/**
* Ensure that this page is available to the user.
*/
function validate()
{
parent::validate(true);
if (!Validation::isJournalManager()) {
Validation::redirectLogin();
}
}
/**
* Validate that user has admin privileges and is not trying to access the admin module with a journal selected.
* Redirects to the user index page if not properly authenticated.
*/
function validate()
{
parent::validate();
if (!Validation::isSiteAdmin() || Request::getRequestedJournalPath() != 'index') {
Validation::redirectLogin();
}
}
/**
* @see ReportPlugin::display()
*/
function display(&$args, &$request)
{
parent::display($args, $request);
$journal =& $request->getJournal();
if (!Validation::isSiteAdmin()) {
Validation::redirectLogin();
}
$this->setBreadcrumbs();
if ($request->getUserVar('type')) {
$oldStats = (bool) $request->getUserVar('useOldCounterStats');
$year = (string) $request->getUserVar('year');
$type = (string) $request->getUserVar('type');
switch ($type) {
case 'report':
$this->_report($request, $year, $oldStats);
break;
case 'reportxml':
$this->_reportXml($request, $year, $oldStats);
break;
case 'sushixml':
$this->_sushiXML($oldStats);
break;
}
} else {
$years = $this->_getYears();
$legacyYears = $this->_getYears(true);
$templateManager =& TemplateManager::getManager();
$templateManager->assign('years', $years);
if (!empty($legacyYears)) {
$templateManager->assign('legacyYears', $legacyYears);
}
$templateManager->display($this->getTemplatePath() . 'index.tpl');
}
}
/**
* Validate that user is logged in.
* Redirects to login form if not logged in.
* @param $loginCheck boolean check if user is logged in
*/
function validate($loginCheck = true)
{
parent::validate();
if ($loginCheck && !Validation::isLoggedIn()) {
Validation::redirectLogin();
}
}
/**
* Validate that user is a copyeditor in the selected journal.
* Redirects to user index page if not properly authenticated.
*/
function validate()
{
parent::validate();
$journal =& Request::getJournal();
if (!isset($journal) || !Validation::isCopyeditor($journal->getJournalId())) {
Validation::redirectLogin();
}
}
/**
* Validate that user has author permissions in the selected journal.
* Redirects to user index page if not properly authenticated.
*/
function validate($reason = null)
{
parent::validate();
$journal =& Request::getJournal();
if (!isset($journal) || !Validation::isAuthor($journal->getJournalId())) {
Validation::redirectLogin($reason);
}
return array(&$journal);
}
function index($args)
{
import('classes.payment.ojs.OJSPaymentManager');
$paymentManager =& OJSPaymentManager::getManager();
$journal =& Request::getJournal();
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("payment.loginRequired.forDonation");
}
$user =& Request::getUser();
$queuedPayment =& $paymentManager->createQueuedPayment($journal->getId(), PAYMENT_TYPE_DONATION, $user->getId(), 0, 0);
$queuedPaymentId = $paymentManager->queuePayment($queuedPayment);
$paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment);
}
/**
* If no conference is selected, display list of conferences.
* Otherwise, display the index page for the selected conference.
*/
function index()
{
$this->validate();
$conference = Request::getConference();
$user = Request::getUser();
if ($conference) {
$rtDao =& DAORegistry::getDAO('RTDAO');
$rt = $rtDao->getConferenceRTByConference($conference);
if (isset($rt)) {
$version = $rtDao->getVersion($rt->getVersion(), $conference->getId());
}
// Display the administration menu for this conference.
$this->setupTemplate();
$templateMgr =& TemplateManager::getManager();
$templateMgr->assign('helpTopicId', 'conference.generalManagement.readingTools');
$templateMgr->assign('versionTitle', isset($version) ? $version->getTitle() : null);
$templateMgr->assign('enabled', $rt->getEnabled());
$templateMgr->display('rtadmin/index.tpl');
} elseif ($user) {
// Display a list of conferences.
$conferenceDao =& DAORegistry::getDAO('ConferenceDAO');
$roleDao =& DAORegistry::getDAO('RoleDAO');
$conferences = array();
$allConferences =& $conferenceDao->getConferences();
$allConferences =& $allConferences->toArray();
foreach ($allConferences as $conference) {
if ($roleDao->roleExists($conference->getId(), 0, $user->getId(), ROLE_ID_CONFERENCE_MANAGER)) {
$conferences[] = $conference;
}
}
$this->setupTemplate();
$templateMgr =& TemplateManager::getManager();
$templateMgr->assign_by_ref('conferences', $conferences);
$templateMgr->assign('helpTopicId', 'conference.generalManagement.readingTools');
$templateMgr->display('rtadmin/conferences.tpl');
} else {
// Not logged in.
Validation::redirectLogin();
}
}
/**
* If no journal is selected, display list of journals.
* Otherwise, display the index page for the selected journal.
*/
function index()
{
$this->validate();
$journal = Request::getJournal();
$user = Request::getUser();
if ($journal) {
$rtDao =& DAORegistry::getDAO('RTDAO');
$rt = $rtDao->getJournalRTByJournal($journal);
if (isset($rt)) {
$version = $rtDao->getVersion($rt->getVersion(), $journal->getId());
}
// Display the administration menu for this journal.
