/**
* Constructor
* @param $request PKPRequest
*/
function __construct($request)
{
parent::__construct();
// Ensure we're in a context
import('lib.pkp.classes.security.authorization.ContextRequiredPolicy');
$this->addPolicy(new ContextRequiredPolicy($request, 'user.authorization.noContext'));
}
/**
* Constructor
*
* @param $request PKPRequest
* @param $operations array|string either a single operation or a list of operations that
* this policy is targeting.
* @param $roleAssignments array|int Either an array of role -> operation assignments or the constant SITE_ACCESS_ALL_ROLES
* @param $message string a message to be displayed if the authorization fails
*/
function __construct($request, $operations, $roleAssignments, $message = 'user.authorization.loginRequired')
{
parent::__construct();
$siteRolePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
if (is_array($roleAssignments)) {
import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
foreach ($roleAssignments as $role => $operations) {
$siteRolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $role, $operations));
}
} elseif ($roleAssignments === SITE_ACCESS_ALL_ROLES) {
import('lib.pkp.classes.security.authorization.PKPPublicAccessPolicy');
$siteRolePolicy->addPolicy(new PKPPublicAccessPolicy($request, $operations));
} else {
fatalError('Invalid role assignments!');
}
$this->addPolicy($siteRolePolicy);
}
/**
* Constructor
* @param $request PKPRequest
* @param $args array request arguments
* @param $roleAssignments array
* @param $accessMode int
*/
function __construct($request, &$args, $roleAssignments, $accessMode = ACCESS_MODE_ADMIN)
{
parent::__construct();
// A valid plugin is required.
$this->addPolicy(new PluginRequiredPolicy($request));
// Journal managers and site admin have
// access to plugins. We'll have to define
// differentiated policies for those roles in a policy set.
$pluginAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
$pluginAccessPolicy->setEffectIfNoPolicyApplies(AUTHORIZATION_DENY);
//
// Managerial role
//
if (isset($roleAssignments[ROLE_ID_MANAGER])) {
if ($accessMode & ACCESS_MODE_MANAGE) {
// Journal managers have edit settings access mode...
$journalManagerPluginAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$journalManagerPluginAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_MANAGER, $roleAssignments[ROLE_ID_MANAGER]));
// ...only to journal level plugins.
$journalManagerPluginAccessPolicy->addPolicy(new PluginLevelRequiredPolicy($request, CONTEXT_JOURNAL));
$pluginAccessPolicy->addPolicy($journalManagerPluginAccessPolicy);
}
}
//
// Site administrator role
//
if (isset($roleAssignments[ROLE_ID_SITE_ADMIN])) {
// Site admin have access to all plugins...
$siteAdminPluginAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$siteAdminPluginAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SITE_ADMIN, $roleAssignments[ROLE_ID_SITE_ADMIN]));
if ($accessMode & ACCESS_MODE_MANAGE) {
// ...of site level only.
$siteAdminPluginAccessPolicy->addPolicy(new PluginLevelRequiredPolicy($request, CONTEXT_SITE));
}
$pluginAccessPolicy->addPolicy($siteAdminPluginAccessPolicy);
}
$this->addPolicy($pluginAccessPolicy);
}