In the excerpt from https://github.com/openbmc/phosphor-user-manager/blob/b01e2fe760eb04ae9d0d13716a127056949e2601/user_mgr.cpp#L273 ``` void UserMgr::throwForInvalidPrivilege(const std::string& priv) { if (!priv.empty() && (std::find(privMgr.begin(), privMgr.end(), priv) == privMgr.end())) { ...snip... } } ``` Why is the empty privilege allowed? Is this related to the priv-noaccess (BMCWeb's NoAccess role)? Can this be removed? It seems like the caller should be qreuied to specify a valid (nonempty) privilege role (per https://github.com/openbmc/docs/blob/master/architecture/user-management.md#supported-privilege-roles).
In the excerpt from
phosphor-user-manager/user_mgr.cpp
Line 273 in b01e2fe
Why is the empty privilege allowed? Is this related to the priv-noaccess (BMCWeb's NoAccess role)? Can this be removed?
It seems like the caller should be qreuied to specify a valid (nonempty) privilege role (per https://github.com/openbmc/docs/blob/master/architecture/user-management.md#supported-privilege-roles).