$this->setupTemplate();
$templateMgr =& TemplateManager::getManager();
$templateMgr->assign('helpTopicId', 'journal.managementPages.readingTools');
$templateMgr->assign('versionTitle', isset($version) ? $version->getTitle() : null);
$templateMgr->assign('enabled', $rt->getEnabled());
$templateMgr->display('rtadmin/index.tpl');
} elseif ($user) {
// Display a list of journals.
$journalDao =& DAORegistry::getDAO('JournalDAO');
$roleDao =& DAORegistry::getDAO('RoleDAO');
$journals = array();
$allJournals =& $journalDao->getJournals();
$allJournals =& $allJournals->toArray();
foreach ($allJournals as $journal) {
if ($roleDao->roleExists($journal->getId(), $user->getId(), ROLE_ID_JOURNAL_MANAGER)) {
$journals[] = $journal;
}
}
$this->setupTemplate();
$templateMgr =& TemplateManager::getManager();
$templateMgr->assign_by_ref('journals', $journals);
$templateMgr->assign('helpTopicId', 'journal.managementPages.readingTools');
$templateMgr->display('rtadmin/journals.tpl');
} else {
// Not logged in.
Validation::redirectLogin();
}
}
/**
* If no journal is selected, display list of journals.
* Otherwise, display the index page for the selected journal.
*/
function index($args, $request)
{
$this->validate();
$journal = $request->getJournal();
$user = $request->getUser();
if ($journal) {
$rtDao = DAORegistry::getDAO('RTDAO');
$rt = $rtDao->getJournalRTByJournal($journal);
if (isset($rt)) {
$version = $rtDao->getVersion($rt->getVersion(), $journal->getId());
}
// Display the administration menu for this journal.
$this->setupTemplate($request);
$templateMgr = TemplateManager::getManager($request);
$templateMgr->assign('versionTitle', isset($version) ? $version->getTitle() : null);
$templateMgr->assign('enabled', $rt->getEnabled());
$templateMgr->display('rtadmin/index.tpl');
} elseif ($user) {
// Display a list of journals.
$journalDao = DAORegistry::getDAO('JournalDAO');
$roleDao = DAORegistry::getDAO('RoleDAO');
$journals = array();
$allJournals = $journalDao->getAll();
$allJournals = $allJournals->toArray();
foreach ($allJournals as $journal) {
if ($roleDao->userHasRole($journal->getId(), $user->getId(), ROLE_ID_MANAGER)) {
$journals[] = $journal;
}
}
$this->setupTemplate($request);
$templateMgr = TemplateManager::getManager($request);
$templateMgr->assign('journals', $journals);
$templateMgr->display('rtadmin/journals.tpl');
} else {
// Not logged in.
Validation::redirectLogin();
}
}
/**
* Validate that user is a section editor in the selected journal.
* Redirects to user index page if not properly authenticated.
*/
function validate()
{
parent::validate();
$journal =& Request::getJournal();
// FIXME This is kind of evil
$page = Request::getRequestedPage();
if (!isset($journal) || $page == 'sectionEditor' && !Validation::isSectionEditor($journal->getJournalId()) || $page == 'editor' && !Validation::isEditor($journal->getJournalId())) {
Validation::redirectLogin();
}
}
/**
* Validate that user is a track director in the selected conference.
* Redirects to user index page if not properly authenticated.
*/
function validate($request)
{
parent::validate();
$conference =& $request->getConference();
$schedConf =& $request->getSchedConf();
$page = $request->getRequestedPage();
if (!isset($conference) || !isset($schedConf)) {
Validation::redirectLogin();
}
if ($page == ROLE_PATH_TRACK_DIRECTOR && !Validation::isTrackDirector($conference->getId(), $schedConf->getId())) {
Validation::redirectLogin();
}
if ($page == ROLE_PATH_DIRECTOR && !Validation::isDirector($conference->getId(), $schedConf->getId())) {
Validation::redirectLogin();
}
}
/**
* Ensure that we have a journal, plugin is enabled, and user is editor.
*/
function authorize(&$request, &$args, $roleAssignments)
{
$journal =& $request->getJournal();
if (!isset($journal)) {
return false;
}
$bfrPlugin =& PluginRegistry::getPlugin('generic', BOOKS_FOR_REVIEW_PLUGIN_NAME);
if (!isset($bfrPlugin)) {
return false;
}
if (!$bfrPlugin->getEnabled()) {
return false;
}
if (!Validation::isEditor($journal->getId())) {
Validation::redirectLogin();
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* Display an authorization denied message.
* @param $args array
* @param $request Request
*/
function authorizationDenied($args, $request)
{
if (!Validation::isLoggedIn()) {
Validation::redirectLogin();
}
// Get message with sanity check (for XSS or phishing)
$authorizationMessage = $request->getUserVar('message');
if (!preg_match('/^[a-zA-Z0-9.]+$/', $authorizationMessage)) {
fatalError('Invalid locale key for auth message.');
}
$this->setupTemplate($request);
AppLocale::requireComponents(LOCALE_COMPONENT_PKP_USER);
$templateMgr = TemplateManager::getManager($request);
$templateMgr->assign('message', $authorizationMessage);
return $templateMgr->display('common/message.tpl');
}
/**
* Validate that user has permissions to manage the selected journal.
