/**
* Identifies a submission id in the request.
* @return integer|false returns false if no valid submission id could be found.
*/
function getSubmissionId()
{
// Identify the submission id.
$router =& $this->_request->getRouter();
switch (true) {
case is_a($router, 'PKPPageRouter'):
if (is_numeric($this->_request->getUserVar($this->_submissionParameterName))) {
// We may expect a submission id in the user vars
return (int) $this->_request->getUserVar($this->_submissionParameterName);
} else {
if (isset($this->_args[0]) && is_numeric($this->_args[0])) {
// Or the submission id can be expected as the first path in the argument list
return (int) $this->_args[0];
}
}
break;
case is_a($router, 'PKPComponentRouter'):
// We expect a named submission id argument.
if (isset($this->_args[$this->_submissionParameterName]) && is_numeric($this->_args[$this->_submissionParameterName])) {
return (int) $this->_args[$this->_submissionParameterName];
}
break;
default:
assert(false);
}
return false;
}
/**
* Identifies a submission id in the request.
* @return integer|false returns false if no valid submission id could be found.
*/
function getDataObjectId()
{
// Identify the data object id.
$router = $this->_request->getRouter();
switch (true) {
case is_a($router, 'PKPPageRouter'):
if (ctype_digit((string) $this->_request->getUserVar($this->_parameterName))) {
// We may expect a object id in the user vars
return (int) $this->_request->getUserVar($this->_parameterName);
} else {
if (isset($this->_args[0]) && ctype_digit((string) $this->_args[0])) {
// Or the object id can be expected as the first path in the argument list
return (int) $this->_args[0];
}
}
break;
case is_a($router, 'PKPComponentRouter'):
// We expect a named object id argument.
if (isset($this->_args[$this->_parameterName]) && ctype_digit((string) $this->_args[$this->_parameterName])) {
return (int) $this->_args[$this->_parameterName];
}
break;
default:
assert(false);
}
return false;
}
/**
* Display upgrade form.
*/
function upgrade()
{
$this->validate();
$this->setupTemplate();
if (($setLocale = PKPRequest::getUserVar('setLocale')) != null && AppLocale::isLocaleValid($setLocale)) {
PKPRequest::setCookieVar('currentLocale', $setLocale);
}
$installForm = new UpgradeForm();
$installForm->initData();
$installForm->display();
}
/**
* @see AuthorizationPolicy::effect()
*/
function effect()
{
$router =& $this->_request->getRouter();
// Get the press.
$press =& $router->getContext($this->_request);
if (!is_a($press, 'Press')) {
return AUTHORIZATION_DENY;
}
// Get the authorized user group.
$userGroup = $this->getAuthorizedContextObject(ASSOC_TYPE_USER_GROUP);
if (!is_integer($userGroup, 'UserGroup')) {
return AUTHORIZATION_DENY;
}
// Retrieve the requested workflow stage.
switch (true) {
case is_a($router, 'PKPPageRouter'):
// We expect the requested page to be a valid workflow path.
$stagePath = $router->getRequestedPage($this->_request);
break;
case is_a($router, 'PKPComponentRouter'):
// We expect a named 'workflowStage' argument.
$stagePath = $this->_request->getUserVar('workflowStage');
break;
default:
assert(false);
}
$stageId = UserGroupStageAssignmentDAO::getIdFromPath($stagePath);
if (!is_integer($stageId)) {
return AUTHORIZATION_DENY;
}
// Only grant access to workflow stages that have been explicitly
// assigned to the authorized user group in the press setup.
$userGroupStageAssignmentDao =& DAORegistry::getDAO('UserGroupStageAssignmentDAO');
if ($userGroupStageAssignmentDao->assignmentExists($press->getId(), $userGroup->getId(), $stageId)) {
return AUTHORIZATION_PERMIT;
} else {
return AUTHORIZATION_DENY;
}
}
/**
*
* @param PKPRequest $request
* @param array $args
* @param array $roleAssignments
* @param int bitfield $mode
* @param string $fileIdAndRevision
* @param string $submissionParameterName
*/
function buildFileAccessPolicy($request, $args, $roleAssignments, $mode, $fileIdAndRevision, $submissionParameterName)
{
// We need a submission matching the file in the request.
import('lib.pkp.classes.security.authorization.internal.SubmissionRequiredPolicy');
$this->addPolicy(new SubmissionRequiredPolicy($request, $args, $submissionParameterName));
import('lib.pkp.classes.security.authorization.internal.SubmissionFileMatchesSubmissionPolicy');
$this->addPolicy(new SubmissionFileMatchesSubmissionPolicy($request, $fileIdAndRevision));
// Authors, managers and series editors potentially have
// access to submission files. We'll have to define
// differentiated policies for those roles in a policy set.
$fileAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
//
// Managerial role
//
if (isset($roleAssignments[ROLE_ID_MANAGER])) {
// Managers have all access to all submissions.
$fileAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_MANAGER, $roleAssignments[ROLE_ID_MANAGER]));
}
//
// Author role
//
if (isset($roleAssignments[ROLE_ID_AUTHOR])) {
// 1) Author role user groups can access whitelisted operations ...
$authorFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$authorFileAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_AUTHOR, $roleAssignments[ROLE_ID_AUTHOR]));
// 2) ...if they are assigned to the workflow stage. Note: This loads the application-specific policy class.
import('classes.security.authorization.WorkflowStageAccessPolicy');
$authorFileAccessPolicy->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $request->getUserVar('stageId')));
// 3) ...and if they meet one of the following requirements:
$authorFileAccessOptionsPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
// 3a) If the file was uploaded by the current user, allow...
import('lib.pkp.classes.security.authorization.internal.SubmissionFileUploaderAccessPolicy');
$authorFileAccessOptionsPolicy->addPolicy(new SubmissionFileUploaderAccessPolicy($request, $fileIdAndRevision));
// 3b) ...or if the file is a file in a review round with requested revision decision, allow...
// Note: This loads the application-specific policy class
import('classes.security.authorization.internal.SubmissionFileRequestedRevisionRequiredPolicy');
$authorFileAccessOptionsPolicy->addPolicy(new SubmissionFileRequestedRevisionRequiredPolicy($request, $fileIdAndRevision));
// ...or if we don't want to modify the file...
if (!($mode & SUBMISSION_FILE_ACCESS_MODIFY)) {
// 3c) ...and the file is at submission stage...
import('lib.pkp.classes.security.authorization.internal.SubmissionFileSubmissionStageRequiredPolicy');
$authorFileAccessOptionsPolicy->addPolicy(new SubmissionFileSubmissionStageRequiredPolicy($request, $fileIdAndRevision));
// 3d) ...or the file is a viewable reviewer response...
import('lib.pkp.classes.security.authorization.internal.SubmissionFileViewableReviewerResponseRequiredPolicy');
$authorFileAccessOptionsPolicy->addPolicy(new SubmissionFileViewableReviewerResponseRequiredPolicy($request, $fileIdAndRevision));
// 3e) ...or if the file is part of a signoff assigned to the user, allow.
import('lib.pkp.classes.security.authorization.internal.SubmissionFileAssignedAuditorAccessPolicy');
$authorFileAccessOptionsPolicy->addPolicy(new SubmissionFileAssignedAuditorAccessPolicy($request, $fileIdAndRevision));
}
// Add the rules from 3)
$authorFileAccessPolicy->addPolicy($authorFileAccessOptionsPolicy);
$fileAccessPolicy->addPolicy($authorFileAccessPolicy);
}
//
// Reviewer role
//
if (isset($roleAssignments[ROLE_ID_REVIEWER])) {
// 1) Reviewers can access whitelisted operations ...
$reviewerFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$reviewerFileAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_REVIEWER, $roleAssignments[ROLE_ID_REVIEWER]));
// 2) ...if they meet one of the following requirements:
$reviewerFileAccessOptionsPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
// 2a) If the file was uploaded by the current user, allow.
import('lib.pkp.classes.security.authorization.internal.SubmissionFileUploaderAccessPolicy');
$reviewerFileAccessOptionsPolicy->addPolicy(new SubmissionFileUploaderAccessPolicy($request, $fileIdAndRevision));
// 2b) If the file is part of an assigned review, and we're not
// trying to modify it, allow.
import('lib.pkp.classes.security.authorization.internal.SubmissionFileAssignedReviewerAccessPolicy');
if (!($mode & SUBMISSION_FILE_ACCESS_MODIFY)) {
$reviewerFileAccessOptionsPolicy->addPolicy(new SubmissionFileAssignedReviewerAccessPolicy($request, $fileIdAndRevision));
}
// Add the rules from 2)
$reviewerFileAccessPolicy->addPolicy($reviewerFileAccessOptionsPolicy);
// Add this policy set
$fileAccessPolicy->addPolicy($reviewerFileAccessPolicy);
}
//
// Assistant role.
//
if (isset($roleAssignments[ROLE_ID_ASSISTANT])) {
// 1) Assistants can access whitelisted operations...
$contextAssistantFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$contextAssistantFileAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_ASSISTANT, $roleAssignments[ROLE_ID_ASSISTANT]));
// 2) ... but only if they have been assigned to the submission workflow.
