hlxsites · shiv-gup · Mar 28, 2024 · Mar 27, 2024 · Mar 28, 2024
diff --git a/scripts/security.js b/scripts/security.js
@@ -96,6 +96,9 @@ export function isPublicPage() {
   return document.querySelector('head meta[name="public-access"]')?.getAttribute('content').toLowerCase() === 'true';
 }
 
+export function isReportingAccessPage() {
+  return document.querySelector('head meta[name="reporting-access"]')?.getAttribute('content').toLowerCase() === 'true';
+}
 export async function checkUserAccess() {
   if (isUnifiedShellRuntimeAvailable()) return !!user.get('imsProfile');
   await getBearerToken();
@@ -104,13 +107,33 @@ export async function checkUserAccess() {
     const imsLibSecurityModule = await import('./security-imslib.js');
     if (isPublicPage()) {
       return true;
-    } 
-    return await imsLibSecurityModule.isUserInSecurityGroup(imsUserGroup, await getBearerToken());
+    }
+
+    const isIMSUser = await imsLibSecurityModule.isUserInSecurityGroup(imsUserGroup, await getBearerToken());
+    //Check if IMS Users have access to Reporting Page
+    if (isReportingAccessPage() && isIMSUser) {
+      const adminConfig = await getAdminConfig();
+      //The name of the group is in property imsReportingGroup in admin-config.xslx
+      return await checkGroupAccess('imsReportingGroup');
+    } else {
+      return isIMSUser;
+    }
   }
 }
 
 export async function checkAddAssetsAccess() {
   const adminConfig = await getAdminConfig();
   const securityGroupMemberships = await getSecurityGroupMemberships(await getBearerToken());
   return securityGroupMemberships.some((grp) => grp.groupName === adminConfig.imsAuthorGroup);
-}
+}
+
+/**
+ * Checks Group Access for the group that is stored in the admin-config.xslx for
+ * for the property name in parameter adminConfigGroupPropertyName
+ * @returns {boolean} for access to the group
+ */
+export async function checkGroupAccess(adminConfigGroupPropertyName) {
+  const adminConfig = await getAdminConfig();
+  const securityGroupMemberships = await getSecurityGroupMemberships(await getBearerToken());
+  return securityGroupMemberships.some((grp) => grp.groupName === adminConfig[adminConfigGroupPropertyName]);
+}
diff --git a/scripts/site-config.js b/scripts/site-config.js
@@ -1,5 +1,6 @@
 import { fetchCached } from './fetch-util.js';
 import { toCamelCase } from './lib-franklin.js';
+import { checkGroupAccess } from './security.js';
 
 const QA_BASE_PATH = 'qa';
 const DRAFTS_BASE_PATH = 'drafts';
@@ -285,14 +286,24 @@ async function mapUserSettingsForId(configId, result) {
 export async function getQuickLinkConfig() {
   const result = [];
   const response = await getConfig('site-config.json');
-  response.quicklinks?.data.forEach((row) => {
-    if (row.Title && row.Page) {
+
+  for (const row of response.quicklinks?.data || []) {
+    if (row.Title && row.Page && row.Group == '') {
       result.push({
         title: row.Title,
         page: row.Page,
       });
+    } else if (row.Title && row.Page && row.Group) {
+      if (await checkGroupAccess(row.Group))
+      {
+        result.push({
+          title: row.Title,
+          page: row.Page,
+        });
+      }
     }
-  });
+  }
+
   return result;
 }