Why allow empty privilege? #13
Description
In the excerpt from
phosphor-user-manager/user_mgr.cpp
Line 273 in b01e2fe
void UserMgr::throwForInvalidPrivilege(const std::string& priv)
{
if (!priv.empty() &&
(std::find(privMgr.begin(), privMgr.end(), priv) == privMgr.end()))
{ ...snip... }
}
Why is the empty privilege allowed? Is this related to the priv-noaccess (BMCWeb's NoAccess role)? Can this be removed?
It seems like the caller should be qreuied to specify a valid (nonempty) privilege role (per https://github.com/openbmc/docs/blob/master/architecture/user-management.md#supported-privilege-roles).