* Redirects to user index page if not properly authenticated.
*/
function validate()
{
parent::validate();
$journal =& Request::getJournal();
if (!$journal || !Validation::isJournalManager() && !Validation::isSiteAdmin()) {
Validation::redirectLogin();
}
}
/**
* Determines whether or not a user can view an issue galley.
* @param $request Request
*/
function userCanViewGalley($request)
{
import('classes.issue.IssueAction');
$issueAction = new IssueAction();
$journal = $request->getJournal();
$user = $request->getUser();
$userId = $user ? $user->getId() : 0;
$issue = $this->getAuthorizedContextObject(ASSOC_TYPE_ISSUE);
$galley = $this->getGalley();
// If this is an editorial user who can view unpublished issue galleys,
// bypass further validation
if ($issueAction->allowedIssuePrePublicationAccess($journal)) {
return true;
}
// Ensure reader has rights to view the issue galley
if ($issue->getPublished()) {
$subscriptionRequired = $issueAction->subscriptionRequired($issue);
$isSubscribedDomain = $issueAction->subscribedDomain($journal, $issue->getId());
// Check if login is required for viewing.
if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess')) {
Validation::redirectLogin();
}
// If no domain/ip subscription, check if user has a valid subscription
// or if the user has previously purchased the issue
if (!$isSubscribedDomain && $subscriptionRequired) {
// Check if user has a valid subscription
$subscribedUser = $issueAction->subscribedUser($journal, $issue->getId());
if (!$subscribedUser) {
// Check if payments are enabled,
import('classes.payment.ojs.OJSPaymentManager');
$paymentManager = new OJSPaymentManager($request);
if ($paymentManager->purchaseIssueEnabled() || $paymentManager->membershipEnabled()) {
// If only pdf files are being restricted, then approve all non-pdf galleys
// and continue checking if it is a pdf galley
if ($paymentManager->onlyPdfEnabled() && !$galley->isPdfGalley()) {
return true;
}
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("payment.loginRequired.forIssue");
}
// If the issue galley has been purchased, then allow reader access
$completedPaymentDao = DAORegistry::getDAO('OJSCompletedPaymentDAO');
$dateEndMembership = $user->getSetting('dateEndMembership', 0);
if ($completedPaymentDao->hasPaidPurchaseIssue($userId, $issue->getId()) || !is_null($dateEndMembership) && $dateEndMembership > time()) {
return true;
} else {
// Otherwise queue an issue purchase payment and display payment form
$queuedPayment =& $paymentManager->createQueuedPayment($journal->getId(), PAYMENT_TYPE_PURCHASE_ISSUE, $userId, $issue->getId(), $journal->getSetting('purchaseIssueFee'));
$queuedPaymentId = $paymentManager->queuePayment($queuedPayment);
$paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment);
exit;
}
}
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("reader.subscriptionRequiredLoginText");
}
$request->redirect(null, 'about', 'subscriptions');
}
}
} else {
$request->redirect(null, 'index');
}
return true;
}
/**
* @copydoc PKPRouter::handleAuthorizationFailure()
*/
function handleAuthorizationFailure($request, $authorizationMessage)
{
// Redirect to the authorization denied page.
if (!$request->getUser()) {
Validation::redirectLogin();
}
$request->redirect(null, 'user', 'authorizationDenied', null, array('message' => $authorizationMessage));
}
/**
* Perform data integrity checks.
*
* This method will be called once for every request only.
*
* NB: Any kind of authorization check is now deprecated
* within this method. This method is purely meant for data
* integrity checks that do not lead to denial of access
* to resources (e.g. via redirect) like handler operations
* or data objects.
*
* @param $requiredContexts array
* @param $request Request
*/
function validate($requiredContexts = null, $request = null)
{
// FIXME: for backwards compatibility only - remove when request/router refactoring complete
if (!isset($request)) {
// FIXME: Trigger a deprecation warning when enough instances of this
// call have been fixed to not clutter the error log.
$request =& Registry::get('request');
}
foreach ($this->_checks as $check) {
// Using authorization checks in the validate() method is deprecated
// FIXME: Trigger a deprecation warning.
// WARNING: This line is for PHP4 compatibility when
// instantiating handlers without reference. Should not
// be removed or otherwise used.
// See <http://pkp.sfu.ca/wiki/index.php/Information_for_Developers#Use_of_.24this_in_the_constructor>
// for a similar problem.
$check->_setHandler($this);
// check should redirect on fail and continue on pass
// default action is to redirect to the index page on fail
if (!$check->isValid()) {
if ($check->redirectToLogin) {
Validation::redirectLogin();
} else {
// An unauthorized page request will be re-routed
// to the index page.
