/**
  * Constructor
  * @param $request PKPRequest
  * @param $roleAssignments array
  */
 function OjsJournalAccessPolicy(&$request, $roleAssignments)
 {
     parent::JournalPolicy($request);
     // On journal level we don't have role-specific conditions
     // so we can simply add all role assignments. It's ok if
     // any of these role conditions permits access.
     $journalRolePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
     foreach ($roleAssignments as $role => $operations) {
         $journalRolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $role, $operations));
     }
     $this->addPolicy($journalRolePolicy);
 }
 /**
  * Constructor
  * @param $request PKPRequest
  * @param $args array
  * @param $roleAssignments array
  * @param $submissionParameterName string
  */
 function OjsSubmissionAccessPolicy(&$request, &$args, $roleAssignments, $submissionParameterName = 'articleId')
 {
     parent::JournalPolicy($request);
     // Create a "permit overrides" policy set that specifies
     // editor and copyeditor access to submissions.
     $submissionEditingPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     //
     // Editor roles (Editor and Section Editor) policy
     //
     $editorsPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     // Editorial components can only be called if there's a
     // valid section editor submission in the request.
     // FIXME: We should find a way to check whether the user actually
     // is a (section) editor before we execute this expensive policy.
     import('classes.security.authorization.internal.SectionEditorSubmissionRequiredPolicy');
     $editorsPolicy->addPolicy(new SectionEditorSubmissionRequiredPolicy($request, $args, $submissionParameterName));
     $editorRolesPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     // Editors can access all operations.
     $editorRolesPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_EDITOR, $roleAssignments[ROLE_ID_EDITOR]));
     // Section editors
     $sectionEditorPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     // 1) Section editors can access all remote operations ...
     $sectionEditorPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SECTION_EDITOR, $roleAssignments[ROLE_ID_SECTION_EDITOR]));
     // 2) ... but only if the requested submission has been explicitly assigned to them.
     import('classes.security.authorization.internal.SectionSubmissionAssignmentPolicy');
     $sectionEditorPolicy->addPolicy(new SectionSubmissionAssignmentPolicy($request));
     $editorRolesPolicy->addPolicy($sectionEditorPolicy);
     $editorsPolicy->addPolicy($editorRolesPolicy);
     $submissionEditingPolicy->addPolicy($editorsPolicy);
     //
     // Copyeditor policy
     //
     $copyeditorPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     // 1) Copyeditors can only access editorial components when a valid
     //    copyeditor submission is in the request ...
     import('classes.security.authorization.internal.CopyeditorSubmissionRequiredPolicy');
     $copyeditorPolicy->addPolicy(new CopyeditorSubmissionRequiredPolicy($request, $args, $submissionParameterName));
     // 2) ... If that's the case then copyeditors can access all remote operations ...
     $copyeditorPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_COPYEDITOR, $roleAssignments[ROLE_ID_SECTION_EDITOR]));
     // 3) ... but only if the requested submission has been explicitly assigned to them.
     import('classes.security.authorization.internal.CopyeditorSubmissionAssignmentPolicy');
     $copyeditorPolicy->addPolicy(new CopyeditorSubmissionAssignmentPolicy($request));
     $submissionEditingPolicy->addPolicy($copyeditorPolicy);
     // Add the submission editing policies to this policy set.
     $this->addPolicy($submissionEditingPolicy);
 }