// Note: This loads the application-specific policy class
import('classes.security.authorization.WorkflowStageAccessPolicy');
$contextAssistantFileAccessPolicy->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $request->getUserVar('stageId')));
$fileAccessPolicy->addPolicy($contextAssistantFileAccessPolicy);
}
return $fileAccessPolicy;
}
/**
* Fetches the application-specific submission id from the request object.
* Should be overridden by subclasses.
* @param PKPRequest $request
* @return int
*/
function getRequestedSubmissionId($request)
{
return $request->getUserVar('submissionId');
}
/**
* Return the DBResultRange structure and misc. variables describing the current page of a set of pages.
* @param $rangeName string Symbolic name of range of pages; must match the Smarty {page_list ...} name.
* @param $contextData array If set, this should contain a set of data that are required to
* define the context of this request (for maintaining page numbers across requests).
* To disable persistent page contexts, set this variable to null.
* @return array ($pageNum, $dbResultRange)
*/
function &getRangeInfo($rangeName, $contextData = null)
{
//FIXME: is there any way to get around calling a Request (instead of a PKPRequest) here?
$context =& Request::getContext();
$pageNum = PKPRequest::getUserVar($rangeName . 'Page');
if (empty($pageNum)) {
$session =& PKPRequest::getSession();
$pageNum = 1;
// Default to page 1
if ($session && $contextData !== null) {
// See if we can get a page number from a prior request
$contextHash = PKPHandler::hashPageContext($contextData);
if (PKPRequest::getUserVar('clearPageContext')) {
// Explicitly clear the old page context
$session->unsetSessionVar("page-{$contextHash}");
} else {
$oldPage = $session->getSessionVar("page-{$contextHash}");
if (is_numeric($oldPage)) {
$pageNum = $oldPage;
}
}
}
} else {
$session =& PKPRequest::getSession();
if ($session && $contextData !== null) {
// Store the page number
$contextHash = PKPHandler::hashPageContext($contextData);
$session->setSessionVar("page-{$contextHash}", $pageNum);
}
}
if ($context) {
$count = $context->getSetting('itemsPerPage');
}
if (!isset($count)) {
$count = Config::getVar('interface', 'items_per_page');
}
import('db.DBResultRange');
if (isset($count)) {
$returner = new DBResultRange($count, $pageNum);
} else {
$returner = new DBResultRange(-1, -1);
}
return $returner;
}
/**
* Connector from AnthroNet. Receives a token in the 'token' query string argument
* that is used to fetch author information via SOAP, create/or validate the author login,
* and redirect to author home page.
* @param array $args
* @param PKPRequest $request
*/
function objectsForReviewLogin($args, $request)
{
$token = $request->getUserVar('token');
if ($token) {
$authToken = $this->_doAuthenticate();
if ($authToken) {
$user = $this->_doUserRequest($token, $authToken);
if ($user) {
$sessionManager =& SessionManager::getManager();
$sessionManager->regenerateSessionId();
$session =& $sessionManager->getUserSession();
$session->setSessionVar('userId', $user->getId());
$session->setUserId($user->getId());
$session->setSessionVar('username', $user->getUsername());
$request->redirect(null, 'objectsForReview');
// place them on the landing page for available objects.
} else {
$request->redirect(null, 'user');
}
}
}
}
/**
* @see AuthorizationPolicy::effect()
*/
function effect()
{
// Check if the signoff exists
$signoffDao = DAORegistry::getDAO('SignoffDAO');
/* @var $signoffDao SignoffDAO */
$signoff = $signoffDao->getById($this->_request->getUserVar('signoffId'));
$baseSignoff =& $signoff;
// Check that the signoff exists
if (!is_a($signoff, 'Signoff')) {
return AUTHORIZATION_DENY;
}
// Check that we know what the current context is
$context = $this->_request->getContext();
if (!is_a($context, 'Context')) {
return AUTHORIZATION_DENY;
}
// Ensure that the signoff belongs to the current context
$signoffDao = DAORegistry::getDAO('SignoffDAO');
$submissionFileDao = DAORegistry::getDAO('SubmissionFileDAO');
$submissionDao = Application::getSubmissionDAO();
while (true) {
switch ($signoff->getAssocType()) {
case ASSOC_TYPE_SIGNOFF:
// This signoff is attached to another signoff.
// We need to determine that the attached
// signoff belongs to the current context.
