/**
  * Constructor
  * @param $request PKPRequest
  */
 function __construct($request)
 {
     parent::__construct();
     // Ensure we're in a context
     import('lib.pkp.classes.security.authorization.ContextRequiredPolicy');
     $this->addPolicy(new ContextRequiredPolicy($request, 'user.authorization.noContext'));
 }
 /**
  * Constructor
  *
  * @param $request PKPRequest
  * @param $operations array|string either a single operation or a list of operations that
  *  this policy is targeting.
  * @param $roleAssignments array|int Either an array of role -> operation assignments or the constant SITE_ACCESS_ALL_ROLES
  * @param $message string a message to be displayed if the authorization fails
  */
 function __construct($request, $operations, $roleAssignments, $message = 'user.authorization.loginRequired')
 {
     parent::__construct();
     $siteRolePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     if (is_array($roleAssignments)) {
         import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
         foreach ($roleAssignments as $role => $operations) {
             $siteRolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $role, $operations));
         }
     } elseif ($roleAssignments === SITE_ACCESS_ALL_ROLES) {
         import('lib.pkp.classes.security.authorization.PKPPublicAccessPolicy');
         $siteRolePolicy->addPolicy(new PKPPublicAccessPolicy($request, $operations));
     } else {
         fatalError('Invalid role assignments!');
     }
     $this->addPolicy($siteRolePolicy);
 }
 /**
  * Constructor
  * @param $request PKPRequest
  * @param $args array request arguments
  * @param $roleAssignments array
  * @param $accessMode int
  */
 function __construct($request, &$args, $roleAssignments, $accessMode = ACCESS_MODE_ADMIN)
 {
     parent::__construct();
     // A valid plugin is required.
     $this->addPolicy(new PluginRequiredPolicy($request));
     // Journal managers and site admin have
     // access to plugins. We'll have to define
     // differentiated policies for those roles in a policy set.
     $pluginAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     $pluginAccessPolicy->setEffectIfNoPolicyApplies(AUTHORIZATION_DENY);
     //
     // Managerial role
     //
     if (isset($roleAssignments[ROLE_ID_MANAGER])) {
         if ($accessMode & ACCESS_MODE_MANAGE) {
             // Journal managers have edit settings access mode...
             $journalManagerPluginAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
             $journalManagerPluginAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_MANAGER, $roleAssignments[ROLE_ID_MANAGER]));
             // ...only to journal level plugins.
             $journalManagerPluginAccessPolicy->addPolicy(new PluginLevelRequiredPolicy($request, CONTEXT_JOURNAL));
             $pluginAccessPolicy->addPolicy($journalManagerPluginAccessPolicy);
         }
     }
     //
     // Site administrator role
     //
     if (isset($roleAssignments[ROLE_ID_SITE_ADMIN])) {
         // Site admin have access to all plugins...
         $siteAdminPluginAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
         $siteAdminPluginAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SITE_ADMIN, $roleAssignments[ROLE_ID_SITE_ADMIN]));
         if ($accessMode & ACCESS_MODE_MANAGE) {
             // ...of site level only.
             $siteAdminPluginAccessPolicy->addPolicy(new PluginLevelRequiredPolicy($request, CONTEXT_SITE));
         }
         $pluginAccessPolicy->addPolicy($siteAdminPluginAccessPolicy);
     }
     $this->addPolicy($pluginAccessPolicy);
 }