/**
  * @covers PKPPublicAccessPolicy
  * @covers HandlerOperationPolicy
  */
 public function testPKPPublicAccessPolicy()
 {
     // Mock a request to the permitted operation.
     $request = $this->getMockRequest('permittedOperation');
     // Instantiate the policy.
     $policy = new PKPPublicAccessPolicy($request, 'permittedOperation');
     // Test default message.
     self::assertEquals('user.authorization.privateOperation', $policy->getAdvice(AUTHORIZATION_ADVICE_DENY_MESSAGE));
     // Test getters.
     self::assertEquals($request, $policy->getRequest());
     self::assertEquals(array('permittedOperation'), $policy->getOperations());
     // Test the effect with a public operation.
     self::assertEquals(AUTHORIZATION_PERMIT, $policy->effect());
     // Test the effect with a private operation
     $request = $this->getMockRequest('privateOperation');
     $policy = new PKPPublicAccessPolicy($request, 'permittedOperation');
     self::assertEquals(AUTHORIZATION_DENY, $policy->effect());
 }
 /**
  * @see AuthorizationPolicy::effect()
  */
 function effect()
 {
     // Retrieve the user from the session.
     $request =& $this->getRequest();
     $user =& $request->getUser();
     if (!is_a($user, 'User')) {
         return AUTHORIZATION_DENY;
     }
     // Execute handler operation checks.
     return parent::effect();
 }
 /**
  * @see AuthorizationPolicy::effect()
  */
 function effect()
 {
     // Check whether the requested operation is a remote public operation.
     if (parent::effect() == AUTHORIZATION_DENY) {
         return AUTHORIZATION_DENY;
     }
     // Check whether an authentication token is present in the request.
     if (empty($this->authToken) || strlen($this->authToken) != 23) {
         return AUTHORIZATION_DENY;
     }
     // Try to authorize the process with the token.
     $processDao = DAORegistry::getDAO('ProcessDAO');
     if ($processDao->authorizeProcess($this->authToken)) {
         return AUTHORIZATION_PERMIT;
     }
     // In all other cases deny access.
     return AUTHORIZATION_DENY;
 }