$request->redirect(null, 'index');
}
}
}
return true;
}
/**
* Validation
* @see lib/pkp/classes/handler/PKPHandler#validate()
* @param $request Request
* @param $issueId int
* @param $galleyId int
*/
function validate($request, $issueId = null, $galleyId = null)
{
$returner = parent::validate(null, $request);
// Validate requests that don't specify an issue or galley
if (!$issueId && !$galleyId) {
return $returner;
}
// Require an issue id to continue
if (!$issueId) {
$request->redirect(null, 'index');
}
import('classes.issue.IssueAction');
$journal =& $request->getJournal();
$journalId = $journal->getId();
$user =& $request->getUser();
$userId = $user ? $user->getId() : 0;
$issue = null;
$galley = null;
// Get the issue
$issueDao =& DAORegistry::getDAO('IssueDAO');
if ($journal->getSetting('enablePublicIssueId')) {
$issue =& $issueDao->getIssueByBestIssueId($issueId, $journalId);
} else {
$issue =& $issueDao->getIssueById((int) $issueId, null, true);
}
// Invalid issue id, redirect to current issue
if (!$issue || !$this->_isVisibleIssue($issue, $journalId)) {
$request->redirect(null, null, 'current');
}
$this->setIssue($issue);
// If no issue galley id provided, then we're done
if (!$galleyId) {
return true;
}
// Get the issue galley
$galleyDao =& DAORegistry::getDAO('IssueGalleyDAO');
if ($journal->getSetting('enablePublicGalleyId')) {
$galley =& $galleyDao->getGalleyByBestGalleyId($galleyId, $issue->getId());
} else {
$galley =& $galleyDao->getGalley($galleyId, $issue->getId());
}
// Invalid galley id, redirect to issue page
if (!$galley) {
$request->redirect(null, null, 'view', $issueId);
}
$this->setGalley($galley);
// If this is an editorial user who can view unpublished issue galleys,
// bypass further validation
if (IssueAction::allowedIssuePrePublicationAccess($journal)) {
return true;
}
// Ensure reader has rights to view the issue galley
if ($issue->getPublished()) {
$subscriptionRequired = IssueAction::subscriptionRequired($issue);
$isSubscribedDomain = IssueAction::subscribedDomain($journal, $issueId);
// Check if login is required for viewing.
if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess')) {
Validation::redirectLogin();
}
// If no domain/ip subscription, check if user has a valid subscription
// or if the user has previously purchased the issue
if (!$isSubscribedDomain && $subscriptionRequired) {
// Check if user has a valid subscription
$subscribedUser = IssueAction::subscribedUser($journal, $issueId);
if (!$subscribedUser) {
// Check if payments are enabled,
import('classes.payment.ojs.OJSPaymentManager');
$paymentManager = new OJSPaymentManager($request);
if ($paymentManager->purchaseIssueEnabled() || $paymentManager->membershipEnabled()) {
// If only pdf files are being restricted, then approve all non-pdf galleys
// and continue checking if it is a pdf galley
if ($paymentManager->onlyPdfEnabled() && !$galley->isPdfGalley()) {
return true;
}
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("payment.loginRequired.forIssue");
}
// If the issue galley has been purchased, then allow reader access
$completedPaymentDao =& DAORegistry::getDAO('OJSCompletedPaymentDAO');
$dateEndMembership = $user->getSetting('dateEndMembership', 0);
if ($completedPaymentDao->hasPaidPurchaseIssue($userId, $issueId) || !is_null($dateEndMembership) && $dateEndMembership > time()) {
return true;
} else {
// Otherwise queue an issue purchase payment and display payment form
$queuedPayment =& $paymentManager->createQueuedPayment($journalId, PAYMENT_TYPE_PURCHASE_ISSUE, $userId, $issueId, $journal->getSetting('purchaseIssueFee'));
$queuedPaymentId = $paymentManager->queuePayment($queuedPayment);
$templateMgr =& TemplateManager::getManager();
$paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment);
exit;
}
}
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("reader.subscriptionRequiredLoginText");
}
$request->redirect(null, 'about', 'subscriptions');
}
}
} else {
$request->redirect(null, 'index');
}
return true;
}
/**
* Validation
* @see lib/pkp/classes/handler/PKPHandler#validate()
* @param $request Request
* @param $paperId integer
* @param $galleyId integer
*/
function validate(&$request, $paperId, $galleyId = null)
{
$router =& $request->getRouter();
parent::validate(null, $request);
$conference =& $router->getContext($request, CONTEXT_CONFERENCE);
$schedConf =& $router->getContext($request, CONTEXT_SCHED_CONF);
$conferenceId = $conference->getId();
$publishedPaperDao = DAORegistry::getDAO('PublishedPaperDAO');
if ($schedConf->getSetting('enablePublicPaperId')) {
$paper =& $publishedPaperDao->getPublishedPaperByBestPaperId($schedConf->getId(), $paperId, $schedConf->getSetting('previewAbstracts') ? true : false);
} else {
$paper =& $publishedPaperDao->getPublishedPaperByPaperId((int) $paperId, $schedConf->getId(), $schedConf->getSetting('previewAbstracts') ? true : false);
}
// if paper does not exist, is not published, or is not part of
// the right conference & sched conf, redirect to index.
