xref: /openbmc/bmcweb/redfish-core/lib/roles.hpp (revision 9d424669) 
1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16 #pragma once
17 
18 #include <app.hpp>
19 #include <registries/privilege_registry.hpp>
20 
21 #include <variant>
22 
23 namespace redfish
24 {
25 
26 inline std::string getRoleFromPrivileges(std::string_view priv)
27 {
28     if (priv == "priv-admin")
29     {
30         return "Administrator";
31     }
32     if (priv == "priv-user")
33     {
34         return "ReadOnly";
35     }
36     if (priv == "priv-operator")
37     {
38         return "Operator";
39     }
40     if (priv == "priv-noaccess")
41     {
42         return "NoAccess";
43     }
44     return "";
45 }
46 
47 inline bool getAssignedPrivFromRole(std::string_view role,
48                                     nlohmann::json& privArray)
49 {
50     if (role == "Administrator")
51     {
52         privArray = {"Login", "ConfigureManager", "ConfigureUsers",
53                      "ConfigureSelf", "ConfigureComponents"};
54     }
55     else if (role == "Operator")
56     {
57         privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
58     }
59     else if (role == "ReadOnly")
60     {
61         privArray = {"Login", "ConfigureSelf"};
62     }
63     else if (role == "NoAccess")
64     {
65         privArray = nlohmann::json::array();
66     }
67     else
68     {
69         return false;
70     }
71     return true;
72 }
73 
74 inline void requestRoutesRoles(App& app)
75 {
76     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
77         .privileges(redfish::privileges::getRole)
78         .methods(boost::beast::http::verb::get)(
79             [](const crow::Request&,
80                const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
81                const std::string& roleId) {
82                 nlohmann::json privArray = nlohmann::json::array();
83                 if (false == getAssignedPrivFromRole(roleId, privArray))
84                 {
85                     messages::resourceNotFound(asyncResp->res, "Role", roleId);
86 
87                     return;
88                 }
89 
90                 asyncResp->res.jsonValue = {
91                     {"@odata.type", "#Role.v1_2_2.Role"},
92                     {"Name", "User Role"},
93                     {"Description", roleId + " User Role"},
94                     {"OemPrivileges", nlohmann::json::array()},
95                     {"IsPredefined", true},
96                     {"Id", roleId},
97                     {"RoleId", roleId},
98                     {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId},
99                     {"AssignedPrivileges", std::move(privArray)}};
100             });
101 }
102 
103 inline void requestRoutesRoleCollection(App& app)
104 {
105     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
106         .privileges(redfish::privileges::getRoleCollection)
107         .methods(boost::beast::http::verb::get)(
108             [](const crow::Request&,
109                const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
110                 asyncResp->res.jsonValue = {
111                     {"@odata.id", "/redfish/v1/AccountService/Roles"},
112                     {"@odata.type", "#RoleCollection.RoleCollection"},
113                     {"Name", "Roles Collection"},
114                     {"Description", "BMC User Roles"}};
115 
116                 crow::connections::systemBus->async_method_call(
117                     [asyncResp](
118                         const boost::system::error_code ec,
119                         const std::variant<std::vector<std::string>>& resp) {
120                         if (ec)
121                         {
122                             messages::internalError(asyncResp->res);
123                             return;
124                         }
125                         nlohmann::json& memberArray =
126                             asyncResp->res.jsonValue["Members"];
127                         memberArray = nlohmann::json::array();
128                         const std::vector<std::string>* privList =
129                             std::get_if<std::vector<std::string>>(&resp);
130                         if (privList == nullptr)
131                         {
132                             messages::internalError(asyncResp->res);
133                             return;
134                         }
135                         for (const std::string& priv : *privList)
136                         {
137                             std::string role = getRoleFromPrivileges(priv);
138                             if (!role.empty())
139                             {
140                                 memberArray.push_back(
141                                     {{"@odata.id",
142                                       "/redfish/v1/AccountService/Roles/" +
143                                           role}});
144                             }
145                         }
146                         asyncResp->res.jsonValue["Members@odata.count"] =
147                             memberArray.size();
148                     },
149                     "xyz.openbmc_project.User.Manager",
150                     "/xyz/openbmc_project/user",
151                     "org.freedesktop.DBus.Properties", "Get",
152                     "xyz.openbmc_project.User.Manager", "AllPrivileges");
153             });
154 }
155 
156 } // namespace redfish
157