| public authorize ( $request, &$args, $roleAssignments, $enforceRestrictedSite = true ) |
/**
* @see PKPHandler::authorize()
* @param $request PKPRequest
* @param $args array
* @param $roleAssignments array
*/
function authorize(&$request, $args, $roleAssignments)
{
$stageId = $request->getUserVar('stageId');
import('classes.security.authorization.OmpWorkflowStageAccessPolicy');
$this->addPolicy(new OmpWorkflowStageAccessPolicy($request, $args, $roleAssignments, 'monographId', $stageId));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.ContextAccessPolicy');
$this->addPolicy(new ContextAccessPolicy($request, $roleAssignments));
$operation = $request->getRequestedOp();
$workflowStageRequiredOps = array('assignStage', 'unassignStage');
if (in_array($operation, $workflowStageRequiredOps)) {
import('lib.pkp.classes.security.authorization.internal.WorkflowStageRequiredPolicy');
$this->addPolicy(new WorkflowStageRequiredPolicy($request->getUserVar('stageId')));
}
$userGroupRequiredOps = array_merge($workflowStageRequiredOps, array('editUserGroup', 'updateUserGroup', 'removeUserGroup'));
if (in_array($operation, $userGroupRequiredOps)) {
// Validate the user group object.
$userGroupId = $request->getUserVar('userGroupId');
$userGroupDao = DAORegistry::getDAO('UserGroupDAO');
/* @var $userGroupDao UserGroupDAO */
$userGroup = $userGroupDao->getById($userGroupId);
if (!$userGroup) {
fatalError('Invalid user group id!');
} else {
$this->_userGroup = $userGroup;
}
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
$stageId = (int) $request->getUserVar('stageId');
import('lib.pkp.classes.security.authorization.WorkflowStageAccessPolicy');
$this->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
* @param $contextRequired boolean
*/
function authorize($request, &$args, $roleAssignments, $contextRequired = true)
{
if ($contextRequired) {
import('lib.pkp.classes.security.authorization.ContextAccessPolicy');
$this->addPolicy(new ContextAccessPolicy($request, $roleAssignments));
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
$stageId = $request->getUserVar('stageId');
// This is being validated in WorkflowStageAccessPolicy
// Get the access policy
import('lib.pkp.classes.security.authorization.QueryAccessPolicy');
$this->addPolicy(new QueryAccessPolicy($request, $args, $roleAssignments, $stageId));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
$this->_request = $request;
import('lib.pkp.classes.security.authorization.WorkflowStageAccessPolicy');
$this->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', WORKFLOW_STAGE_ID_PRODUCTION));
if ($request->getUserVar('representationId')) {
import('lib.pkp.classes.security.authorization.internal.RepresentationRequiredPolicy');
$this->addPolicy(new RepresentationRequiredPolicy($request, $args));
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @see PKPHandler::authorize()
* @param $request PKPRequest
* @param $args array
* @param $roleAssignments array
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.PkpContextAccessPolicy');
$this->addPolicy(new PkpContextAccessPolicy($request, $roleAssignments));
// If a signoff ID was specified, authorize it.
if ($request->getUserVar('issueId')) {
import('classes.security.authorization.OjsIssueRequiredPolicy');
$this->addPolicy(new OjsIssueRequiredPolicy($request, $args));
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.PolicySet');
$rolePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
foreach ($roleAssignments as $role => $operations) {
$rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $role, $operations));
}
$this->addPolicy($rolePolicy);
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.PkpContextAccessPolicy');
$this->addPolicy(new PkpContextAccessPolicy($request, $roleAssignments));
import('lib.pkp.classes.security.authorization.SubmissionAccessPolicy');
$this->addPolicy(new SubmissionAccessPolicy($request, $args, $roleAssignments));
// If a representation was specified, authorize it.