if (isset($schedConf) && isset($paper) && isset($conference) && $paper->getSchedConfId() == $schedConf->getId() && $schedConf->getConferenceId() == $conference->getId()) {
// Check if login is required for viewing.
if (!Validation::isLoggedIn() && $schedConf->getSetting('restrictPaperAccess')) {
Validation::redirectLogin();
}
import('classes.schedConf.SchedConfAction');
$mayViewPaper = SchedConfAction::mayViewPapers($schedConf, $conference);
if (isset($galleyId) && $galleyId != 0 && !$mayViewPaper || (!isset($galleyId) || $galleyId == 0) && !SchedConfAction::mayViewProceedings($schedConf)) {
$this->setupTemplate($request);
$templateMgr =& TemplateManager::getManager($request);
$templateMgr->assign_by_ref('paper', $paper);
$templateMgr->assign_by_ref('schedConf', $schedConf);
$templateMgr->assign_by_ref('conference', $conference);
$templateMgr->display('paper/accessDenied.tpl');
exit;
}
} else {
$request->redirect(null, null, 'index');
}
$this->paper =& $paper;
return true;
}
function implicitAuth($hookname, $args)
{
// Set retuser to point to the user that was passed by reference
$retuser =& $args[0];
// Get the name of the field to use a UIN (primary key) from config file
$uin = Config::getVar('security', 'implicit_auth_header_uin');
// For TDL this is HTTP_TDL_TDLUID
if ($uin == "") {
die("Implicit Auth enabled in config file - but implicit_auth_uin not defined.");
}
// If we can't find the user's UIN - this is a problem - send back to login screen (for the lack of something better to do)
if (!isset($_SERVER[$uin])) {
syslog(LOG_ERR, "Implicit Auth enabled in config file - but expected header variables not found.");
Validation::logout();
Validation::redirectLogin();
}
// Get the header variable indicated by the config variable
$uid = $_SERVER[$uin];
// If we dont have a UIN in the header then we can't continue - so send them back to the login screen.
if ($uid == null) {
Validation::logout();
Validation::redirectLogin();
}
// Get email from header -- after consulting the map
$email_key = Config::getVar('security', 'implicit_auth_header_email');
if ($email_key == "") {
die("Implicit Auth enabled in config file - but email is not defined.");
}
$email = $_SERVER[$email_key];
// Get the user dao - so we can look up the user
$userDao =& DAORegistry::getDAO('UserDAO');
// Get user by auth string
$user =& $userDao->getUserByAuthStr($uid, true);
if (isset($user)) {
syslog(LOG_ERR, "Found user by uid: " . $uid . " Returning user.");
syslog(LOG_ERR, "Users UID: " . $user->getAuthStr());
// Go see if this user should be an admin
ShibAuthPlugin::implicitAuthAdmin($user->getId(), $user->getAuthStr());
$retuser = $user;
syslog(LOG_ERR, " In ShibAuthPlugin username: "******"") {
unset($user);
die("Implicit Auth: New email with existing UID");
}
$user->setAuthStr($uid);
$userDao->updateObject($user);
// Go see if this user should be made an admin
ShibAuthPlugin::implicitAuthAdmin($user->getId(), $user->getAuthStr());
$retuser = $user;
return true;
}
// User not found via UID or by email - so they are new - so just create them
$user = $this->registerUserFromShib();
// Go see if this new user should be made an admin
ShibAuthPlugin::implicitAuthAdmin($user->getId(), $user->getAuthStr());
$retuser = $user;
return true;
}
/**
* Validation
*/
function validate($articleId, $galleyId = null)
{
parent::validate(true);
import('issue.IssueAction');
$journal =& Request::getJournal();
$journalId = $journal->getJournalId();
$article = $publishedArticle = $issue = null;
$publishedArticleDao =& DAORegistry::getDAO('PublishedArticleDAO');
if ($journal->getSetting('enablePublicArticleId')) {
$publishedArticle =& $publishedArticleDao->getPublishedArticleByBestArticleId($journalId, $articleId);
} else {
$publishedArticle =& $publishedArticleDao->getPublishedArticleByArticleId((int) $articleId, $journalId);
}
$issueDao =& DAORegistry::getDAO('IssueDAO');
if (isset($publishedArticle)) {
$issue =& $issueDao->getIssueByArticleId($publishedArticle->getArticleId(), $journalId);
} else {
$articleDao =& DAORegistry::getDAO('ArticleDAO');
$article =& $articleDao->getArticle((int) $articleId, $journalId);
}
// If this is an editorial user who can view unpublished/unscheduled
// articles, bypass further validation.
if (($article || $publishedArticle) && IssueAction::allowedPrePublicationAccess($journal)) {
return array($journal, $issue, $publishedArticle ? $publishedArticle : $article);
}
// Make sure the reader has rights to view the article/issue.
if ($issue && $issue->getPublished()) {
$subscriptionRequired = IssueAction::subscriptionRequired($issue);
$isSubscribedDomain = IssueAction::subscribedDomain($journal, $issue->getIssueId(), $articleId);
// Check if login is required for viewing.
