/**
* Constructor
* @param $request PKPRequest
* @param $args array request parameters
* @param $roleAssignments array
* @param $submissionParameterName string the request parameter we
* expect the submission id in.
*/
function SubmissionAccessPolicy($request, $args, $roleAssignments, $submissionParameterName = 'submissionId')
{
parent::PKPSubmissionAccessPolicy($request, $args, $roleAssignments, $submissionParameterName);
$submissionAccessPolicy = $this->_baseSubmissionAccessPolicy;
//
// Series editor role
//
if (isset($roleAssignments[ROLE_ID_SUB_EDITOR])) {
// 1) Series editors can access all operations on submissions ...
$subEditorSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$subEditorSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SUB_EDITOR, $roleAssignments[ROLE_ID_SUB_EDITOR]));
// 2) ... but only if the requested submission is part of their series.
import('classes.security.authorization.internal.SectionAssignmentPolicy');
$subEditorSubmissionAccessPolicy->addPolicy(new SectionAssignmentPolicy($request));
$submissionAccessPolicy->addPolicy($subEditorSubmissionAccessPolicy);
}
$this->addPolicy($submissionAccessPolicy);
}
/**
* Constructor
* @param $request PKPRequest
* @param $args array request parameters
* @param $roleAssignments array
* @param $submissionParameterName string the request parameter we
* expect the submission id in.
*/
function SubmissionAccessPolicy($request, $args, $roleAssignments, $submissionParameterName = 'submissionId')
{
parent::PKPSubmissionAccessPolicy($request, $args, $roleAssignments, $submissionParameterName);
$submissionAccessPolicy = $this->_baseSubmissionAccessPolicy;
//
// Series editor role
//
if (isset($roleAssignments[ROLE_ID_SUB_EDITOR])) {
// 1) Series editors can access all operations on submissions ...
$subEditorSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$subEditorSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SUB_EDITOR, $roleAssignments[ROLE_ID_SUB_EDITOR]));
// but only if ...
$subEditorAssignmentOrSeriesPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
// 2a) ... the requested submission is part of their series ...
import('classes.security.authorization.internal.SeriesAssignmentPolicy');
$subEditorAssignmentOrSeriesPolicy->addPolicy(new SeriesAssignmentPolicy($request));
// 2b) ... or they have been assigned to the requested submission.
import('classes.security.authorization.internal.UserAccessibleWorkflowStageRequiredPolicy');
$subEditorAssignmentOrSeriesPolicy->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request));
$subEditorSubmissionAccessPolicy->addPolicy($subEditorAssignmentOrSeriesPolicy);
$submissionAccessPolicy->addPolicy($subEditorSubmissionAccessPolicy);
}
$this->addPolicy($submissionAccessPolicy);
}
