/**
* Return the DBResultRange structure and misc. variables describing the current page of a set of pages.
* @param $rangeName string Symbolic name of range of pages; must match the Smarty {page_list ...} name.
* @param $contextData array If set, this should contain a set of data that are required to
* define the context of this request (for maintaining page numbers across requests).
* To disable persistent page contexts, set this variable to null.
* @return array ($pageNum, $dbResultRange)
*/
function &getRangeInfo($rangeName, $contextData = null)
{
//FIXME: is there any way to get around calling a Request (instead of a PKPRequest) here?
$context =& Request::getContext();
$pageNum = PKPRequest::getUserVar($rangeName . 'Page');
if (empty($pageNum)) {
$session =& PKPRequest::getSession();
$pageNum = 1;
// Default to page 1
if ($session && $contextData !== null) {
// See if we can get a page number from a prior request
$contextHash = PKPHandler::hashPageContext($contextData);
if (PKPRequest::getUserVar('clearPageContext')) {
// Explicitly clear the old page context
$session->unsetSessionVar("page-{$contextHash}");
} else {
$oldPage = $session->getSessionVar("page-{$contextHash}");
if (is_numeric($oldPage)) {
$pageNum = $oldPage;
}
}
}
} else {
$session =& PKPRequest::getSession();
if ($session && $contextData !== null) {
// Store the page number
$contextHash = PKPHandler::hashPageContext($contextData);
$session->setSessionVar("page-{$contextHash}", $pageNum);
}
}
if ($context) {
$count = $context->getSetting('itemsPerPage');
}
if (!isset($count)) {
$count = Config::getVar('interface', 'items_per_page');
}
import('db.DBResultRange');
if (isset($count)) {
$returner = new DBResultRange($count, $pageNum);
} else {
$returner = new DBResultRange(-1, -1);
}
return $returner;
}
/**
* Smarty usage: {csrf}
*
* Custom Smarty function for inserting a CSRF token.
* @param $params array associative array
* @param $smarty Smarty
* @return string of HTML
*/
function smartyCSRF($params, $smarty)
{
return '<input type="hidden" name="csrfToken" value="' . htmlspecialchars($this->_request->getSession()->getCSRFToken()) . '">';
}
/**
* @see AuthorizationPolicy::effect()
*/
function effect()
{
// Get the session
$session =& $this->_request->getSession();
// Retrieve the user from the session.
$user =& $session->getUser();
// Check that the user group exists and
// that the currently logged in user has been
// assigned to it.
$userGroupDao = DAORegistry::getDAO('UserGroupDAO');
// If any of the above objects is not present then
// we deny access. This is regularly the case if the
// user is not logged in (=no user object).
foreach (array($session, $user, $userGroupDao) as $requiredObject) {
if (is_null($requiredObject)) {
return AUTHORIZATION_DENY;
}
}
// Retrieve the acting as user group id saved
// in the session.
$actingAsUserGroupId = $session->getActingAsUserGroupId();
// Get the context (assumed to be authorized!).
$router =& $this->_request->getRouter();
$context =& $router->getContext($this->_request);
// Check whether the user still is in the group we found in the session.
// This is necessary because the user might have switched contexts
// also. User group assignments are per context and we have to make sure
// that the user really has the role in the current context.
if (is_integer($actingAsUserGroupId) && $actingAsUserGroupId > 0) {
if (is_null($context)) {
$application =& PKPApplication::getApplication();
if ($application->getContextDepth() > 0) {
// Handle site-wide user groups.
$userInGroup = $userGroupDao->userInGroup(0, $user->getId(), $actingAsUserGroupId);
} else {
// Handle apps that don't use context.
$userInGroup = $userGroupDao->userInGroup($user->getId(), $actingAsUserGroupId);
}
} else {
// Handle context-specific user groups.
$userInGroup = $userGroupDao->userInGroup($context->getId(), $user->getId(), $actingAsUserGroupId);
}
// Invalidate the current user group if the user is not in this
// group for the requested context.
if (!$userInGroup) {
$actingAsUserGroupId = null;
} else {
// Retrieve the user group
if (is_null($context)) {
// Handle apps that don't use context or site-wide groups.
$userGroup =& $userGroupDao->getById($actingAsUserGroupId);
} else {
// Handle context-specific groups.
$userGroup =& $userGroupDao->getById($actingAsUserGroupId, $context->getId());
}
}
}
// Get the user's default group if no user group is set or
// if the previous user group was invalid.
if (!(is_integer($actingAsUserGroupId) && $actingAsUserGroupId > 0)) {
// Retrieve the user's groups for the current context.
if (is_null($context)) {
// Handle apps that don't use context or site-wide groups.
$userGroups =& $userGroupDao->getByUserId($user->getId());
} else {
// Handle context-specific groups.
$userGroups =& $userGroupDao->getByUserId($user->getId(), $context->getId());
}
// We use the first user group as default user group.
$defaultUserGroup =& $userGroups->next();
$actingAsUserGroupId = $defaultUserGroup->getId();
// Set the acting as user group
$session->setActingAsUserGroupId($actingAsUserGroupId);
$userGroup =& $defaultUserGroup;
}
// Deny access if we didn't find a valid user group for the user.
if (!is_a($userGroup, 'UserGroup')) {
return AUTHORIZATION_DENY;
}
// Add the user group to the authorization context
$this->addAuthorizedContextObject(ASSOC_TYPE_USER_GROUP, $userGroup);
return AUTHORIZATION_PERMIT;
}
