/**
* Constructor
* @param $request PKPRequest
* @param $roleAssignments array
*/
function OjsJournalAccessPolicy(&$request, $roleAssignments)
{
parent::JournalPolicy($request);
// On journal level we don't have role-specific conditions
// so we can simply add all role assignments. It's ok if
// any of these role conditions permits access.
$journalRolePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
foreach ($roleAssignments as $role => $operations) {
$journalRolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $role, $operations));
}
$this->addPolicy($journalRolePolicy);
}
/**
* Constructor
* @param $request PKPRequest
* @param $args array
* @param $roleAssignments array
* @param $submissionParameterName string
*/
function OjsSubmissionAccessPolicy(&$request, &$args, $roleAssignments, $submissionParameterName = 'articleId')
{
parent::JournalPolicy($request);
// Create a "permit overrides" policy set that specifies
// editor and copyeditor access to submissions.
$submissionEditingPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
//
// Editor roles (Editor and Section Editor) policy
//
$editorsPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
// Editorial components can only be called if there's a
// valid section editor submission in the request.
// FIXME: We should find a way to check whether the user actually
// is a (section) editor before we execute this expensive policy.
import('classes.security.authorization.internal.SectionEditorSubmissionRequiredPolicy');
$editorsPolicy->addPolicy(new SectionEditorSubmissionRequiredPolicy($request, $args, $submissionParameterName));
$editorRolesPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
// Editors can access all operations.
$editorRolesPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_EDITOR, $roleAssignments[ROLE_ID_EDITOR]));
// Section editors
$sectionEditorPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
// 1) Section editors can access all remote operations ...
$sectionEditorPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SECTION_EDITOR, $roleAssignments[ROLE_ID_SECTION_EDITOR]));
// 2) ... but only if the requested submission has been explicitly assigned to them.
import('classes.security.authorization.internal.SectionSubmissionAssignmentPolicy');
$sectionEditorPolicy->addPolicy(new SectionSubmissionAssignmentPolicy($request));
$editorRolesPolicy->addPolicy($sectionEditorPolicy);
$editorsPolicy->addPolicy($editorRolesPolicy);
$submissionEditingPolicy->addPolicy($editorsPolicy);
//
// Copyeditor policy
//
$copyeditorPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
// 1) Copyeditors can only access editorial components when a valid
// copyeditor submission is in the request ...
import('classes.security.authorization.internal.CopyeditorSubmissionRequiredPolicy');
$copyeditorPolicy->addPolicy(new CopyeditorSubmissionRequiredPolicy($request, $args, $submissionParameterName));
// 2) ... If that's the case then copyeditors can access all remote operations ...
$copyeditorPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_COPYEDITOR, $roleAssignments[ROLE_ID_SECTION_EDITOR]));
// 3) ... but only if the requested submission has been explicitly assigned to them.
import('classes.security.authorization.internal.CopyeditorSubmissionAssignmentPolicy');
$copyeditorPolicy->addPolicy(new CopyeditorSubmissionAssignmentPolicy($request));
$submissionEditingPolicy->addPolicy($copyeditorPolicy);
// Add the submission editing policies to this policy set.
$this->addPolicy($submissionEditingPolicy);
}