Redfish(Authorization): Map the user role with the Redfish privileges

This commit gets the role of the user from the session object and
map it with the redfish privileges and then allow/reject the asked
operation depending on the userprivileges and the entity privileges.

Change-Id: I40be06c28e80b47fe76891cacf863f8495bace88
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>

1 files changed, 23 insertions, 0 deletions

diff --git a/redfish-core/include/privileges.hpp b/redfish-core/include/privileges.hpp
index ca44551..ec6e6a5 100644
--- a/redfish-core/include/privileges.hpp
+++ b/redfish-core/include/privileges.hpp
@@ -177,6 +177,29 @@ class Privileges
     std::bitset<maxPrivilegeCount> privilegeBitset = 0;
 };
 
+inline const Privileges& getUserPrivileges(const std::string& userRole)
+{
+    // Redfish privilege : Administrator
+    if (userRole == "priv-admin")
+    {
+        static Privileges admin{"Login", "ConfigureManager", "ConfigureSelf",
+                                "ConfigureUsers", "ConfigureComponents"};
+        return admin;
+    }
+    else if (userRole == "priv-operator")
+    {
+        // Redfish privilege : Operator
+        static Privileges op{"Login", "ConfigureSelf", "ConfigureComponents"};
+        return op;
+    }
+    else
+    {
+        // Redfish privilege : Readonly
+        static Privileges readOnly{"Login", "ConfigureSelf"};
+        return readOnly;
+    }
+}
+
 using OperationMap = boost::container::flat_map<boost::beast::http::verb,
                                                 std::vector<Privileges>>;