if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess') && isset($galleyId) && $galleyId != 0) {
Validation::redirectLogin();
}
// bypass all validation if subscription based on domain or ip is valid
// or if the user is just requesting the abstract
if (!$isSubscribedDomain && $subscriptionRequired && (isset($galleyId) && $galleyId != 0)) {
// Subscription Access
$subscribedUser = IssueAction::subscribedUser($journal, $issue->getIssueId(), $articleId);
if (!(!$subscriptionRequired || $publishedArticle->getAccessStatus() || $subscribedUser)) {
// if payment information is enabled,
import('payment.ojs.OJSPaymentManager');
$paymentManager =& OJSPaymentManager::getManager();
if ($paymentManager->purchaseArticleEnabled() || $paymentManager->membershipEnabled()) {
/* if only pdf files are being restricted, then approve all non-pdf galleys
* and continue checking if it is a pdf galley */
if ($paymentManager->onlyPdfEnabled()) {
$galleyDAO =& DAORegistry::getDAO('ArticleGalleyDAO');
$galley =& $galleyDAO->getGalley($galleyId, $articleId);
if ($galley && !$galley->isPdfGalley()) {
return array($journal, $issue, $publishedArticle);
}
}
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("payment.loginRequired.forArticle");
}
$user =& Request::getUser();
$userId = $user->getUserId();
/* if the article has been paid for then forget about everything else
* and just let them access the article */
$completedPaymentDAO =& DAORegistry::getDAO('OJSCompletedPaymentDAO');
if ($completedPaymentDAO->hasPaidPerViewArticle($userId, $articleId) || !is_null($user->getDateEndMembership()) && strtotime($user->getDateEndMembership()) > time()) {
return array($journal, $issue, $publishedArticle);
} else {
$queuedPayment =& $paymentManager->createQueuedPayment($journalId, PAYMENT_TYPE_PURCHASE_ARTICLE, $user->getUserId(), $articleId, $journal->getSetting('purchaseArticleFee'));
$queuedPaymentId = $paymentManager->queuePayment($queuedPayment);
$templateMgr =& TemplateManager::getManager();
$paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment);
exit;
}
}
if (!isset($galleyId) || $galleyId) {
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("reader.subscriptionRequiredLoginText");
}
Request::redirect(null, 'about', 'subscriptions');
}
}
}
} else {
Request::redirect(null, 'index');
}
return array($journal, $issue, $publishedArticle);
}
/**
* Perform request access validation based on security settings.
*
* This method will be called once for every request only.
*
* NB (non-page controllers only): The component router will call
* this method automatically thereby enforcing validation. This
* method will be call directly before the initialize() method.
*
* @param $requiredContexts array
* @param $request Request
*/
function validate($requiredContexts = null, $request = null)
{
// FIXME: for backwards compatibility only - remove when request/router refactoring complete
if (!isset($request)) {
if (Config::getVar('debug', 'deprecation_warnings')) {
trigger_error('Deprecated function call.');
}
$request =& Registry::get('request');
}
foreach ($this->_checks as $check) {
// WARNING: This line is for PHP4 compatibility when
// instantiating handlers without reference. Should not
// be removed or otherwise used.
// See <http://pkp.sfu.ca/wiki/index.php/Information_for_Developers#Use_of_.24this_in_the_constructor>
// for a similar proplem.
$check->_setHandler($this);
// check should redirect on fail and continue on pass
// default action is to redirect to the index page on fail
if (!$check->isValid()) {
$router =& $request->getRouter();
if (is_a($router, 'PKPPageRouter')) {
if ($check->redirectToLogin) {
Validation::redirectLogin();
} else {
// An unauthorized page request will be re-routed
// to the index page.
$request->redirect(null, 'index');
}
} else {
// Sub-controller requests should always be sufficiently
// authorized and valid when being called from a
// page. Otherwise we either hit a development error
// or somebody is trying to fake component calls.
// In both cases raising a fatal error is appropriate.
// NB: The check's redirection flag will be ignored
// for sub-controller requests.
if (!empty($check->message)) {
fatalError($check->message);
} else {
fatalError('Unauthorized access!');
}
}
}
}
return true;
}
/**
* Validation
*/
function validate($paperId)
{
parent::validate();
$conference =& Request::getConference();
$schedConf =& Request::getSchedConf();
$publishedPaperDao =& DAORegistry::getDAO('PublishedPaperDAO');
$paper =& $publishedPaperDao->getPublishedPaperByPaperId($paperId, $schedConf->getId(), $schedConf->getSetting('previewAbstracts'));
$this->paper =& $paper;
if ($paper == null) {
Request::redirect(null, null, 'index');
}
// Bring in comment and view constants
$commentDao =& DAORegistry::getDAO('CommentDAO');
$enableComments = $conference->getSetting('enableComments');
if (!$enableComments || !$paper->getEnableComments()) {
Request::redirect(null, null, 'index');
}
$restrictPaperAccess = $conference->getSetting('restrictPaperAccess');
if ($restrictPaperAccess && !Validation::isLoggedIn()) {
Validation::redirectLogin();
}
return true;
}
/**
* Validate that user is an editor in the selected journal and if the issue id is valid
* Redirects to issue create issue page if not properly authenticated.
