/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
$stageId = (int) $request->getUserVar('stageId');
import('classes.security.authorization.WorkflowStageAccessPolicy');
$this->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
// Require a submission
import('classes.security.authorization.SubmissionAccessPolicy');
$this->addPolicy(new SubmissionAccessPolicy($request, $args, $roleAssignments, 'submissionId'));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
// We need a review round id in request.
import('lib.pkp.classes.security.authorization.internal.ReviewRoundRequiredPolicy');
$this->addPolicy(new ReviewRoundRequiredPolicy($request, $args));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
// Allow both reviewers (if in review) and context roles.
import('classes.security.authorization.ReviewStageAccessPolicy');
$this->addPolicy(new ReviewStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $request->getUserVar('stageId')), true);
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @see PKPHandler::authorize()
* @param $request PKPRequest
* @param $args array
* @param $roleAssignments array
*/
function authorize(&$request, $args, $roleAssignments)
{
$stageId = $request->getUserVar('stageId');
import('classes.security.authorization.OmpWorkflowStageAccessPolicy');
$this->addPolicy(new OmpWorkflowStageAccessPolicy($request, $args, $roleAssignments, 'monographId', $stageId));
return parent::authorize($request, $args, $roleAssignments);
}
function authorize($request, &$args, $roleAssignments)
{
$fileIds = $request->getUserVar('filesIdsAndRevisions');
$libraryFileId = $request->getUserVar('libraryFileId');
if (is_string($fileIds)) {
$fileIdsArray = explode(';', $fileIds);
// Remove empty entries (a trailing ";" will cause these)
$fileIdsArray = array_filter($fileIdsArray, create_function('$a', 'return !empty($a);'));
}
if (!empty($fileIdsArray)) {
$multipleSubmissionFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
foreach ($fileIdsArray as $fileIdAndRevision) {
$multipleSubmissionFileAccessPolicy->addPolicy($this->_getAccessPolicy($request, $args, $roleAssignments, $fileIdAndRevision));
}
$this->addPolicy($multipleSubmissionFileAccessPolicy);
} else {
if (is_numeric($libraryFileId)) {
import('lib.pkp.classes.security.authorization.ContextAccessPolicy');
$this->addPolicy(new ContextAccessPolicy($request, $roleAssignments));
} else {
// IDs will be specified using the default parameters.
$this->addPolicy($this->_getAccessPolicy($request, $args, $roleAssignments));
}
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
// User must be logged in
import('lib.pkp.classes.security.authorization.UserRequiredPolicy');
$this->addPolicy(new UserRequiredPolicy($request));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
// Authorize stage id.
import('lib.pkp.classes.security.authorization.WorkflowStageAccessPolicy');
$this->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $this->_identifyStageId($request)));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
// Some operations need a review round id in request.
$reviewRoundOps = $this->_getReviewRoundOps();
import('lib.pkp.classes.security.authorization.internal.ReviewRoundRequiredPolicy');
$this->addPolicy(new ReviewRoundRequiredPolicy($request, $args, 'reviewRoundId', $reviewRoundOps));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.ContextRequiredPolicy');
$this->addPolicy(new ContextRequiredPolicy($request));
import('classes.security.authorization.OjsJournalMustPublishPolicy');
$this->addPolicy(new OjsJournalMustPublishPolicy($request));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.PKPSiteAccessPolicy');
$this->addPolicy(new PKPSiteAccessPolicy($request, array('header', 'sidebar', 'css'), SITE_ACCESS_ALL_ROLES));
if (!Config::getVar('general', 'installed')) {
define('SESSION_DISABLE_INIT', true);
}
return parent::authorize($request, $args, $roleAssignments, false);
}
/**
* @copydoc PKPHandler::authorize
*/
function authorize($request, &$args, $roleAssignments)
{
$returner = parent::authorize($request, $args, $roleAssignments);
if (!Config::getVar('oai', 'oai')) {
return false;
} else {
return $returner;
}
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
switch ($op = $request->getRequestedOp()) {
case 'signInAsUser':
import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
$this->addPolicy(new RoleBasedHandlerOperationPolicy($request, array(ROLE_ID_MANAGER, ROLE_ID_SITE_ADMIN), array('signInAsUser')));
break;
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
$context = $request->getContext();
if (!$context || !$context->getSetting('restrictSiteAccess')) {
$templateMgr = TemplateManager::getManager($request);
$templateMgr->setCacheability(CACHEABILITY_PUBLIC);
}
import('lib.pkp.classes.security.authorization.ContextRequiredPolicy');
$this->addPolicy(new ContextRequiredPolicy($request));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.ContextRequiredPolicy');
$this->addPolicy(new ContextRequiredPolicy($request));
import('classes.security.authorization.OjsJournalMustPublishPolicy');
$this->addPolicy(new OjsJournalMustPublishPolicy($request));
import('classes.security.authorization.OjsIssueRequiredPolicy');
// the 'archives' op does not need this policy so it is left out of the operations array.
$this->addPolicy(new OjsIssueRequiredPolicy($request, $args, array('view', 'download')));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
// Some operations need a review round id in request.
