Add menu-level ACS check

2018-08-04 11:49:44 -06:00 · 2018-08-04 11:49:44 -06:00 · 5bd7ecdb88
parent 475fe596f6
commit 5bd7ecdb88
5 changed files with 80 additions and 28 deletions
--- a/core/acs.js
+++ b/core/acs.js
@ -51,6 +51,19 @@ class ACS {
        return this.check(area.acs, 'download', ACS.Defaults.FileAreaDownload);
    }

+    hasMenuModuleAccess(modInst) {
+        const acs = _.get(modInst, 'menuConfig.config.acs');
+        if(!_.isString(acs)) {
+            return true;    //  no ACS check req.
+        }
+        try {
+            return checkAcs(acs, { client : this.client } );
+        } catch(e) {
+            Log.warn( { exception : e, acs : acs }, 'Exception caught checking ACS');
+            return false;
+        }
+    }
+
    getConditionalValue(condArray, memberName) {
        if(!Array.isArray(condArray)) {
            //  no cond array, just use the value
@ -68,7 +81,7 @@ class ACS {
                    return false;
                }
            } else {
-                return true;    //  no acs check req.
+                return true;    //  no ACS check req.
            }
        });

--- a/core/menu_stack.js
+++ b/core/menu_stack.js
@ -127,6 +127,13 @@ module.exports = class MenuStack {
            } else {
                self.client.log.debug( { menuName : name }, 'Goto menu module');

+                if(!this.client.acs.hasMenuModuleAccess(modInst)) {
+                    if(cb) {
+                        return cb(Errors.AccessDenied('No access to this menu'));
+                    }
+                    return;
+                }
+
                //
                //  If menuFlags were supplied in menu.hjson, they should win over
                //  anything supplied in code.
--- a/core/show_art.js
+++ b/core/show_art.js
@ -116,7 +116,7 @@ exports.getModule = class ShowArtModule extends MenuModule {
            if(!area) {
                return cb(Errors.DoesNotExist(`No area by areaTag ${key} found`));
            }
-            return cb(null);    //  :TODO: REM OVE ME
+            return cb(null);    //  :TODO: REMOVE ME --- currently NYI
        });
    }

--- a/docs/configuration/acs.md
+++ b/docs/configuration/acs.md
@ -61,6 +61,6 @@ The following touch points exist in the system. Many more are planned:

 * Message conferences and areas
 * File base areas
-* Menus within `menu.hjson`
+* Menus within `menu.hjson`. See [menu.hjson](menu-hjson.md).

 See the specific areas documentation for information on available ACS checks.
--- a/docs/configuration/menu-hjson.md
+++ b/docs/configuration/menu-hjson.md
@ -31,9 +31,9 @@ Let's look a couple basic menu entries:

 ```hjson
 telnetConnected: {
-  art: CONNECT
-  next: matrix
-  options: { nextTimeout: 1500 }
+    art: CONNECT
+    next: matrix
+    options: { nextTimeout: 1500 }
 }
 ```

@ -54,38 +54,38 @@ Now let's look at `matrix`, the `next` entry from `telnetConnected`:

 ```hjson
 matrix: {
-  art: matrix
-  desc: Login Matrix
-  form: {
+    art: matrix
+    desc: Login Matrix
+    form: {
    0: {
-      VM: {
+        VM: {
        mci: {
-          VM1:  {
+            VM1:  {
            submit: true
            focus:  true            
            items: [ "login", "apply", "log off" ]
            argName: matrixSubmit
-          }
+            }
        }
        submit: {
-          *: [
-              {
-                  value: { matrixSubmit: 0 }
-                  action: @menu:login
-              }
-              {
-                  value: { matrixSubmit: 1 },
-                  action: @menu:newUserApplication
-              }
-              {
-                  value: { matrixSubmit: 2 },
-                  action: @menu:logoff
-              }
-          ]
+            *: [
+                {
+                    value: { matrixSubmit: 0 }
+                    action: @menu:login
+                }
+                {
+                    value: { matrixSubmit: 1 },
+                    action: @menu:newUserApplication
+                }
+                {
+                    value: { matrixSubmit: 2 },
+                    action: @menu:logoff
+                }
+            ]
+        }
        }
-      }
    }
-  }
+    }
 }
 ```

@ -99,3 +99,35 @@ The `submit` object tells the system to attempt to apply provided match entries
 Upon submit, the first match will be executed. For example, if the user selects "login", the first entry 
 with a value of `{ matrixSubmit: 0 }` will match causing `action` of `@menu:login` to be executed (go 
 to `login` menu).
+
+## ACS Checks
+Menu modules can check user ACS in order to restrict areas and perform flow control. See [ACS](acs.md) for available ACS syntax.
+
+### Menu Access
+To restrict menu access add an `acs` key to `config`. Example:
+```
+opOnlyMenu: {
+    desc: Ops Only!
+    config: {
+        acs: ID1
+    }
+}
+```
+
+### Flow Control
+The `next` member of a menu may be an array of objects containing an `acs` check as well as the destination. Depending on the current user's ACS, the system will pick the appropriate target. The last element in an array without an `acs` can be used as a catch all. Example:
+```
+login: {
+    desc: Logging In
+    next: [
+        {
+            //	>= 2 calls else you get the full login
+            acs: NC2
+            next: loginSequenceLoginFlavorSelect
+        }
+        {
+            next: fullLoginSequenceLoginArt
+        }
+    ]
+}
+```