Extend IPMI privilege to redfish role

The XCC conservatively holds back administrator from IPMI
access.  If an IPMI request comes in, add
a corresponding redfish to make
the user actually have the requested role.

Change-Id: I4c360388fa487256df382f0f4afc74cd1d1f69a1

pyghmi/ipmi/oem/lenovo/handler.py

@@ -1316,6 +1316,10 @@ class OEMHandler(generic.OEMHandler):
             return True
         return False
 
+    def set_user_access(self, uid, channel, callback, link_auth, ipmi_msg, privilege_level):
+        if self.has_xcc:
+            self.immhandler.set_user_access(uid, privilege_level)
+
     def process_zero_fru(self, zerofru):
         if (self.oemid['manufacturer_id'] == 19046
                 and self.oemid['product_id'] == 13616):

pyghmi/ipmi/oem/lenovo/imm.py

@@ -883,6 +883,20 @@ class XCCClient(IMMClient):
         self.ipmicmd.ipmi_session.register_keepalive(self.keepalive, None)
         self.adp_referer = None
 
+    def set_user_access(self, uid, privilege_level):
+        uid = uid - 1
+        role = None
+        if privilege_level == 'administrator':
+            role = 'Administrator'
+        elif privilege_level == 'operator':
+            role = 'Operator'
+        elif privileg_level == 'user':
+            role = 'ReadOnly'
+        if role:
+            self.grab_redfish_response_with_status(
+                '/redfish/v1/AccountService/Accounts/{0}'.format(uid),
+                {'RoleId': role}, method='PATCH')
+
     def reseat(self):
         rsp = self.wc.grab_json_response_with_status(
             '/api/providers/virt_reseat', '{}')