$newSignoff = $signoffDao->getById($signoff->getAssocId());
if (!is_a($newSignoff, 'Signoff')) {
return AUTHORIZATION_DENY;
}
// Flip the reference so that the new object
// gets authorized.
unset($signoff);
$signoff =& $newSignoff;
unset($newSignoff);
break;
case ASSOC_TYPE_SUBMISSION_FILE:
// Get the submission file
$submissionFile =& $submissionFileDao->getLatestRevision($signoff->getAssocId());
if (!is_a($submissionFile, 'SubmissionFile')) {
return AUTHORIZATION_DENY;
}
// Get the submission
$submission = $submissionDao->getById($submissionFile->getSubmissionId(), $context->getId());
if (!is_a($submission, 'Submission')) {
return AUTHORIZATION_DENY;
}
// Integrity checks OK. Permit.
$this->addAuthorizedContextObject(ASSOC_TYPE_SIGNOFF, $baseSignoff);
return AUTHORIZATION_PERMIT;
case ASSOC_TYPE_SUBMISSION:
$submission = $submissionDao->getById($signoff->getAssocId());
if (!is_a($submission, 'Submission')) {
return AUTHORIZATION_DENY;
}
if ($submission->getContextId() != $context->getId()) {
return AUTHORIZATION_DENY;
}
// Checks out OK. Permit.
$this->addAuthorizedContextObject(ASSOC_TYPE_SIGNOFF, $baseSignoff);
return AUTHORIZATION_PERMIT;
default:
return AUTHORIZATION_DENY;
}
}
}
/**
* Batch import from an ONIX XML export.
* @param array $args
* @param PKPRequest $request
*/
function uploadONIXObjectForReview($args, &$request)
{
$user = $request->getUser();
$journal =& $request->getJournal();
$ofrOrgDao =& DAORegistry::getDAO('ObjectForReviewOrganizationDAO');
$ofrPlugin =& $this->_getObjectsForReviewPlugin();
$ofrPlugin->import('classes.form.ObjectForReviewForm');
$reviewObjectTypeId = (int) $request->getUserVar('reviewObjectTypeId');
import('classes.file.TemporaryFileManager');
$temporaryFileManager = new TemporaryFileManager();
$temporaryFile = $temporaryFileManager->handleUpload('onixFile', $user->getId());
$filePath = $temporaryFile->getFilePath();
$parser = new XMLParser();
$doc =& $parser->parse($filePath);
$multiple = $request->getUserVar('multiple');
if ($doc) {
// Determine if we have short or long tags.
$productNodes = $doc->getChildByName('product');
$shortTags = $productNodes ? true : false;
for ($index = 0; $productNode = $doc->getChildByName($this->_getOnixTag('Product', $shortTags), $index); $index++) {
$importData = array();
if ($productNode) {
$publisherNode = $productNode->getChildByName($this->_getOnixTag('Publisher', $shortTags));
if ($publisherNode) {
$publisherNameNode = $publisherNode->getChildByName($this->_getOnixTag('PublisherName', $shortTags));
if ($publisherNameNode) {
$publisher = $publisherNameNode->getValue();
$organization =& $ofrOrgDao->getOrganizationByName(trim($publisher));
if ($organization) {
$importData['publisherId'] = $organization->getId();
}
}
}
$websiteNode = $publisherNode->getChildByName($this->_getOnixTag('Website', $shortTags));
if ($websiteNode) {
$websiteLinkNode = $websiteNode->getChildByName($this->_getOnixTag('WebsiteLink', $shortTags));
$websiteLink = $websiteLinkNode->getValue();
$importData['book_publisher_url'] = $websiteLink;
}
$titleNode = $productNode->getChildByName($this->_getOnixTag('Title', $shortTags));
if ($titleNode) {
$titleTextNode = $titleNode->getChildByName($this->_getOnixTag('TitleText', $shortTags));
$title = $titleTextNode->getValue();
$importData['title'] = $title;
}
$subTitleNode = $titleNode->getChildByName($this->_getOnixTag('Subtitle', $shortTags));
if ($subTitleNode) {
$subTitle = $subTitleNode->getValue();
$importData['shortTitle'] = $subTitle;
}
$seriesNode = $productNode->getChildByName($this->_getOnixTag('Series', $shortTags));
if ($seriesNode) {
$seriesTextNode = $seriesNode->getChildByName($this->_getOnixTag('TitleOfSeries', $shortTags));
$series = $seriesTextNode->getValue();
$importData['book_series'] = $series;
}
$languageNode = $productNode->getChildByName($this->_getOnixTag('Language', $shortTags));
if ($languageNode) {
$languageCodeNode = $languageNode->getChildByName($this->_getOnixTag('LanguageCode', $shortTags));
$language = $languageCodeNode->getValue();
