diff options
author | jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> | 2020-04-08 14:09:10 +0300 |
---|---|---|
committer | Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> | 2020-04-22 07:53:54 +0300 |
commit | 96200606ab8a2a8de9f007f9e06cd748b134e2c5 (patch) | |
tree | 30f66be731e0d4da8cd85d17b0583810a9170fcc /redfish-core/lib/account_service.hpp | |
parent | bd030d0a6796bf5c9e2db2ae7e2bcade5979516c (diff) | |
download | bmcweb-96200606ab8a2a8de9f007f9e06cd748b134e2c5.tar.xz |
Redfish: Support NoAccess user creation
Support NoAccess privilege user creation from Redfish
Tested:
1. Verified redfish validator passed
2. Create NoAccess user from Redfish
POST: https://<BMC-IP>/redfish/v1/AccountService/Accounts/
Body:
{
"UserName": "user2",
"RoleId": "NoAccess",
"Password": "asdf1234"
}
Response:
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_0_0.Message",
"Message": "The resource has been created successfully",
"MessageArgs": [],
"MessageId": "Base.1.4.0.Created",
"Resolution": "None",
"Severity": "OK"
}
]
}
3. Create NoAccess user with empty privilege
POST: https://<BMC-IP>/redfish/v1/AccountService/Accounts/
Body:
{
"UserName": "user3",
"RoleId": "",
"Password": "asdf1234"
}
Response:
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_0_0.Message",
"Message": "The resource has been created successfully",
"MessageArgs": [],
"MessageId": "Base.1.4.0.Created",
"Resolution": "None",
"Severity": "OK"
}
]
}
4. Verified Patch, by updating the "NoAccess" RoleId to "Operator"
5. Verified Patch, by updating the "" RoleId to "ReadOnly"
6. Display user list
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 root false true true ADMINISTRATOR
2 user2 false true true NO ACCESS
3 user3 false true true NO ACCESS
4 user4 false true true USER
5 user5 false true true OPERATOR
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ied8bd452d1a57409bfdbe231332986d36bd07c72
Diffstat (limited to 'redfish-core/lib/account_service.hpp')
-rw-r--r-- | redfish-core/lib/account_service.hpp | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp index 9f989911c9..c7119832d6 100644 --- a/redfish-core/lib/account_service.hpp +++ b/redfish-core/lib/account_service.hpp @@ -109,7 +109,7 @@ inline std::string getPrivilegeFromRoleId(std::string_view role) { return "priv-operator"; } - else if (role == "NoAccess") + else if ((role == "NoAccess") || (role == "")) { return "priv-noaccess"; } @@ -1417,7 +1417,18 @@ class AccountsCollection : public Node messages::propertyValueNotInList(asyncResp->res, *roleId, "RoleId"); return; } - roleId = priv; + // TODO: Following override will be reverted once support in + // phosphor-user-manager is added. In order to avoid dependency issues, + // this is added in bmcweb, which will removed, once + // phosphor-user-manager supports priv-noaccess. + if (priv == "priv-noaccess") + { + roleId = ""; + } + else + { + roleId = priv; + } // Reading AllGroups property crow::connections::systemBus->async_method_call( @@ -1804,6 +1815,10 @@ class ManagerAccount : public Node *roleId, "RoleId"); return; } + if (priv == "priv-noaccess") + { + priv = ""; + } crow::connections::systemBus->async_method_call( [asyncResp](const boost::system::error_code ec) { |