$reviewRoundOps = $this->_getReviewRoundOps();
import('lib.pkp.classes.security.authorization.internal.ReviewRoundRequiredPolicy');
$this->addPolicy(new ReviewRoundRequiredPolicy($request, $args, 'reviewRoundId', $reviewRoundOps));
// Approve proof need submission access policy.
$router = $request->getRouter();
if ($router->getRequestedOp($request) == 'saveApproveProof') {
import('lib.pkp.classes.security.authorization.SubmissionFileAccessPolicy');
$this->addPolicy(new SubmissionFileAccessPolicy($request, $args, $roleAssignments, SUBMISSION_FILE_ACCESS_MODIFY));
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
// Get the galley Policy
import('classes.security.authorization.GalleyRequiredPolicy');
$galleyPolicy = new GalleyRequiredPolicy($request, $args);
// Get the workflow stage policy
import('classes.security.authorization.WorkflowStageAccessPolicy');
$stagePolicy = new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', WORKFLOW_STAGE_ID_PRODUCTION);
// Add the Galley policy to the stage policy.
$stagePolicy->addPolicy($galleyPolicy);
// Add the augmented policy to the handler.
$this->addPolicy($stagePolicy);
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
// Require stage access
import('classes.security.authorization.WorkflowStageAccessPolicy');
$this->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', (int) $request->getUserVar('stageId')));
if ($request->getUserVar('signoffId')) {
// Determine the access mode
$router = $request->getRouter();
// Require signoff access
import('classes.security.authorization.SignoffAccessPolicy');
$this->addPolicy(new SignoffAccessPolicy($request, $args, $roleAssignments, $router->getRequestedOp($request) == 'saveNote' ? SIGNOFF_ACCESS_MODIFY : SIGNOFF_ACCESS_READ, $request->getUserVar('stageId')));
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @see PKPHandler::authorize()
* @param $request PKPRequest
* @param $args array
* @param $roleAssignments array
*/
function authorize(&$request, $args, $roleAssignments)
{
// The policy for the submission handler depends on the
// step currently requested.
$step = isset($args[0]) ? (int) $args[0] : 1;
if ($step < 1 || $step > 4) {
return false;
}
// Do we have a monograph present in the request?
$monographId = (int) $request->getUserVar('monographId');
// Are we in step one without a monograph present?
if ($step === 1 && $monographId === 0) {
// Authorize submission creation.
import('classes.security.authorization.OmpPressAccessPolicy');
$this->addPolicy(new OmpPressAccessPolicy($request, $roleAssignments));
} else {
// Authorize editing of incomplete submissions.
import('classes.security.authorization.OmpSubmissionAccessPolicy');
$this->addPolicy(new OmpSubmissionAccessPolicy($request, $args, $roleAssignments, 'monographId'));
}
// Do policy checking.
if (!parent::authorize($request, $args, $roleAssignments)) {
return false;
}
// Execute additional checking of the step.
// NB: Move this to its own policy for reuse when required in other places.
$monograph =& $this->getAuthorizedContextObject(ASSOC_TYPE_MONOGRAPH);
// Permit if there is no monograph set, but request is for initial step.
if (!is_a($monograph, 'Monograph') && $step == 1) {
return true;
}
// In all other cases we expect an authorized monograph due to the
// submission access policy above.
assert(is_a($monograph, 'Monograph'));
// FIXME: What happens when returning to a prior step? See #5813.
// FIXME: What happens when returning to an incomplete submission? See #5752.
// Deny if submission is complete (==0 means complete) and at
// any step other than the "complete" step (=4)
if ($monograph->getSubmissionProgress() == 0 && $step != 4) {
return false;
}
// Deny if trying to access a step greater than the current progress
if ($monograph->getSubmissionProgress() != 0 && $step > $monograph->getSubmissionProgress()) {
return false;
}
return true;
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
// The policy for the submission handler depends on the
// step currently requested.
$step = isset($args[0]) ? (int) $args[0] : 1;
if ($step < 1 || $step > $this->_getStepCount()) {
return false;
}
// Do we have a submission present in the request?
$submissionId = (int) $request->getUserVar('submissionId');
// Are we in step one without a submission present?
if ($step === 1 && $submissionId === 0) {
// Authorize submission creation.
import('lib.pkp.classes.security.authorization.PkpContextAccessPolicy');
$this->addPolicy(new PkpContextAccessPolicy($request, $roleAssignments));
} else {
// Authorize editing of incomplete submissions.
import('classes.security.authorization.SubmissionAccessPolicy');
$this->addPolicy(new SubmissionAccessPolicy($request, $args, $roleAssignments, 'submissionId'));
}
// Do policy checking.
if (!parent::authorize($request, $args, $roleAssignments)) {
return false;
}
// Execute additional checking of the step.
// NB: Move this to its own policy for reuse when required in other places.
$submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
// Permit if there is no submission set, but request is for initial step.
if (!is_a($submission, 'Submission') && $step == 1) {
return true;
}
// In all other cases we expect an authorized submission due to
// the submission access policy above.
assert(is_a($submission, 'Submission'));
// Deny if submission is complete (==0 means complete) and at
// any step other than the "complete" step (the last one)
if ($submission->getSubmissionProgress() == 0 && $step != $this->_getStepCount()) {
return false;
}
// Deny if trying to access a step greater than the current progress
if ($submission->getSubmissionProgress() != 0 && $step > $submission->getSubmissionProgress()) {
return false;
}
return true;
}
/**
* @see PKPHandler::authorize()
* @param $request PKPRequest
* @param $args array
* @param $roleAssignments array
*/
function authorize(&$request, $args, $roleAssignments)
{
$router =& $request->getRouter();
$operation = $router->getRequestedOp($request);
switch ($operation) {
case 'index':
// The user only needs press-level permission to see a list
// of submissions.
import('classes.security.authorization.OmpPressAccessPolicy');
$this->addPolicy(new OmpPressAccessPolicy($request, $roleAssignments));
break;
default:
// All other operations require full submission access.
import('classes.security.authorization.OmpSubmissionAccessPolicy');
$this->addPolicy(new OmpSubmissionAccessPolicy($request, $args, $roleAssignments));
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
$router = $request->getRouter();
$operation = $router->getRequestedOp($request);
if ($operation == 'access' || $operation == 'expedite') {
// Authorize requested submission.
import('lib.pkp.classes.security.authorization.internal.SubmissionRequiredPolicy');
$this->addPolicy(new SubmissionRequiredPolicy($request, $args, 'submissionId'));
// This policy will deny access if user has no accessible workflow stage.
// Otherwise it will build an authorized object with all accessible
// workflow stages and authorize user operation access.
import('classes.security.authorization.internal.UserAccessibleWorkflowStageRequiredPolicy');
$this->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request));
} else {
import('classes.security.authorization.WorkflowStageAccessPolicy');
$this->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $this->identifyStageId($request, $args)));
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments, $enforceRestrictedSite = true)
{
import('lib.pkp.classes.security.authorization.PKPSiteAccessPolicy');
$this->addPolicy(new PKPSiteAccessPolicy($request, null, $roleAssignments));
$returner = parent::authorize($request, $args, $roleAssignments, $enforceRestrictedSite);
// Make sure user is in a context. Otherwise, redirect.
$context = $request->getContext();
$router = $request->getRouter();
$requestedOp = $router->getRequestedOp($request);
if ($requestedOp == 'settings') {
$contextDao = Application::getContextDAO();
$contextFactory = $contextDao->getAll();
if ($contextFactory->getCount() == 1) {
// Don't let users access site settings in a single context installation.
// In that case, those settings are available under management or are not
// relevant (like site appearance).
return false;
}
}
return $returner;
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.AuthorDashboardAccessPolicy');
$this->addPolicy(new AuthorDashboardAccessPolicy($request, $args, $roleAssignments), true);
return parent::authorize($request, $args, $roleAssignments);
}
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.SubmissionFileAccessPolicy');
$this->addPolicy(new SubmissionFileAccessPolicy($request, $args, $roleAssignments, SUBMISSION_FILE_ACCESS_MODIFY));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* Ensure that we have a selected journal and the plugin is enabled
*/
function authorize(&$request, &$args, $roleAssignments)
{
$journal =& $request->getJournal();
if (!isset($journal)) {
return false;
}
$bfrPlugin =& PluginRegistry::getPlugin('generic', BOOKS_FOR_REVIEW_PLUGIN_NAME);
if (!isset($bfrPlugin)) {
return false;
}
if (!$bfrPlugin->getEnabled()) {
return false;
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* Ensure that we have a journal and the plugin is enabled.
*/
function authorize($request, &$args, $roleAssignments)
{
$router = $request->getRouter();
$journal = $router->getContext($request);
if (!isset($journal)) {
return false;
}
$browsePlugin = PluginRegistry::getPlugin('generic', BROWSE_PLUGIN_NAME);
if (!isset($browsePlugin)) {
return false;
}
if (!$browsePlugin->getEnabled()) {
return false;
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* Ensure that we have a journal, plugin is enabled, and user is author.
*/
function authorize($request, &$args, $roleAssignments)
{
$journal = $request->getJournal();
if (!isset($journal)) {
return false;
}
$bfrPlugin = PluginRegistry::getPlugin('generic', BOOKS_FOR_REVIEW_PLUGIN_NAME);
if (!isset($bfrPlugin)) {
return false;
}
if (!$bfrPlugin->getEnabled()) {
return false;
}
if (!Validation::isAuthor($journal->getId())) {
Validation::redirectLogin();
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.SubmissionAccessPolicy');
$this->addPolicy(new SubmissionAccessPolicy($request, $args, $roleAssignments));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @see PKPHandler::authorize()
*/
function authorize(&$request, $args, $roleAssignments)
{
import('classes.security.authorization.OmpWorkflowStageAccessPolicy');
$this->addPolicy(new OmpWorkflowStageAccessPolicy($request, $args, $roleAssignments, 'monographId', WORKFLOW_STAGE_ID_SUBMISSION));
return parent::authorize($request, $args, $roleAssignments);
}
