redfish-core/lib/roles.hpp - gbmcweb - Git at Google

 /*
 // Copyright (c) 2018 Intel Corporation
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 */
 #pragma once

 #include "app.hpp"
 #include "dbus_utility.hpp"
 #include "error_messages.hpp"
 #include "managed_store_types.hpp"
 #include "query.hpp"
 #include "registries/privilege_registry.hpp"

 #include <sdbusplus/asio/property.hpp>

 #include <variant>
 namespace redfish
 {

 inline std::string getRoleFromPrivileges(std::string_view priv)
 {
     if (priv == "priv-admin")
     {
         return "Administrator";
     }
     if (priv == "priv-user")
     {
         return "ReadOnly";
     }
     if (priv == "priv-operator")
     {
         return "Operator";
     }
     return "";
 }

 inline bool getAssignedPrivFromRole(std::string_view role,
                                     nlohmann::json& privArray)
 {
     if (role == "Administrator")
     {
         privArray = {"Login", "ConfigureManager", "ConfigureUsers",
                      "ConfigureSelf", "ConfigureComponents"};
     }
     else if (role == "Operator")
     {
         privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
     }
     else if (role == "ReadOnly")
     {
         privArray = {"Login", "ConfigureSelf"};
     }
     else
     {
         return false;
     }
     return true;
 }

 inline void handleRolesGet(App& app, const crow::Request& req,
                            const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
                            const std::string& roleId)
 {
     if (!redfish::setUpRedfishRoute(app, req, asyncResp))
     {
         return;
     }
     nlohmann::json privArray = nlohmann::json::array();
     if (!getAssignedPrivFromRole(roleId, privArray))
     {
         messages::resourceNotFound(asyncResp->res, "Role", roleId);

         return;
     }

     asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
     asyncResp->res.jsonValue["Name"] = "User Role";
     asyncResp->res.jsonValue["Description"] = roleId + " User Role";
     asyncResp->res.jsonValue["OemPrivileges"] = nlohmann::json::array();
     asyncResp->res.jsonValue["IsPredefined"] = true;
     asyncResp->res.jsonValue["Id"] = roleId;
     asyncResp->res.jsonValue["RoleId"] = roleId;
     asyncResp->res.jsonValue["@odata.id"] = crow::utility::urlFromPieces(
         "redfish", "v1", "AccountService", "Roles", roleId);
     asyncResp->res.jsonValue["AssignedPrivileges"] = std::move(privArray);
 }

 inline void requestRoutesRoles(App& app)
 {
     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
         .privileges(redfish::privileges::getRole)
         .methods(boost::beast::http::verb::get)(
             std::bind_front(handleRolesGet, std::ref(app)));
 }

 inline void
     handleRoleCollectionGet(App& app, const crow::Request& req,
                             const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
 {
     if (!redfish::setUpRedfishRoute(app, req, asyncResp))
     {
         return;
     }

     asyncResp->res.jsonValue["@odata.id"] = "/redfish/v1/AccountService/Roles";
     asyncResp->res.jsonValue["@odata.type"] = "#RoleCollection.RoleCollection";
     asyncResp->res.jsonValue["Name"] = "Roles Collection";
     asyncResp->res.jsonValue["Description"] = "BMC User Roles";

     managedStore::ManagedObjectStoreContext requestContext(asyncResp);
     dbus_utils::getProperty<std::vector<std::string>>(
         "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
         "xyz.openbmc_project.User.Manager", "AllPrivileges", requestContext,
         [asyncResp](const boost::system::error_code& ec,
                     const std::vector<std::string>& privList) {
         if (ec)
         {
             messages::internalError(asyncResp->res);
             return;
         }
         nlohmann::json& memberArray = asyncResp->res.jsonValue["Members"];
         memberArray = nlohmann::json::array();
         for (const std::string& priv : privList)
         {
             std::string role = getRoleFromPrivileges(priv);
             if (!role.empty())
             {
                 nlohmann::json::object_t member;
                 member["@odata.id"] = crow::utility::urlFromPieces(
                     "redfish", "v1", "AccountService", "Roles", role);
                 memberArray.push_back(std::move(member));
             }
         }
         asyncResp->res.jsonValue["Members@odata.count"] = memberArray.size();
     });
 }

 inline void requestRoutesRoleCollection(App& app)
 {
     BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
         .privileges(redfish::privileges::getRoleCollection)
         .methods(boost::beast::http::verb::get)(
             std::bind_front(handleRoleCollectionGet, std::ref(app)));
 }

 } // namespace redfish
	/*
	// Copyright (c) 2018 Intel Corporation
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	*/
	#pragma once

