/** * Validate that the user is the assigned section editor for * the citation's article, or is a managing editor. Raises a * fatal error if validation fails. * @param $requiredContexts array * @param $request PKPRequest * @return boolean */ function validate($requiredContexts, $request) { // Retrieve the request context $router =& $request->getRouter(); $journal =& $router->getContext($request); // Authorization and validation checks // NB: Error messages are in plain English as they directly go to fatal errors. // (Validation errors in components are either programming errors or somebody // trying to call components directly which is no legal use case anyway.) // 1) restricted site access if (isset($journal) && $journal->getSetting('restrictSiteAccess')) { import('handler.validation.HandlerValidatorCustom'); $this->addCheck(new HandlerValidatorCustom($this, false, 'Restricted site access!', null, create_function('', 'if (!Validation::isLoggedIn()) return false; else return true;'))); } // 2) we need a journal $this->addCheck(new HandlerValidatorJournal($this, false, 'No journal in context!')); // 3) only editors or section editors may access $this->addCheck(new HandlerValidatorRoles($this, false, 'Insufficient privileges!', null, array(ROLE_ID_EDITOR, ROLE_ID_SECTION_EDITOR))); // Execute standard checks if (!parent::validate($requiredContexts, $request)) { return false; } // Retrieve and validate the article id $articleId =& $request->getUserVar('articleId'); if (!is_numeric($articleId)) { return false; } // Retrieve the article associated with this citation grid $articleDAO =& DAORegistry::getDAO('ArticleDAO'); $article =& $articleDAO->getArticle($articleId); // Article and editor validation if (!is_a($article, 'Article')) { return false; } if ($article->getJournalId() != $journal->getId()) { return false; } // Editors have access to all articles, section editors will be // checked individually. if (!Validation::isEditor()) { // Retrieve the edit assignments $editAssignmentDao =& DAORegistry::getDAO('EditAssignmentDAO'); $editAssignments =& $editAssignmentDao->getEditAssignmentsByArticleId($article->getId()); assert(is_a($editAssignments, 'DAOResultFactory')); $editAssignmentsArray =& $editAssignments->toArray(); // Check whether the user is the article's editor, // otherwise deny access. $user =& $request->getUser(); $userId = $user->getId(); $wasFound = false; foreach ($editAssignmentsArray as $editAssignment) { if ($editAssignment->getEditorId() == $userId) { if ($editAssignment->getCanEdit()) { $wasFound = true; } break; } } if (!$wasFound) { return false; } } // Validation successful $this->_article =& $article; return true; }