diff --git a/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js b/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js index 20a7ddd7c9..02505b4304 100644 --- a/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js +++ b/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js @@ -12,6 +12,17 @@ const { useAdminCapabilities } = require('../Helpers/AdminAuthorizationHelper') // set of middleware arrays or functions that checks user access to an entity // (publisher, institution, group, template, etc.) const UserMembershipMiddleware = { + requireTeamMetricsAccess: [ + AuthenticationController.requireLogin(), + fetchEntityConfig('team'), + fetchEntity(), + requireEntity(), + allowAccessIfAny([ + UserMembershipAuthorization.hasEntityAccess(), + UserMembershipAuthorization.hasStaffAccess('groupMetrics'), + ]), + ], + requireGroup: [fetchEntityConfig('group'), fetchEntity(), requireEntity()], requireGroupAccess: [ @@ -62,6 +73,17 @@ const UserMembershipMiddleware = { ]), ], + requireGroupMetricsAccess: [ + AuthenticationController.requireLogin(), + fetchEntityConfig('group'), + fetchEntity(), + requireEntity(), + allowAccessIfAny([ + UserMembershipAuthorization.hasEntityAccess(), + UserMembershipAuthorization.hasStaffAccess('groupMetrics'), + ]), + ], + requireInstitutionMetricsAccess: [ AuthenticationController.requireLogin(), fetchEntityConfig('institution'),