if ($request->getUserVar('representationId')) {
import('lib.pkp.classes.security.authorization.internal.RepresentationRequiredPolicy');
$this->addPolicy(new RepresentationRequiredPolicy($request, $args));
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
$operation = $request->getRouter()->getRequestedOp($request);
$siteAccessOps = array('fetchGrid', 'fetchRows', 'saveSequence');
if (in_array($operation, $siteAccessOps)) {
import('lib.pkp.classes.security.authorization.PKPSiteAccessPolicy');
$this->addPolicy(new PKPSiteAccessPolicy($request, null, $roleAssignments));
} else {
import('classes.security.authorization.OmpPublishedMonographAccessPolicy');
$this->addPolicy(new OmpPublishedMonographAccessPolicy($request, $args, $roleAssignments, 'rowId'));
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @see PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.WorkflowStageAccessPolicy');
$this->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', WORKFLOW_STAGE_ID_PRODUCTION));
if (parent::authorize($request, $args, $roleAssignments)) {
$representationId = (int) $request->getUserVar('representationId');
$publicationFormatDao = DAORegistry::getDAO('PublicationFormatDAO');
$this->monograph = $this->getAuthorizedContextObject(ASSOC_TYPE_MONOGRAPH);
$this->publicationFormat = $publicationFormatDao->getById($representationId, $this->monograph->getId());
return true;
}
return false;
}
/**
* @see PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.PolicySet');
$rolePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
foreach ($roleAssignments as $role => $operations) {
$rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $role, $operations));
}
$this->addPolicy($rolePolicy);
$this->reviewFormId = (int) $request->getUserVar('reviewFormId');
$reviewFormDao = DAORegistry::getDAO('ReviewFormDAO');
if (!$reviewFormDao->reviewFormExists($this->reviewFormId, Application::getContextAssocType(), $request->getContext()->getId())) {
return false;
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @see PKPHandler::authorize()
* @param $request PKPRequest
* @param $args array
* @param $roleAssignments array
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.ContextAccessPolicy');
$this->addPolicy(new ContextAccessPolicy($request, $roleAssignments));
$returner = parent::authorize($request, $args, $roleAssignments);
$spotlightId = $request->getUserVar('spotlightId');
if ($spotlightId) {
$press = $request->getPress();
$spotlightDao = DAORegistry::getDAO('SpotlightDAO');
$spotlight = $spotlightDao->getById($spotlightId);
if ($spotlight == null || $spotlight->getPressId() != $press->getId()) {
return false;
}
}
return $returner;
}
/**
* @copydoc GridHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.ContextAccessPolicy');
$this->addPolicy(new ContextAccessPolicy($request, $roleAssignments));
$context = $request->getContext();
$announcementTypeId = $request->getUserVar('announcementTypeId');
if ($announcementTypeId) {
// Ensure announcement type is valid and for this context
$announcementTypeDao = DAORegistry::getDAO('AnnouncementTypeDAO');
/* @var $announcementTypeDao AnnouncementTypeDAO */
$announcementType = $announcementTypeDao->getById($announcementTypeId);
if (!$announcementType || $announcementType->getAssocType() != $context->getAssocType() || $announcementType->getAssocId() != $context->getId()) {
return false;
}
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc GridHandler::authorize()
* @param $requireAnnouncementsEnabled Iff true, allow access only if context settings enable announcements
*/
function authorize($request, &$args, $roleAssignments, $requireAnnouncementsEnabled = true)
{
import('lib.pkp.classes.security.authorization.ContextRequiredPolicy');
$this->addPolicy(new ContextRequiredPolicy($request));
$returner = parent::authorize($request, $args, $roleAssignments);
// Ensure announcements are enabled.
$context = $request->getContext();
if ($requireAnnouncementsEnabled && !$context->getSetting('enableAnnouncements')) {
return false;
}
$announcementId = $request->getUserVar('announcementId');
if ($announcementId) {
// Ensure announcement is valid and for this context
$announcementDao = DAORegistry::getDAO('AnnouncementDAO');
/* @var $announcementDao AnnouncementDAO */
if ($announcementDao->getAnnouncementAssocType($announcementId) != $context->getAssocType() && $announcementDao->getAnnouncementAssocId($announcementId) != $context->getId()) {
return false;
}
}
return $returner;
}
/**
* @see PKPHandler::authorize()
* @param $request PKPRequest
* @param $args array
* @param $roleAssignments array
*/
function authorize(&$request, $args, $roleAssignments)
{
// FIXME: Need to authorize review type/round. This is just a temporary
// workaround until we get those variables in the authorized context, see #6200.
$reviewType = $request->getUserVar('reviewType');
$round = $request->getUserVar('round');
assert(!empty($reviewType) && !empty($round));
$this->_reviewType = (int) $reviewType;
$this->_round = (int) $round;
import('classes.security.authorization.OmpWorkflowStageAccessPolicy');
$this->addPolicy(new OmpWorkflowStageAccessPolicy($request, $args, $roleAssignments, 'monographId', WORKFLOW_STAGE_ID_INTERNAL_REVIEW));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @see PKPHandler::authorize()
*/
function authorize(&$request, $args, $roleAssignments)
{
import('classes.security.authorization.OmpWorkflowStageAccessPolicy');
$this->addPolicy(new OmpWorkflowStageAccessPolicy($request, $args, $roleAssignments, 'monographId', WORKFLOW_STAGE_ID_EDITING));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.PkpContextAccessPolicy');
$this->addPolicy(new PkpContextAccessPolicy($request, $roleAssignments));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
$this->_stageId = (int) $request->getUserVar('stageId');
// This is being validated in WorkflowStageAccessPolicy
$this->_request = $request;
if ($request->getUserVar('queryId')) {
import('lib.pkp.classes.security.authorization.QueryAccessPolicy');
$this->addPolicy(new QueryAccessPolicy($request, $args, $roleAssignments, $this->_stageId));
} else {
import('lib.pkp.classes.security.authorization.WorkflowStageAccessPolicy');
$this->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $this->_stageId));
}
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @see PKPHandler::authorize()
*/
function authorize(&$request, $args, $roleAssignments)
{
import('classes.security.authorization.OmpPressAccessPolicy');
$this->addPolicy(new OmpPressAccessPolicy($request, $roleAssignments));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
// Set the stage id from the request parameter if not set previously.
if (!$this->getStageId()) {
$stageId = (int) $request->getUserVar('stageId');
// This will be validated with the authorization policy added by
// the grid data provider.
$this->_stageId = $stageId;
}
$dataProvider = $this->getDataProvider();
$dataProvider->setStageId($this->getStageId());
return parent::authorize($request, $args, $roleAssignments);
}