$importData['language'] = substr($language, 0, 2);
} else {
$importData['language'] = 'en';
}
$pageNode = $productNode->getChildByName($this->_getOnixTag('NumberOfPages', $shortTags));
if ($pageNode) {
$pages = $pageNode->getValue();
$importData['book_pages_no'] = $pages;
}
// Abstract. Look for OtherText with
// sub element of TextTypeCode of '01' (main description)
$abstract = '';
for ($authorIndex = 0; $node = $productNode->getChildByName($this->_getOnixTag('OtherText', $shortTags), $authorIndex); $authorIndex++) {
$typeNode = $node->getChildByName($this->_getOnixTag('TextTypeCode', $shortTags));
if ($typeNode && $typeNode->getValue() == '01') {
$textNode = $node->getChildByName($this->_getOnixTag('Text', $shortTags));
if ($textNode) {
$abstract = strip_tags($textNode->getValue());
}
break;
}
}
$importData['abstract'] = $abstract;
// ISBN-13
for ($productIdentifierIndex = 0; $node = $productNode->getChildByName($this->_getOnixTag('ProductIdentifier', $shortTags), $productIdentifierIndex); $productIdentifierIndex++) {
$idTypeNode = $node->getChildByName($this->_getOnixTag('ProductIDType', $shortTags));
if ($idTypeNode && $idTypeNode->getValue() == '15') {
// ISBN-13
$textNode = $node->getChildByName($this->_getOnixTag('IDValue', $shortTags));
if ($textNode) {
$importData['book_isbn'] = $textNode->getValue();
}
break;
}
}
// Subjects
$importData['subjectKeywords'] = '';
$subjects = array();
for ($subjectIndex = 0; $node = $productNode->getChildByName($this->_getOnixTag('Subject', $shortTags), $subjectIndex); $subjectIndex++) {
$textNode = $node->getChildByName($this->_getOnixTag('SubjectHeadingText', $shortTags));
if ($textNode) {
$subjects[] = $textNode->getValue();
}
}
$importData['subjectKeywords'] = join(', ', $subjects);
$publicationDateNode = $productNode->getChildByName($this->_getOnixTag('PublicationDate', $shortTags));
if ($publicationDateNode) {
$publicationDate = $publicationDateNode->getValue();
$importData['date'] = $publicationDate;
}
// Contributors.
$persons = array();
for ($authorIndex = 0; $node = $productNode->getChildByName($this->_getOnixTag('Contributor', $shortTags), $authorIndex); $authorIndex++) {
$firstNameNode = $node->getChildByName($this->_getOnixTag('NamesBeforeKey', $shortTags));
if ($firstNameNode) {
$firstName = $firstNameNode->getValue();
}
$lastNameNode = $node->getChildByName($this->_getOnixTag('KeyNames', $shortTags));
if ($lastNameNode) {
$lastName = $lastNameNode->getValue();
}
$seqNode = $node->getChildByName($this->_getOnixTag('SequenceNumber', $shortTags));
if ($seqNode) {
$seq = $seqNode->getValue();
}
$contributorRoleNode = $node->getChildByName($this->_getOnixTag('ContributorRole', $shortTags));
$contributorRole = '';
if ($contributorRoleNode) {
switch ($contributorRoleNode->getValue()) {
case 'A01':
$contributorRole = '1';
break;
case 'B01':
$contributorRole = '3';
break;
case 'B09':
$contributorRole = '4';
break;
case 'B06':
$contributorRole = '5';
break;
default:
$contributorRole = '2';
// Contributor
break;
}
}
$persons[] = array('personId' => '', 'role' => $contributorRole, 'firstName' => $firstName, 'middleName' => '', 'lastName' => $lastName, 'seq' => (int) $seq);
unset($node);
}
$importData['persons'] = $persons;
if (!$multiple) {
$temporaryFileManager->deleteFile($temporaryFile->getId(), $user->getId());
$this->editObjectForReview($args, &$request, $importData);
break;
} else {
// we are processing more than one Product. Instaniate the form and let it
// handle the object creation.
$ofrForm = new ObjectForReviewForm($ofrPlugin->getName(), null, $reviewObjectTypeId, $importData);
$ofrForm->initData();
$ofrForm->execute();
}
} else {
$request->redirect(null, 'editor', 'objectsForReview', 'onixError');
}
}
$request->redirect(null, 'editor', 'objectsForReview');
} else {
// this deleteFile is only called if the document does not parse.
$temporaryFileManager->deleteFile($temporaryFile->getId(), $user->getId());
$request->redirect(null, 'editor', 'objectsForReview');
}
}