* NOTE: As of OJS 2.2, Layout Editors are allowed if specified in args.
*/
function validate($issueId = null, $allowLayoutEditor = false)
{
$issue = null;
$journal =& Request::getJournal();
if (!isset($journal)) {
Validation::redirectLogin();
}
if (isset($issueId)) {
$issueDao =& DAORegistry::getDAO('IssueDAO');
$issue = $issueDao->getIssueById($issueId, $journal->getJournalId());
if (!$issue) {
Request::redirect(null, null, 'createIssue');
}
}
if (!Validation::isEditor($journal->getJournalId())) {
if (isset($journal) && $allowLayoutEditor && Validation::isLayoutEditor($journal->getJournalId())) {
// We're a Layout Editor. If specified, make sure that the issue is not published.
if ($issue && !$issue->getPublished()) {
Validation::redirectLogin();
}
} else {
Validation::redirectLogin();
}
}
return $issue;
}
/**
* Validate that user has site admin privileges or journal manager priveleges.
* Redirects to the user index page if not properly authenticated.
* @param $canRedirect boolean Whether or not to redirect if the user cannot be validated; if not, the script simply terminates.
*/
function validate($canRedirect = true)
{
parent::validate();
$journal =& Request::getJournal();
if (!Validation::isSiteAdmin()) {
if ($canRedirect) {
Validation::redirectLogin();
} else {
exit;
}
}
$plugin =& Registry::get('plugin');
$this->plugin =& $plugin;
return true;
}
/**
* Determines whether a user can view this article galley or not.
* @param $request Request
* @param $articleId string
* @param $galleyId int or string
*/
function userCanViewGalley($request, $articleId, $galleyId = null)
{
import('classes.issue.IssueAction');
$issueAction = new IssueAction();
$journal = $request->getJournal();
$publishedArticle = $this->article;
$issue = $this->issue;
$journalId = $journal->getId();
$user = $request->getUser();
$userId = $user ? $user->getId() : 0;
// If this is an editorial user who can view unpublished/unscheduled
// articles, bypass further validation. Likewise for its author.
if ($publishedArticle && $issueAction->allowedPrePublicationAccess($journal, $publishedArticle)) {
return true;
}
// Make sure the reader has rights to view the article/issue.
if ($issue && $issue->getPublished() && $publishedArticle->getStatus() == STATUS_PUBLISHED) {
$subscriptionRequired = $issueAction->subscriptionRequired($issue);
$isSubscribedDomain = $issueAction->subscribedDomain($journal, $issue->getId(), $publishedArticle->getId());
// Check if login is required for viewing.
if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess') && isset($galleyId) && $galleyId) {
Validation::redirectLogin();
}
// bypass all validation if subscription based on domain or ip is valid
// or if the user is just requesting the abstract
if (!$isSubscribedDomain && $subscriptionRequired && (isset($galleyId) && $galleyId)) {
// Subscription Access
$subscribedUser = $issueAction->subscribedUser($journal, $issue->getId(), $publishedArticle->getId());
import('classes.payment.ojs.OJSPaymentManager');
$paymentManager = new OJSPaymentManager($request);
$purchasedIssue = false;
if (!$subscribedUser && $paymentManager->purchaseIssueEnabled()) {
$completedPaymentDao = DAORegistry::getDAO('OJSCompletedPaymentDAO');
$purchasedIssue = $completedPaymentDao->hasPaidPurchaseIssue($userId, $issue->getId());
}
if (!(!$subscriptionRequired || $publishedArticle->getAccessStatus() == ARTICLE_ACCESS_OPEN || $subscribedUser || $purchasedIssue)) {
if ($paymentManager->purchaseArticleEnabled() || $paymentManager->membershipEnabled()) {
/* if only pdf files are being restricted, then approve all non-pdf galleys
* and continue checking if it is a pdf galley */
if ($paymentManager->onlyPdfEnabled()) {
if ($this->galley && !$this->galley->isPdfGalley()) {
$this->issue = $issue;
$this->article = $publishedArticle;
return true;
}
}
if (!Validation::isLoggedIn()) {
Validation::redirectLogin("payment.loginRequired.forArticle");
}
/* if the article has been paid for then forget about everything else
* and just let them access the article */
$completedPaymentDao = DAORegistry::getDAO('OJSCompletedPaymentDAO');
$dateEndMembership = $user->getSetting('dateEndMembership', 0);
if ($completedPaymentDao->hasPaidPurchaseArticle($userId, $publishedArticle->getId()) || !is_null($dateEndMembership) && $dateEndMembership > time()) {
$this->issue = $issue;
$this->article = $publishedArticle;
return true;
} else {
$queuedPayment = $paymentManager->createQueuedPayment($journalId, PAYMENT_TYPE_PURCHASE_ARTICLE, $user->getId(), $publishedArticle->getId(), $journal->getSetting('purchaseArticleFee'));
$queuedPaymentId = $paymentManager->queuePayment($queuedPayment);
$paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment);
