1 /* 2 // Copyright (c) 2018 Intel Corporation 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 */ 16 #pragma once 17 18 #include "node.hpp" 19 20 #include <variant> 21 22 namespace redfish 23 { 24 25 inline std::string getRoleFromPrivileges(std::string_view priv) 26 { 27 if (priv == "priv-admin") 28 { 29 return "Administrator"; 30 } 31 else if (priv == "priv-callback") 32 { 33 return "Callback"; 34 } 35 else if (priv == "priv-user") 36 { 37 return "User"; 38 } 39 else if (priv == "priv-operator") 40 { 41 return "Operator"; 42 } 43 return ""; 44 } 45 46 inline bool getAssignedPrivFromRole(std::string_view role, 47 nlohmann::json& privArray) 48 { 49 if (role == "Administrator") 50 { 51 privArray = {"Login", "ConfigureManager", "ConfigureUsers", 52 "ConfigureSelf", "ConfigureComponents"}; 53 } 54 else if (role == "Operator") 55 { 56 privArray = {"Login", "ConfigureSelf", "ConfigureComponents"}; 57 } 58 else if (role == "User") 59 { 60 privArray = {"Login", "ConfigureSelf"}; 61 } 62 else if (role == "Callback") 63 { 64 privArray = {"Login"}; 65 } 66 else 67 { 68 return false; 69 } 70 return true; 71 } 72 73 class Roles : public Node 74 { 75 public: 76 Roles(CrowApp& app) : 77 Node(app, "/redfish/v1/AccountService/Roles/<str>/", std::string()) 78 { 79 entityPrivileges = { 80 {boost::beast::http::verb::get, {{"Login"}}}, 81 {boost::beast::http::verb::head, {{"Login"}}}, 82 {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, 83 {boost::beast::http::verb::put, {{"ConfigureManager"}}}, 84 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, 85 {boost::beast::http::verb::post, {{"ConfigureManager"}}}}; 86 } 87 88 private: 89 void doGet(crow::Response& res, const crow::Request& req, 90 const std::vector<std::string>& params) override 91 { 92 if (params.size() != 1) 93 { 94 messages::internalError(res); 95 res.end(); 96 return; 97 } 98 const std::string& roleId = params[0]; 99 nlohmann::json privArray = nlohmann::json::array(); 100 if (false == getAssignedPrivFromRole(roleId, privArray)) 101 { 102 messages::resourceNotFound(res, "Role", roleId); 103 res.end(); 104 return; 105 } 106 107 res.jsonValue = { 108 {"@odata.type", "#Role.v1_2_2.Role"}, 109 {"@odata.context", "/redfish/v1/$metadata#Role.Role"}, 110 {"Name", "User Role"}, 111 {"Description", roleId + " User Role"}, 112 {"OemPrivileges", nlohmann::json::array()}, 113 {"IsPredefined", true}, 114 {"Id", roleId}, 115 {"RoleId", roleId}, 116 {"@odata.id", "/redfish/v1/AccountService/Roles/" + roleId}, 117 {"AssignedPrivileges", std::move(privArray)}}; 118 res.end(); 119 } 120 }; 121 122 class RoleCollection : public Node 123 { 124 public: 125 RoleCollection(CrowApp& app) : 126 Node(app, "/redfish/v1/AccountService/Roles/") 127 { 128 entityPrivileges = { 129 {boost::beast::http::verb::get, {{"Login"}}}, 130 {boost::beast::http::verb::head, {{"Login"}}}, 131 {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, 132 {boost::beast::http::verb::put, {{"ConfigureManager"}}}, 133 {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, 134 {boost::beast::http::verb::post, {{"ConfigureManager"}}}}; 135 } 136 137 private: 138 void doGet(crow::Response& res, const crow::Request& req, 139 const std::vector<std::string>& params) override 140 { 141 auto asyncResp = std::make_shared<AsyncResp>(res); 142 res.jsonValue = {{"@odata.context", 143 "/redfish/v1/" 144 "$metadata#RoleCollection.RoleCollection"}, 145 {"@odata.id", "/redfish/v1/AccountService/Roles"}, 146 {"@odata.type", "#RoleCollection.RoleCollection"}, 147 {"Name", "Roles Collection"}, 148 {"Description", "BMC User Roles"}}; 149 150 crow::connections::systemBus->async_method_call( 151 [asyncResp](const boost::system::error_code ec, 152 const std::variant<std::vector<std::string>>& resp) { 153 if (ec) 154 { 155 messages::internalError(asyncResp->res); 156 return; 157 } 158 nlohmann::json& memberArray = 159 asyncResp->res.jsonValue["Members"]; 160 memberArray = nlohmann::json::array(); 161 const std::vector<std::string>* privList = 162 std::get_if<std::vector<std::string>>(&resp); 163 if (privList == nullptr) 164 { 165 messages::internalError(asyncResp->res); 166 return; 167 } 168 for (const std::string& priv : *privList) 169 { 170 std::string role = getRoleFromPrivileges(priv); 171 if (!role.empty()) 172 { 173 memberArray.push_back( 174 {{"@odata.id", 175 "/redfish/v1/AccountService/Roles/" + role}}); 176 } 177 } 178 asyncResp->res.jsonValue["Members@odata.count"] = 179 memberArray.size(); 180 }, 181 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 182 "org.freedesktop.DBus.Properties", "Get", 183 "xyz.openbmc_project.User.Manager", "AllPrivileges"); 184 } 185 }; 186 187 } // namespace redfish 188