diff options
| author | James Feist <james.feist@linux.intel.com> | 2019-12-10 16:52:14 +0000 |
|---|---|---|
| committer | James Feist <james.feist@linux.intel.com> | 2019-12-10 17:22:47 +0000 |
| commit | 7166bf0fd7453f2b5d6bfb3afbdad5eb00f74990 (patch) | |
| tree | a75ffbf37684d15df4dd01b8a1cc3a28f1495a55 /http | |
| parent | 4dcc3f92c8725e2424c7792908c44311e484a429 (diff) | |
| download | bmcweb-7166bf0fd7453f2b5d6bfb3afbdad5eb00f74990.tar.gz bmcweb-7166bf0fd7453f2b5d6bfb3afbdad5eb00f74990.zip | |
Revert "Fix authorization for LDAP users"
This reverts commit 5e931ae994307babe6c3520cbaca6a7139acc81d.
Reason for revert: Causing build failures
/bmcweb/redfish-core/include/node.hpp: In member function ‘bool redfish::Node::isAllowedWithoutConfigureSelf(const crow::Request&)’:
/bmcweb/redfish-core/include/node.hpp:182:36: error: ‘crow::persistent_data::UserRoleMap’ has not been declared
crow::persistent_data::UserRoleMap::getInstance().getUserRole(
When 900f949773795141266271107219ea019f2839cd was merged first
this patch was not successfully rebased.
Change-Id: I947d96362c7dadea5572888468a11fac5ee361d4
Signed-off-by: James Feist <james.feist@linux.intel.com>
Diffstat (limited to 'http')
| -rw-r--r-- | http/routing.h | 85 |
1 files changed, 37 insertions, 48 deletions
diff --git a/http/routing.h b/http/routing.h index 0929286..7846924 100644 --- a/http/routing.h +++ b/http/routing.h @@ -1250,59 +1250,48 @@ class Router << static_cast<uint32_t>(req.method()) << " / " << rules[ruleIndex]->getMethods(); - if (req.session == nullptr) + redfish::Privileges userPrivileges; + if (req.session != nullptr) { - rules[ruleIndex]->handle(req, res, found.second); - return; - } - - crow::connections::systemBus->async_method_call( - [&req, &res, &rules, ruleIndex, found]( - const boost::system::error_code ec, - std::map<std::string, std::variant<bool, std::string, - std::vector<std::string>>> - userInfo) { - if (ec) - { - BMCWEB_LOG_ERROR << "GetUserInfo failed..."; - res.result( - boost::beast::http::status::internal_server_error); - res.end(); - return; - } - - const std::string* userRolePtr = nullptr; - auto userInfoIter = userInfo.find("UserPrivilege"); - if (userInfoIter != userInfo.end()) - { - userRolePtr = - std::get_if<std::string>(&userInfoIter->second); - } + // Get the user role from the session. + const std::string& userRole = + persistent_data::UserRoleMap::getInstance().getUserRole( + req.session->username); - std::string userRole{}; - if (userRolePtr != nullptr) - { - userRole = *userRolePtr; - BMCWEB_LOG_DEBUG << "userName = " << req.session->username - << " userRole = " << *userRolePtr; - } + BMCWEB_LOG_DEBUG << "USER ROLE=" << userRole; - // Get the user privileges from the role - redfish::Privileges userPrivileges = - redfish::getUserPrivileges(userRole); + // Get the user privileges from the role + userPrivileges = redfish::getUserPrivileges(userRole); + } - if (!rules[ruleIndex]->checkPrivileges(userPrivileges)) - { - res.result(boost::beast::http::status::forbidden); - res.end(); - return; - } + if (!rules[ruleIndex]->checkPrivileges(userPrivileges)) + { + res.result(boost::beast::http::status::forbidden); + res.end(); + return; + } - rules[ruleIndex]->handle(req, res, found.second); - }, - "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", - "xyz.openbmc_project.User.Manager", "GetUserInfo", - req.session->username); + // any uncaught exceptions become 500s + try + { + rules[ruleIndex]->handle(req, res, found.second); + } + catch (std::exception& e) + { + BMCWEB_LOG_ERROR << "An uncaught exception occurred: " << e.what(); + res.result(boost::beast::http::status::internal_server_error); + res.end(); + return; + } + catch (...) + { + BMCWEB_LOG_ERROR + << "An uncaught exception occurred. The type was unknown " + "so no information was available."; + res.result(boost::beast::http::status::internal_server_error); + res.end(); + return; + } } void debugPrint() |
