16 #pragma once 17 18 #include <app.hpp> 19 20 #include <variant> 21 22 namespace redfish 23 { 24 25 inline std::string getRoleFromPrivileges(std::string_view priv) 26 { 27 if (priv == "priv-admin") 28 { 29 return "Administrator"; 30 } 31 if (priv == "priv-user") 32 { 33 return "ReadOnly"; 34 } 35 if (priv == "priv-operator") 36 { 37 return "Operator"; 38 } 39 if (priv == "priv-noaccess") 40 { 41 return "NoAccess"; 42 } 43 return ""; 44 } 45 46 inline bool getAssignedPrivFromRole(std::string_view role, 47 nlohmann::json& privArray) 48 { 49 if (role == "Administrator") 50 { 51 privArray = {"Login", "ConfigureManager", "ConfigureUsers", 52 "ConfigureSelf", "ConfigureComponents"}; 53 } 54 else if (role == "Operator") 55 { 56 privArray = {"Login", "ConfigureSelf", "ConfigureComponents"}; 57 } 58 else if (role == "ReadOnly") 59 { 60 privArray = {"Login", "ConfigureSelf"}; 61 } 62 else if (role == "NoAccess") 63 { 64 privArray = nlohmann::json::array(); 65 } 66 else 67 { 68 return false; 69 } 70 return true; 71 } 72 73 inline void requestRoutesRoles(App& app) 74 { 75 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/") 76 .privileges({"Login"}) 77 .methods(boost::beast::http::verb::get)( 78 [](const crow::Request&, 79 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 80 const std::string& roleId) { 81 nlohmann::json privArray = nlohmann::json::array(); 82 if (false == getAssignedPrivFromRole(roleId, privArray)) 83 { 84 messages::resourceNotFound(asyncResp->res, "Role", roleId); 85 86 return; 87 } 88 89 asyncResp->res.jsonValue = { 90 {"@odata.type", "#Role.v1_2_2.Role"}, 91 {"Name", "User Role"}, 92 {"Description", roleId + " User Role"}, 93 {"OemPrivileges", nlohmann::json::array()}, 94 {"IsPredefined", true}, 95 {"Id", roleId}, 96 {"RoleId", roleId}, 97 {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId}, 98 {"AssignedPrivileges", std::move(privArray)}}; 99 }); 100 } 101 102 inline void requestRoutesRoleCollection(App& app) 103 { 104 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/") 105 .privileges({"Login"}) 106 .methods(boost::beast::http::verb::get)( 107 [](const crow::Request&, 108 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { 109 asyncResp->res.jsonValue = { 110 {"@odata.id", "/redfish/v1/AccountService/Roles"}, 111 {"@odata.type", "#RoleCollection.RoleCollection"}, 112 {"Name", "Roles Collection"}, 113 {"Description", "BMC User Roles"}}; 114 115 crow::connections::systemBus->async_method_call( 116 [asyncResp]( 117 const boost::system::error_code ec, 118 const std::variant<std::vector<std::string>>& resp) { 119 if (ec) 120 { 121 messages::internalError(asyncResp->res); 122 return; 123 } 124 nlohmann::json& memberArray = 125 asyncResp->res.jsonValue["Members"]; 126 memberArray = nlohmann::json::array(); 127 const std::vector<std::string>* privList = 128 std::get_if<std::vector<std::string>>(&resp); 129 if (privList == nullptr) 130 { 131 messages::internalError(asyncResp->res); 132 return; 133 } 134 for (const std::string& priv : *privList) 135 { 136 std::string role = getRoleFromPrivileges(priv); 137 if (!role.empty()) 138 { 139 memberArray.push_back( 140 {{"@odata.id", 141 "/redfish/v1/AccountService/Roles/" + 142 role}}); 143 } 144 } 145 asyncResp->res.jsonValue["Members@odata.count"] = 146 memberArray.size(); 147 }, 148 "xyz.openbmc_project.User.Manager", 149 "/xyz/openbmc_project/user", 150 "org.freedesktop.DBus.Properties", "Get", 151 "xyz.openbmc_project.User.Manager", "AllPrivileges"); 152 }); 153 } 154 155 } // namespace redfish 156