xref: /openbmc/bmcweb/redfish-core/lib/roles.hpp (revision a8d8f9d8) 
1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16 #pragma once
17 
18 #include "app.hpp"
19 #include "dbus_utility.hpp"
20 #include "query.hpp"
21 #include "registries/privilege_registry.hpp"
22 
23 #include <sdbusplus/asio/property.hpp>
24 
25 #include <variant>
26 namespace redfish
27 {
28 
29 inline std::string getRoleFromPrivileges(std::string_view priv)
30 {
31     if (priv == "priv-admin")
32     {
33         return "Administrator";
34     }
35     if (priv == "priv-user")
36     {
37         return "ReadOnly";
38     }
39     if (priv == "priv-operator")
40     {
41         return "Operator";
42     }
43     return "";
44 }
45 
46 inline bool getAssignedPrivFromRole(std::string_view role,
47                                     nlohmann::json& privArray)
48 {
49     if (role == "Administrator")
50     {
51         privArray = {"Login", "ConfigureManager", "ConfigureUsers",
52                      "ConfigureSelf", "ConfigureComponents"};
53     }
54     else if (role == "Operator")
55     {
56         privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
57     }
58     else if (role == "ReadOnly")
59     {
60         privArray = {"Login", "ConfigureSelf"};
61     }
62     else
63     {
64         return false;
65     }
66     return true;
67 }
68 
69 inline void requestRoutesRoles(App& app)
70 {
71     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
72         .privileges(redfish::privileges::getRole)
73         .methods(boost::beast::http::verb::get)(
74             [&app](const crow::Request& req,
75                    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
76                    const std::string& roleId) {
77         if (!redfish::setUpRedfishRoute(app, req, asyncResp))
78         {
79             return;
80         }
81         nlohmann::json privArray = nlohmann::json::array();
82         if (!getAssignedPrivFromRole(roleId, privArray))
83         {
84             messages::resourceNotFound(asyncResp->res, "Role", roleId);
85 
86             return;
87         }
88 
89         asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
90         asyncResp->res.jsonValue["Name"] = "User Role";
91         asyncResp->res.jsonValue["Description"] = roleId + " User Role";
92         asyncResp->res.jsonValue["OemPrivileges"] = nlohmann::json::array();
93         asyncResp->res.jsonValue["IsPredefined"] = true;
94         asyncResp->res.jsonValue["Id"] = roleId;
95         asyncResp->res.jsonValue["RoleId"] = roleId;
96         asyncResp->res.jsonValue["@odata.id"] =
97             "/redfish/v1/AccountService/Roles/" + roleId;
98         asyncResp->res.jsonValue["AssignedPrivileges"] = std::move(privArray);
99         });
100 }
101 
102 inline void requestRoutesRoleCollection(App& app)
103 {
104     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
105         .privileges(redfish::privileges::getRoleCollection)
106         .methods(boost::beast::http::verb::get)(
107             [&app](const crow::Request& req,
108                    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
109         if (!redfish::setUpRedfishRoute(app, req, asyncResp))
110         {
111             return;
112         }
113 
114         asyncResp->res.jsonValue["@odata.id"] =
115             "/redfish/v1/AccountService/Roles";
116         asyncResp->res.jsonValue["@odata.type"] =
117             "#RoleCollection.RoleCollection";
118         asyncResp->res.jsonValue["Name"] = "Roles Collection";
119         asyncResp->res.jsonValue["Description"] = "BMC User Roles";
120 
121         sdbusplus::asio::getProperty<std::vector<std::string>>(
122             *crow::connections::systemBus, "xyz.openbmc_project.User.Manager",
123             "/xyz/openbmc_project/user", "xyz.openbmc_project.User.Manager",
124             "AllPrivileges",
125             [asyncResp](const boost::system::error_code ec,
126                         const std::vector<std::string>& privList) {
127             if (ec)
128             {
129                 messages::internalError(asyncResp->res);
130                 return;
131             }
132             nlohmann::json& memberArray = asyncResp->res.jsonValue["Members"];
133             memberArray = nlohmann::json::array();
134             for (const std::string& priv : privList)
135             {
136                 std::string role = getRoleFromPrivileges(priv);
137                 if (!role.empty())
138                 {
139                     nlohmann::json::object_t member;
140                     member["@odata.id"] =
141                         "/redfish/v1/AccountService/Roles/" + role;
142                     memberArray.push_back(std::move(member));
143                 }
144             }
145             asyncResp->res.jsonValue["Members@odata.count"] =
146                 memberArray.size();
147             });
148         });
149 }
150 
151 } // namespace redfish
152