/** * @covers PKPPublicAccessPolicy * @covers HandlerOperationPolicy */ public function testPKPPublicAccessPolicy() { // Mock a request to the permitted operation. $request = $this->getMockRequest('permittedOperation'); // Instantiate the policy. $policy = new PKPPublicAccessPolicy($request, 'permittedOperation'); // Test default message. self::assertEquals('user.authorization.privateOperation', $policy->getAdvice(AUTHORIZATION_ADVICE_DENY_MESSAGE)); // Test getters. self::assertEquals($request, $policy->getRequest()); self::assertEquals(array('permittedOperation'), $policy->getOperations()); // Test the effect with a public operation. self::assertEquals(AUTHORIZATION_PERMIT, $policy->effect()); // Test the effect with a private operation $request = $this->getMockRequest('privateOperation'); $policy = new PKPPublicAccessPolicy($request, 'permittedOperation'); self::assertEquals(AUTHORIZATION_DENY, $policy->effect()); }
/** * @see AuthorizationPolicy::effect() */ function effect() { // Retrieve the user from the session. $request =& $this->getRequest(); $user =& $request->getUser(); if (!is_a($user, 'User')) { return AUTHORIZATION_DENY; } // Execute handler operation checks. return parent::effect(); }
/** * @see AuthorizationPolicy::effect() */ function effect() { // Check whether the requested operation is a remote public operation. if (parent::effect() == AUTHORIZATION_DENY) { return AUTHORIZATION_DENY; } // Check whether an authentication token is present in the request. if (empty($this->authToken) || strlen($this->authToken) != 23) { return AUTHORIZATION_DENY; } // Try to authorize the process with the token. $processDao = DAORegistry::getDAO('ProcessDAO'); if ($processDao->authorizeProcess($this->authToken)) { return AUTHORIZATION_PERMIT; } // In all other cases deny access. return AUTHORIZATION_DENY; }