Add menu-level ACS check

core/acs.js

@@ -51,6 +51,19 @@ class ACS {
         return this.check(area.acs, 'download', ACS.Defaults.FileAreaDownload);
     }
 
+    hasMenuModuleAccess(modInst) {
+        const acs = _.get(modInst, 'menuConfig.config.acs');
+        if(!_.isString(acs)) {
+            return true;    //  no ACS check req.
+        }
+        try {
+            return checkAcs(acs, { client : this.client } );
+        } catch(e) {
+            Log.warn( { exception : e, acs : acs }, 'Exception caught checking ACS');
+            return false;
+        }
+    }
+
     getConditionalValue(condArray, memberName) {
         if(!Array.isArray(condArray)) {
             //  no cond array, just use the value
@@ -68,7 +81,7 @@ class ACS {
                     return false;
                 }
             } else {
-                return true;    //  no acs check req.
+                return true;    //  no ACS check req.
             }
         });
 

core/menu_stack.js

@@ -127,6 +127,13 @@ module.exports = class MenuStack {
             } else {
                 self.client.log.debug( { menuName : name }, 'Goto menu module');
 
+                if(!this.client.acs.hasMenuModuleAccess(modInst)) {
+                    if(cb) {
+                        return cb(Errors.AccessDenied('No access to this menu'));
+                    }
+                    return;
+                }
+
                 //
                 //  If menuFlags were supplied in menu.hjson, they should win over
                 //  anything supplied in code.

core/show_art.js

@@ -116,7 +116,7 @@ exports.getModule = class ShowArtModule extends MenuModule {
             if(!area) {
                 return cb(Errors.DoesNotExist(`No area by areaTag ${key} found`));
             }
-            return cb(null);    //  :TODO: REM OVE ME
+            return cb(null);    //  :TODO: REMOVE ME --- currently NYI
         });
     }
 

docs/configuration/acs.md

@@ -61,6 +61,6 @@ The following touch points exist in the system. Many more are planned:
 
 * Message conferences and areas
 * File base areas
-* Menus within `menu.hjson`
+* Menus within `menu.hjson`. See [menu.hjson](menu-hjson.md).
 
 See the specific areas documentation for information on available ACS checks.

docs/configuration/menu-hjson.md

@@ -31,9 +31,9 @@ Let's look a couple basic menu entries:
 
 ```hjson
 telnetConnected: {
-  art: CONNECT
+    art: CONNECT
-  next: matrix
+    next: matrix
-  options: { nextTimeout: 1500 }
+    options: { nextTimeout: 1500 }
 }
 ```
 
@@ -54,38 +54,38 @@ Now let's look at `matrix`, the `next` entry from `telnetConnected`:
 
 ```hjson
 matrix: {
-  art: matrix
+    art: matrix
-  desc: Login Matrix
+    desc: Login Matrix
-  form: {
+    form: {
     0: {
-      VM: {
+        VM: {
         mci: {
-          VM1:  {
+            VM1:  {
             submit: true
             focus:  true            
             items: [ "login", "apply", "log off" ]
             argName: matrixSubmit
-          }
+            }
         }
         submit: {
-          *: [
+            *: [
-              {
+                {
-                  value: { matrixSubmit: 0 }
+                    value: { matrixSubmit: 0 }
-                  action: @menu:login
+                    action: @menu:login
-              }
+                }
-              {
+                {
-                  value: { matrixSubmit: 1 },
+                    value: { matrixSubmit: 1 },
-                  action: @menu:newUserApplication
+                    action: @menu:newUserApplication
-              }
+                }
-              {
+                {
-                  value: { matrixSubmit: 2 },
+                    value: { matrixSubmit: 2 },
-                  action: @menu:logoff
+                    action: @menu:logoff
-              }
+                }
-          ]
+            ]
+        }
         }
-      }
     }
-  }
+    }
 }
 ```
 
@@ -99,3 +99,35 @@ The `submit` object tells the system to attempt to apply provided match entries
  Upon submit, the first match will be executed. For example, if the user selects "login", the first entry 
  with a value of `{ matrixSubmit: 0 }` will match causing `action` of `@menu:login` to be executed (go 
  to `login` menu).
+
+## ACS Checks
+Menu modules can check user ACS in order to restrict areas and perform flow control. See [ACS](acs.md) for available ACS syntax.
+
+### Menu Access
+To restrict menu access add an `acs` key to `config`. Example:
+```
+opOnlyMenu: {
+    desc: Ops Only!
+    config: {
+        acs: ID1
+    }
+}
+```
+
+### Flow Control
+The `next` member of a menu may be an array of objects containing an `acs` check as well as the destination. Depending on the current user's ACS, the system will pick the appropriate target. The last element in an array without an `acs` can be used as a catch all. Example:
+```
+login: {
+    desc: Logging In
+    next: [
+        {
+            //	>= 2 calls else you get the full login
+            acs: NC2
+            next: loginSequenceLoginFlavorSelect
+        }
+        {
+            next: fullLoginSequenceLoginArt
+        }
+    ]
+}
+```