	#include "app.hpp"
	#include "dbus_utility.hpp"
	#include "error_messages.hpp"
	#include "managed_store_types.hpp"
	#include "query.hpp"
	#include "registries/privilege_registry.hpp"

	#include <sdbusplus/asio/property.hpp>

	#include <variant>
	namespace redfish
	{

	inline std::string getRoleFromPrivileges(std::string_view priv)
	{
	if (priv == "priv-admin")
	{
	return "Administrator";
	}
	if (priv == "priv-user")
	{
	return "ReadOnly";
	}
	if (priv == "priv-operator")
	{
	return "Operator";
	}
	return "";
	}

	inline bool getAssignedPrivFromRole(std::string_view role,
	nlohmann::json& privArray)
	{
	if (role == "Administrator")
	{
	privArray = {"Login", "ConfigureManager", "ConfigureUsers",
	"ConfigureSelf", "ConfigureComponents"};
	}
	else if (role == "Operator")
	{
	privArray = {"Login", "ConfigureSelf", "ConfigureComponents"};
	}
	else if (role == "ReadOnly")
	{
	privArray = {"Login", "ConfigureSelf"};
	}
	else
	{
	return false;
	}
	return true;
	}

	inline void handleRolesGet(App& app, const crow::Request& req,
	const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
	const std::string& roleId)
	{
	if (!redfish::setUpRedfishRoute(app, req, asyncResp))
	{
	return;
	}
	nlohmann::json privArray = nlohmann::json::array();
	if (!getAssignedPrivFromRole(roleId, privArray))
	{
	messages::resourceNotFound(asyncResp->res, "Role", roleId);

	return;
	}

	asyncResp->res.jsonValue["@odata.type"] = "#Role.v1_2_2.Role";
	asyncResp->res.jsonValue["Name"] = "User Role";
	asyncResp->res.jsonValue["Description"] = roleId + " User Role";
	asyncResp->res.jsonValue["OemPrivileges"] = nlohmann::json::array();
	asyncResp->res.jsonValue["IsPredefined"] = true;
	asyncResp->res.jsonValue["Id"] = roleId;
	asyncResp->res.jsonValue["RoleId"] = roleId;
	asyncResp->res.jsonValue["@odata.id"] = crow::utility::urlFromPieces(
	"redfish", "v1", "AccountService", "Roles", roleId);
	asyncResp->res.jsonValue["AssignedPrivileges"] = std::move(privArray);
	}

	inline void requestRoutesRoles(App& app)
	{
	BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/<str>/")
	.privileges(redfish::privileges::getRole)
	.methods(boost::beast::http::verb::get)(
	std::bind_front(handleRolesGet, std::ref(app)));
	}

	inline void
	handleRoleCollectionGet(App& app, const crow::Request& req,
	const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
	{
	if (!redfish::setUpRedfishRoute(app, req, asyncResp))
	{
	return;
	}

	asyncResp->res.jsonValue["@odata.id"] = "/redfish/v1/AccountService/Roles";
	asyncResp->res.jsonValue["@odata.type"] = "#RoleCollection.RoleCollection";
	asyncResp->res.jsonValue["Name"] = "Roles Collection";
	asyncResp->res.jsonValue["Description"] = "BMC User Roles";

	managedStore::ManagedObjectStoreContext requestContext(asyncResp);
	dbus_utils::getProperty<std::vector<std::string>>(
	"xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
	"xyz.openbmc_project.User.Manager", "AllPrivileges", requestContext,
	[asyncResp](const boost::system::error_code& ec,
	const std::vector<std::string>& privList) {
	if (ec)
	{
	messages::internalError(asyncResp->res);
	return;
	}
	nlohmann::json& memberArray = asyncResp->res.jsonValue["Members"];
	memberArray = nlohmann::json::array();
	for (const std::string& priv : privList)
	{
	std::string role = getRoleFromPrivileges(priv);
	if (!role.empty())
	{
	nlohmann::json::object_t member;
	member["@odata.id"] = crow::utility::urlFromPieces(
	"redfish", "v1", "AccountService", "Roles", role);
	memberArray.push_back(std::move(member));
	}
	}
	asyncResp->res.jsonValue["Members@odata.count"] = memberArray.size();
	});
	}

	inline void requestRoutesRoleCollection(App& app)
	{
	BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Roles/")
	.privileges(redfish::privileges::getRoleCollection)
	.methods(boost::beast::http::verb::get)(
	std::bind_front(handleRoleCollectionGet, std::ref(app)));
	}

	} // namespace redfish