diff --git a/scripts/security.js b/scripts/security.js index 659a7c98..27f66ea1 100644 --- a/scripts/security.js +++ b/scripts/security.js @@ -96,6 +96,9 @@ export function isPublicPage() { return document.querySelector('head meta[name="public-access"]')?.getAttribute('content').toLowerCase() === 'true'; } +export function isReportingAccessPage() { + return document.querySelector('head meta[name="reporting-access"]')?.getAttribute('content').toLowerCase() === 'true'; +} export async function checkUserAccess() { if (isUnifiedShellRuntimeAvailable()) return !!user.get('imsProfile'); await getBearerToken(); @@ -104,8 +107,17 @@ export async function checkUserAccess() { const imsLibSecurityModule = await import('./security-imslib.js'); if (isPublicPage()) { return true; - } - return await imsLibSecurityModule.isUserInSecurityGroup(imsUserGroup, await getBearerToken()); + } + + const isIMSUser = await imsLibSecurityModule.isUserInSecurityGroup(imsUserGroup, await getBearerToken()); + //Check if IMS Users have access to Reporting Page + if (isReportingAccessPage() && isIMSUser) { + const adminConfig = await getAdminConfig(); + //The name of the group is in property imsReportingGroup in admin-config.xslx + return await checkGroupAccess('imsReportingGroup'); + } else { + return isIMSUser; + } } } @@ -113,4 +125,15 @@ export async function checkAddAssetsAccess() { const adminConfig = await getAdminConfig(); const securityGroupMemberships = await getSecurityGroupMemberships(await getBearerToken()); return securityGroupMemberships.some((grp) => grp.groupName === adminConfig.imsAuthorGroup); -} \ No newline at end of file +} + +/** + * Checks Group Access for the group that is stored in the admin-config.xslx for + * for the property name in parameter adminConfigGroupPropertyName + * @returns {boolean} for access to the group + */ +export async function checkGroupAccess(adminConfigGroupPropertyName) { + const adminConfig = await getAdminConfig(); + const securityGroupMemberships = await getSecurityGroupMemberships(await getBearerToken()); + return securityGroupMemberships.some((grp) => grp.groupName === adminConfig[adminConfigGroupPropertyName]); +} diff --git a/scripts/site-config.js b/scripts/site-config.js index c906db24..438baec0 100644 --- a/scripts/site-config.js +++ b/scripts/site-config.js @@ -1,5 +1,6 @@ import { fetchCached } from './fetch-util.js'; import { toCamelCase } from './lib-franklin.js'; +import { checkGroupAccess } from './security.js'; const QA_BASE_PATH = 'qa'; const DRAFTS_BASE_PATH = 'drafts'; @@ -285,14 +286,24 @@ async function mapUserSettingsForId(configId, result) { export async function getQuickLinkConfig() { const result = []; const response = await getConfig('site-config.json'); - response.quicklinks?.data.forEach((row) => { - if (row.Title && row.Page) { + + for (const row of response.quicklinks?.data || []) { + if (row.Title && row.Page && row.Group == '') { result.push({ title: row.Title, page: row.Page, }); + } else if (row.Title && row.Page && row.Group) { + if (await checkGroupAccess(row.Group)) + { + result.push({ + title: row.Title, + page: row.Page, + }); + } } - }); + } + return result; }