xref: /openbmc/bmcweb/redfish-core/lib/roles.hpp (revision dfa3fdc3) 
1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16 #pragma once
17 
18 #include <app.hpp>
19 #include <dbus_utility.hpp>
20 #include <query.hpp>
21 #include <registries/privilege_registry.hpp>
22 #include <sdbusplus/asio/property.hpp>
23 
24 #include <variant>
25 namespace redfish
26 {
27 
28 inline std::string getRoleFromPrivileges(std::string_view priv)
29 {
30     if (priv == "priv-admin")
31     {
32         return "Administrator";
33     }
34     if (priv == "priv-user")
35     {
36         return "ReadOnly";
37     }
38     if (priv == "priv-operator")
39     {
40         return "Operator";
41     }
42     return "";
43 }
44 
45 inline bool getAssignedPrivFromRole(std::string_view role,
46                                     nlohmann::json& privArray)
47 {
48     if (role == "Administrator")
49     {
50         privArray = {"Login", "ConfigureManager", "ConfigureUsers",
51                      "ConfigureSelf", "ConfigureComponents"};
52     }
53     else if (role == "Operator")
54     {
55         privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
56     }
57     else if (role == "ReadOnly")
58     {
59         privArray = {"Login", "ConfigureSelf"};
60     }
61     else
62     {
63         return false;
64     }
65     return true;
66 }
67 
68 inline void requestRoutesRoles(App& app)
69 {
70     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
71         .privileges(redfish::privileges::getRole)
72         .methods(boost::beast::http::verb::get)(
73             [&app](const crow::Request& req,
74                    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
75                    const std::string& roleId) {
76         if (!redfish::setUpRedfishRoute(app, req, asyncResp))
77         {
78             return;
79         }
80         nlohmann::json privArray = nlohmann::json::array();
81         if (!getAssignedPrivFromRole(roleId, privArray))
82         {
83             messages::resourceNotFound(asyncResp->res, "Role", roleId);
84 
85             return;
86         }
87 
88         asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
89         asyncResp->res.jsonValue["Name"] = "User Role";
90         asyncResp->res.jsonValue["Description"] = roleId + " User Role";
91         asyncResp->res.jsonValue["OemPrivileges"] = nlohmann::json::array();
92         asyncResp->res.jsonValue["IsPredefined"] = true;
93         asyncResp->res.jsonValue["Id"] = roleId;
94         asyncResp->res.jsonValue["RoleId"] = roleId;
95         asyncResp->res.jsonValue["@odata.id"] =
96             "/redfish/v1/AccountService/Roles/" + roleId;
97         asyncResp->res.jsonValue["AssignedPrivileges"] = std::move(privArray);
98         });
99 }
100 
101 inline void requestRoutesRoleCollection(App& app)
102 {
103     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
104         .privileges(redfish::privileges::getRoleCollection)
105         .methods(boost::beast::http::verb::get)(
106             [&app](const crow::Request& req,
107                    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) {
108         if (!redfish::setUpRedfishRoute(app, req, asyncResp))
109         {
110             return;
111         }
112 
113         asyncResp->res.jsonValue["@odata.id"] =
114             "/redfish/v1/AccountService/Roles";
115         asyncResp->res.jsonValue["@odata.type"] =
116             "#RoleCollection.RoleCollection";
117         asyncResp->res.jsonValue["Name"] = "Roles Collection";
118         asyncResp->res.jsonValue["Description"] = "BMC User Roles";
119 
120         sdbusplus::asio::getProperty<std::vector<std::string>>(
121             *crow::connections::systemBus, "xyz.openbmc_project.User.Manager",
122             "/xyz/openbmc_project/user", "xyz.openbmc_project.User.Manager",
123             "AllPrivileges",
124             [asyncResp](const boost::system::error_code ec,
125                         const std::vector<std::string>& privList) {
126             if (ec)
127             {
128                 messages::internalError(asyncResp->res);
129                 return;
130             }
131             nlohmann::json& memberArray = asyncResp->res.jsonValue["Members"];
132             memberArray = nlohmann::json::array();
133             for (const std::string& priv : privList)
134             {
135                 std::string role = getRoleFromPrivileges(priv);
136                 if (!role.empty())
137                 {
138                     nlohmann::json::object_t member;
139                     member["@odata.id"] =
140                         "/redfish/v1/AccountService/Roles/" + role;
141                     memberArray.push_back(std::move(member));
142                 }
143             }
144             asyncResp->res.jsonValue["Members@odata.count"] =
145                 memberArray.size();
146             });
147         });
148 }
149 
150 } // namespace redfish
151