xref: /openbmc/bmcweb/redfish-core/lib/roles.hpp (revision 90e97e1d26b78d899a543831a8051dacbbdde71a)
1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16 #pragma once
17 
18 #include <app.hpp>
19 
20 #include <variant>
21 
22 namespace redfish
23 {
24 
25 inline std::string getRoleFromPrivileges(std::string_view priv)
26 {
27     if (priv == "priv-admin")
28     {
29         return "Administrator";
30     }
31     if (priv == "priv-user")
32     {
33         return "ReadOnly";
34     }
35     if (priv == "priv-operator")
36     {
37         return "Operator";
38     }
39     if (priv == "priv-noaccess")
40     {
41         return "NoAccess";
42     }
43     return "";
44 }
45 
46 inline bool getAssignedPrivFromRole(std::string_view role,
47                                     nlohmann::json& privArray)
48 {
49     if (role == "Administrator")
50     {
51         privArray = {"Login", "ConfigureManager", "ConfigureUsers",
52                      "ConfigureSelf", "ConfigureComponents"};
53     }
54     else if (role == "Operator")
55     {
56         privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
57     }
58     else if (role == "ReadOnly")
59     {
60         privArray = {"Login", "ConfigureSelf"};
61     }
62     else if (role == "NoAccess")
63     {
64         privArray = nlohmann::json::array();
65     }
66     else
67     {
68         return false;
69     }
70     return true;
71 }
72 
73 inline void requestRoutesRoles(App& app)
74 {
75     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
76         .privileges({"Login"})
77         .methods(boost::beast::http::verb::get)(
78             [](const crow::Request&,
79                const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
80                const std::string& roleId) {
81                 nlohmann::json privArray = nlohmann::json::array();
82                 if (false == getAssignedPrivFromRole(roleId, privArray))
83                 {
84                     messages::resourceNotFound(asyncResp->res, "Role", roleId);
85 
86                     return;
87                 }
88 
89                 asyncResp->res.jsonValue = {
90                     {"@odata.type", "#Role.v1_2_2.Role"},
91                     {"Name", "User Role"},
92                     {"Description", roleId + " User Role"},
93                     {"OemPrivileges", nlohmann::json::array()},
94                     {"IsPredefined", true},
95                     {"Id", roleId},
96                     {"RoleId", roleId},
97                     {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId},
98                     {"AssignedPrivileges", std::move(privArray)}};
99             });
100 }
101 
102 inline void requestRoutesRoleCollection(App& app)
103 {
104     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
105         .privileges({"Login"})
106         .methods(boost::beast::http::verb::get)(
107             [](const crow::Request&,
108                const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
109                 asyncResp->res.jsonValue = {
110                     {"@odata.id", "/redfish/v1/AccountService/Roles"},
111                     {"@odata.type", "#RoleCollection.RoleCollection"},
112                     {"Name", "Roles Collection"},
113                     {"Description", "BMC User Roles"}};
114 
115                 crow::connections::systemBus->async_method_call(
116                     [asyncResp](
117                         const boost::system::error_code ec,
118                         const std::variant<std::vector<std::string>>& resp) {
119                         if (ec)
120                         {
121                             messages::internalError(asyncResp->res);
122                             return;
123                         }
124                         nlohmann::json& memberArray =
125                             asyncResp->res.jsonValue["Members"];
126                         memberArray = nlohmann::json::array();
127                         const std::vector<std::string>* privList =
128                             std::get_if<std::vector<std::string>>(&resp);
129                         if (privList == nullptr)
130                         {
131                             messages::internalError(asyncResp->res);
132                             return;
133                         }
134                         for (const std::string& priv : *privList)
135                         {
136                             std::string role = getRoleFromPrivileges(priv);
137                             if (!role.empty())
138                             {
139                                 memberArray.push_back(
140                                     {{"@odata.id",
141                                       "/redfish/v1/AccountService/Roles/" +
142                                           role}});
143                             }
144                         }
145                         asyncResp->res.jsonValue["Members@odata.count"] =
146                             memberArray.size();
147                     },
148                     "xyz.openbmc_project.User.Manager",
149                     "/xyz/openbmc_project/user",
150                     "org.freedesktop.DBus.Properties", "Get",
151                     "xyz.openbmc_project.User.Manager", "AllPrivileges");
152             });
153 }
154 
155 } // namespace redfish
156