From 27c10d2ee746b85e9463efb0fc6773c209b2f5ba Mon Sep 17 00:00:00 2001 From: jayaprakash Mutyala Date: Mon, 29 Jul 2019 11:59:08 +0000 Subject: account_service: Added NoAccess role to Redfish Issue: With IPMI command- If New user created, by defualt created with "NO ACCESS" Channel priv Limit. But same role is not populating from Redfish. This test can be done only with below patch being merged. https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-user-manager/ +/24784/ Tested: Added "NoAccess" Role to Redfish(if Channel privilege Limit is empty in userlist). Below is Snapshot from Redfish: Get: https:///redfish/v1/AccountService/Roles/NoAccess { "@odata.context": "/redfish/v1/$metadata#Role.Role", "@odata.id": "/redfish/v1/AccountService/Roles/NoAccess", "@odata.type": "#Role.v1_2_2.Role", "AssignedPrivileges": null, "Description": "NoAccess User Role", "Id": "NoAccess", "IsPredefined": true, "Name": "User Role", "OemPrivileges": [], "RoleId": "NoAccess" } Get: https:///redfish/v1/AccountService/Accounts/user6 { "@odata.context": "/redfish/v1/$metadata#ManagerAccount. ManagerAccount", "@odata.id": "/redfish/v1/AccountService/Accounts/user6", "@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount", "Description": "User Account", "Enabled": false, "Id": "user6", "Links": { "Role": { "@odata.id": "/redfish/v1/AccountService/Roles/NoAccess" } }, "Locked": false, "Locked@Redfish.AllowableValues": [ "false" ], "Name": "User Account", "Password": null, "RoleId": "NoAccess", "UserName": "user6" } Redfish validator test results: Counter({'skipOptional': 31791, 'pass': 22397, 'passGet': 2293, 'metadataNamespaces': 1047, 'warningPresent': 70, 'serviceNamespaces': 68, 'invalidPropertyValue': 67, 'err.LogEntry.v1_0_0.EventSeverity': 64, 'failProp': 64, 'repeat': 14, 'reflink': 9, 'passAction': 7, 'optionalAction': 6, 'failErrorPresent': 1, 'unverifiedComplexAdditional': 1, 'warnTrailingSlashLink': 1}) Validation has failed: 65 problems found Signed-off-by: jayaprakash Mutyala Change-Id: Ibc74e2fe4519ec6160dd516893d5e542feeabb0d --- redfish-core/lib/account_service.hpp | 8 ++++++++ redfish-core/lib/roles.hpp | 8 ++++++++ 2 files changed, 16 insertions(+) (limited to 'redfish-core') diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp index 0658f3ff3b..291a207d02 100644 --- a/redfish-core/lib/account_service.hpp +++ b/redfish-core/lib/account_service.hpp @@ -90,6 +90,10 @@ inline std::string getRoleIdFromPrivilege(std::string_view role) { return "Operator"; } + else if ((role == "") || (role == "priv-noaccess")) + { + return "NoAccess"; + } return ""; } inline std::string getPrivilegeFromRoleId(std::string_view role) @@ -110,6 +114,10 @@ inline std::string getPrivilegeFromRoleId(std::string_view role) { return "priv-operator"; } + else if (role == "NoAccess") + { + return "priv-noaccess"; + } return ""; } diff --git a/redfish-core/lib/roles.hpp b/redfish-core/lib/roles.hpp index d170a5c358..58b45775d7 100644 --- a/redfish-core/lib/roles.hpp +++ b/redfish-core/lib/roles.hpp @@ -40,6 +40,10 @@ inline std::string getRoleFromPrivileges(std::string_view priv) { return "Operator"; } + else if (priv == "priv-noaccess") + { + return "NoAccess"; + } return ""; } @@ -63,6 +67,10 @@ inline bool getAssignedPrivFromRole(std::string_view role, { privArray = {"Login"}; } + else if (role == "NoAccess") + { + privArray = {}; + } else { return false; -- cgit v1.2.3