From 5bd7ecdb880c9e1f2d34279df48d1c8f763c4b4f Mon Sep 17 00:00:00 2001 From: Bryan Ashby Date: Sat, 4 Aug 2018 11:49:44 -0600 Subject: [PATCH] Add menu-level ACS check --- core/acs.js | 15 +++++- core/menu_stack.js | 7 +++ core/show_art.js | 2 +- docs/configuration/acs.md | 2 +- docs/configuration/menu-hjson.md | 82 ++++++++++++++++++++++---------- 5 files changed, 80 insertions(+), 28 deletions(-) diff --git a/core/acs.js b/core/acs.js index 66f13a08..a86db329 100644 --- a/core/acs.js +++ b/core/acs.js @@ -51,6 +51,19 @@ class ACS { return this.check(area.acs, 'download', ACS.Defaults.FileAreaDownload); } + hasMenuModuleAccess(modInst) { + const acs = _.get(modInst, 'menuConfig.config.acs'); + if(!_.isString(acs)) { + return true; // no ACS check req. + } + try { + return checkAcs(acs, { client : this.client } ); + } catch(e) { + Log.warn( { exception : e, acs : acs }, 'Exception caught checking ACS'); + return false; + } + } + getConditionalValue(condArray, memberName) { if(!Array.isArray(condArray)) { // no cond array, just use the value @@ -68,7 +81,7 @@ class ACS { return false; } } else { - return true; // no acs check req. + return true; // no ACS check req. } }); diff --git a/core/menu_stack.js b/core/menu_stack.js index 5ab5a091..06b53d76 100644 --- a/core/menu_stack.js +++ b/core/menu_stack.js @@ -127,6 +127,13 @@ module.exports = class MenuStack { } else { self.client.log.debug( { menuName : name }, 'Goto menu module'); + if(!this.client.acs.hasMenuModuleAccess(modInst)) { + if(cb) { + return cb(Errors.AccessDenied('No access to this menu')); + } + return; + } + // // If menuFlags were supplied in menu.hjson, they should win over // anything supplied in code. diff --git a/core/show_art.js b/core/show_art.js index 1c7da1b6..bcd15d7b 100644 --- a/core/show_art.js +++ b/core/show_art.js @@ -116,7 +116,7 @@ exports.getModule = class ShowArtModule extends MenuModule { if(!area) { return cb(Errors.DoesNotExist(`No area by areaTag ${key} found`)); } - return cb(null); // :TODO: REM OVE ME + return cb(null); // :TODO: REMOVE ME --- currently NYI }); } diff --git a/docs/configuration/acs.md b/docs/configuration/acs.md index 3b7acbc0..eeab8e9c 100644 --- a/docs/configuration/acs.md +++ b/docs/configuration/acs.md @@ -61,6 +61,6 @@ The following touch points exist in the system. Many more are planned: * Message conferences and areas * File base areas -* Menus within `menu.hjson` +* Menus within `menu.hjson`. See [menu.hjson](menu-hjson.md). See the specific areas documentation for information on available ACS checks. diff --git a/docs/configuration/menu-hjson.md b/docs/configuration/menu-hjson.md index 3596e95a..58a06d5a 100644 --- a/docs/configuration/menu-hjson.md +++ b/docs/configuration/menu-hjson.md @@ -31,9 +31,9 @@ Let's look a couple basic menu entries: ```hjson telnetConnected: { - art: CONNECT - next: matrix - options: { nextTimeout: 1500 } + art: CONNECT + next: matrix + options: { nextTimeout: 1500 } } ``` @@ -54,38 +54,38 @@ Now let's look at `matrix`, the `next` entry from `telnetConnected`: ```hjson matrix: { - art: matrix - desc: Login Matrix - form: { + art: matrix + desc: Login Matrix + form: { 0: { - VM: { + VM: { mci: { - VM1: { + VM1: { submit: true focus: true items: [ "login", "apply", "log off" ] argName: matrixSubmit - } + } } submit: { - *: [ - { - value: { matrixSubmit: 0 } - action: @menu:login - } - { - value: { matrixSubmit: 1 }, - action: @menu:newUserApplication - } - { - value: { matrixSubmit: 2 }, - action: @menu:logoff - } - ] + *: [ + { + value: { matrixSubmit: 0 } + action: @menu:login + } + { + value: { matrixSubmit: 1 }, + action: @menu:newUserApplication + } + { + value: { matrixSubmit: 2 }, + action: @menu:logoff + } + ] + } } - } } - } + } } ``` @@ -99,3 +99,35 @@ The `submit` object tells the system to attempt to apply provided match entries Upon submit, the first match will be executed. For example, if the user selects "login", the first entry with a value of `{ matrixSubmit: 0 }` will match causing `action` of `@menu:login` to be executed (go to `login` menu). + +## ACS Checks +Menu modules can check user ACS in order to restrict areas and perform flow control. See [ACS](acs.md) for available ACS syntax. + +### Menu Access +To restrict menu access add an `acs` key to `config`. Example: +``` +opOnlyMenu: { + desc: Ops Only! + config: { + acs: ID1 + } +} +``` + +### Flow Control +The `next` member of a menu may be an array of objects containing an `acs` check as well as the destination. Depending on the current user's ACS, the system will pick the appropriate target. The last element in an array without an `acs` can be used as a catch all. Example: +``` +login: { + desc: Logging In + next: [ + { + // >= 2 calls else you get the full login + acs: NC2 + next: loginSequenceLoginFlavorSelect + } + { + next: fullLoginSequenceLoginArt + } + ] +} +``` \ No newline at end of file