diff options
| author | jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> | 2019-12-05 23:29:13 +0000 |
|---|---|---|
| committer | mutyalax.jayaprakash <mutyalax.jayaprakash@intel.com> | 2019-12-06 17:42:39 +0000 |
| commit | d7e080295f1f3c2517a440e3911600cec0c190fa (patch) | |
| tree | 2444c07a1a80fc26047219060039c6e7f26dbe10 | |
| parent | a78d3e618eb919a62731c54223e7851a912c9450 (diff) | |
| download | bmcweb-d7e080295f1f3c2517a440e3911600cec0c190fa.tar.gz bmcweb-d7e080295f1f3c2517a440e3911600cec0c190fa.zip | |
privileges: Added noAccess privilege check
Issue: NoAccess user able to get the Systems/system in Redfish
Fix: Added privilege check for NoAccess
Tested:
1. Verified redfish validator passed
2. Verified NoAccess privilege user on Redfish for /Systems/system url
GET: https://<BMC IP>/redfish/v1/Systems/system
Result: Status is 403 Forbidden
Body log: Forbidden
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ib0ccb3382a9c33608ef354f1e545c328aec40179
| -rw-r--r-- | redfish-core/include/privileges.hpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/redfish-core/include/privileges.hpp b/redfish-core/include/privileges.hpp index 61253b8..423f95b 100644 --- a/redfish-core/include/privileges.hpp +++ b/redfish-core/include/privileges.hpp @@ -192,12 +192,18 @@ inline const Privileges& getUserPrivileges(const std::string& userRole) static Privileges op{"Login", "ConfigureSelf", "ConfigureComponents"}; return op; } - else + else if (userRole == "priv-user") { // Redfish privilege : Readonly static Privileges readOnly{"Login", "ConfigureSelf"}; return readOnly; } + else + { + // Redfish privilege : NoAccess + static Privileges noaccess; + return noaccess; + } } using OperationMap = boost::container::flat_map<boost::beast::http::verb, |