exit;
}
}
if (!isset($galleyId) || $galleyId) {
if (!Validation::isLoggedIn()) {
Validation::redirectLogin('reader.subscriptionRequiredLoginText');
}
$request->redirect(null, 'about', 'subscriptions');
}
}
}
} else {
$request->redirect(null, 'search');
}
return true;
}
/**
* Validation
* @param $request PKPRequest
* @param $articleId int
*/
function validate(&$request, $articleId)
{
parent::validate();
$journal =& $request->getJournal();
$journalId = $journal->getId();
$journalSettingsDao =& DAORegistry::getDAO('JournalSettingsDAO');
$publishedArticleDao =& DAORegistry::getDAO('PublishedArticleDAO');
$article =& $publishedArticleDao->getPublishedArticleByArticleId($articleId);
// Bring in comment constants
$commentDao =& DAORegistry::getDAO('CommentDAO');
$enableComments = $journal->getSetting('enableComments');
if (!Validation::isLoggedIn() && $journalSettingsDao->getSetting($journalId, 'restrictArticleAccess') || $article && !$article->getEnableComments() || $enableComments != COMMENTS_ANONYMOUS && $enableComments != COMMENTS_AUTHENTICATED && $enableComments != COMMENTS_UNAUTHENTICATED) {
Validation::redirectLogin();
}
// Subscription Access
$issueDao =& DAORegistry::getDAO('IssueDAO');
$issue =& $issueDao->getIssueByArticleId($articleId);
if (isset($issue) && isset($article)) {
import('classes.issue.IssueAction');
$subscriptionRequired = IssueAction::subscriptionRequired($issue);
$subscribedUser = IssueAction::subscribedUser($journal, $issue->getId(), $articleId);
if (!(!$subscriptionRequired || $article->getAccessStatus() == ARTICLE_ACCESS_OPEN || $subscribedUser)) {
$request->redirect(null, 'index');
}
} else {
$request->redirect(null, 'index');
}
$this->issue =& $issue;
$this->article =& $article;
return true;
}
function survey()
{
if (Validation::isLoggedIn() === FALSE) {
Validation::redirectLogin();
}
$this->addCheck(new HandlerValidatorSchedConf($this));
$this->validate();
$conference =& Request::getConference();
$schedConf =& Request::getSchedConf();
$id = Request::getUserVar('id');
$navItems = $conference->getLocalizedSetting('navItems');
$navItem = $navItems[intval($id)];
$title = $navItem["name"];
$templateMgr =& TemplateManager::getManager();
//$templateMgr->assign('pageHierarchy', array(
// array(Request::url(null, 'index', 'index'), $conference->getConferenceTitle(), true),
// array(Request::url(null, null, 'index'), $schedConf->getSchedConfTitle(), true)));
SchedConfHandler::setupTemplate($conference, $schedConf);
//AppLocale::requireComponents(array(LOCALE_COMPONENT_OCS_DIRECTOR)); // FIXME: director.allTracks
$templateMgr->assign('pageHierarchyRoot', true);
$templateMgr->assign('pageHierarchy', array(array(Request::url(null, $conference->getSetting('path'), 'index'), AppLocale::Translate('navigation.home'), true), array(Request::url(null, null, 'index'), $title, true)));
//$data = Request::getUserVar('data');
$user = Request::getUser();
if ($user) {
$settingKey = 'survey_' . $conference->getId() . "_" . $id;
if (Request::getUserVar('save') !== null) {
$data = Request::getUserVar('data');
$user->updateSetting($settingKey, $data, 'string', $conference->getId());
} else {
$data = $user->getSetting($settingKey);
}
}
if (!$data) {
$data = '{}';
}
$templateMgr->assign('title', $title);
$templateMgr->assign('survey', $navItem["survey"]);
$templateMgr->assign('data', $data);
$templateMgr->assign('helpTopicId', 'conference.currentConferences.survey');
$templateMgr->display('schedConf/survey.tpl');
}
/**
* Perform data integrity checks.
*
* This method will be called once for every request only.
*
* NB: Any kind of authorization check is now deprecated
* within this method. This method is purely meant for data
* integrity checks that do not lead to denial of access
* to resources (e.g. via redirect) like handler operations
* or data objects.
*
* @param $requiredContexts array
* @param $request Request
*/
function validate($requiredContexts = null, $request = null)
{
// FIXME: for backwards compatibility only - remove when request/router refactoring complete
if (!isset($request)) {
$request =& Registry::get('request');
if (Config::getVar('debug', 'deprecation_warnings')) {
trigger_error('Deprecated call without request object.');
}
}
foreach ($this->_checks as $check) {
// Using authorization checks in the validate() method is deprecated
// FIXME: Trigger a deprecation warning.
// check should redirect on fail and continue on pass
// default action is to redirect to the index page on fail
if (!$check->isValid()) {
if ($check->redirectToLogin) {
Validation::redirectLogin();
} else {
// An unauthorized page request will be re-routed
// to the index page.
$request->redirect(null, 'index');
}
}
}
return true;
}
