Add menu-level ACS check

core/acs.js

@@ -51,6 +51,19 @@ class ACS {
         return this.check(area.acs, 'download', ACS.Defaults.FileAreaDownload);
     }
 
+    hasMenuModuleAccess(modInst) {
+        const acs = _.get(modInst, 'menuConfig.config.acs');
+        if(!_.isString(acs)) {
+            return true;    //  no ACS check req.
+        }
+        try {
+            return checkAcs(acs, { client : this.client } );
+        } catch(e) {
+            Log.warn( { exception : e, acs : acs }, 'Exception caught checking ACS');
+            return false;
+        }
+    }
+
     getConditionalValue(condArray, memberName) {
         if(!Array.isArray(condArray)) {
             //  no cond array, just use the value
@@ -68,7 +81,7 @@ class ACS {
                     return false;
                 }
             } else {
-                return true;    //  no acs check req.
+                return true;    //  no ACS check req.
             }
         });
 

core/menu_stack.js

@@ -127,6 +127,13 @@ module.exports = class MenuStack {
             } else {
                 self.client.log.debug( { menuName : name }, 'Goto menu module');
 
+                if(!this.client.acs.hasMenuModuleAccess(modInst)) {
+                    if(cb) {
+                        return cb(Errors.AccessDenied('No access to this menu'));
+                    }
+                    return;
+                }
+
                 //
                 //  If menuFlags were supplied in menu.hjson, they should win over
                 //  anything supplied in code.

core/show_art.js

@@ -116,7 +116,7 @@ exports.getModule = class ShowArtModule extends MenuModule {
             if(!area) {
                 return cb(Errors.DoesNotExist(`No area by areaTag ${key} found`));
             }
-            return cb(null);    //  :TODO: REM OVE ME
+            return cb(null);    //  :TODO: REMOVE ME --- currently NYI
         });
     }
 

docs/configuration/acs.md

@@ -61,6 +61,6 @@ The following touch points exist in the system. Many more are planned:
 
 * Message conferences and areas
 * File base areas
-* Menus within `menu.hjson`
+* Menus within `menu.hjson`. See [menu.hjson](menu-hjson.md).
 
 See the specific areas documentation for information on available ACS checks.

docs/configuration/menu-hjson.md

@@ -99,3 +99,35 @@ The `submit` object tells the system to attempt to apply provided match entries
  Upon submit, the first match will be executed. For example, if the user selects "login", the first entry 
  with a value of `{ matrixSubmit: 0 }` will match causing `action` of `@menu:login` to be executed (go 
  to `login` menu).
+
+## ACS Checks
+Menu modules can check user ACS in order to restrict areas and perform flow control. See [ACS](acs.md) for available ACS syntax.
+
+### Menu Access
+To restrict menu access add an `acs` key to `config`. Example:
+```
+opOnlyMenu: {
+    desc: Ops Only!
+    config: {
+        acs: ID1
+    }
+}
+```
+
+### Flow Control
+The `next` member of a menu may be an array of objects containing an `acs` check as well as the destination. Depending on the current user's ACS, the system will pick the appropriate target. The last element in an array without an `acs` can be used as a catch all. Example:
+```
+login: {
+    desc: Logging In
+    next: [
+        {
+            //	>= 2 calls else you get the full login
+            acs: NC2
+            next: loginSequenceLoginFlavorSelect
+        }
+        {
+            next: fullLoginSequenceLoginArt
+        }
+    ]
+}
+```