From 294fb94431da630ea2c3c1c7318fb96c022717ec Mon Sep 17 00:00:00 2001 From: Antoine Clausse Date: Fri, 29 Aug 2025 12:07:54 +0200 Subject: [PATCH] [web] Fix metrics pages membership middleware (#28194) GitOrigin-RevId: c41c117e6999ee5ea202516e72f4d22c32a07668 --- .../UserMembershipMiddleware.js | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js b/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js index 20a7ddd7c9..02505b4304 100644 --- a/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js +++ b/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js @@ -12,6 +12,17 @@ const { useAdminCapabilities } = require('../Helpers/AdminAuthorizationHelper') // set of middleware arrays or functions that checks user access to an entity // (publisher, institution, group, template, etc.) const UserMembershipMiddleware = { + requireTeamMetricsAccess: [ + AuthenticationController.requireLogin(), + fetchEntityConfig('team'), + fetchEntity(), + requireEntity(), + allowAccessIfAny([ + UserMembershipAuthorization.hasEntityAccess(), + UserMembershipAuthorization.hasStaffAccess('groupMetrics'), + ]), + ], + requireGroup: [fetchEntityConfig('group'), fetchEntity(), requireEntity()], requireGroupAccess: [ @@ -62,6 +73,17 @@ const UserMembershipMiddleware = { ]), ], + requireGroupMetricsAccess: [ + AuthenticationController.requireLogin(), + fetchEntityConfig('group'), + fetchEntity(), + requireEntity(), + allowAccessIfAny([ + UserMembershipAuthorization.hasEntityAccess(), + UserMembershipAuthorization.hasStaffAccess('groupMetrics'), + ]), + ], + requireInstitutionMetricsAccess: [ AuthenticationController.requireLogin(), fetchEntityConfig('institution'),