/**
* @covers PolicySet
*/
public function testPolicySet()
{
// Test combining algorithm and default effect.
$policySet = new PolicySet();
self::assertEquals(COMBINING_DENY_OVERRIDES, $policySet->getCombiningAlgorithm());
self::assertEquals(AUTHORIZATION_DENY, $policySet->getEffectIfNoPolicyApplies());
$policySet = new PolicySet(COMBINING_PERMIT_OVERRIDES);
$policySet->setEffectIfNoPolicyApplies(AUTHORIZATION_PERMIT);
self::assertEquals(COMBINING_PERMIT_OVERRIDES, $policySet->getCombiningAlgorithm());
self::assertEquals(AUTHORIZATION_PERMIT, $policySet->getEffectIfNoPolicyApplies());
// Test adding policies.
$policySet->addPolicy($policy1 = new AuthorizationPolicy('policy1'));
$policySet->addPolicy($policy2 = new AuthorizationPolicy('policy2'));
$policySet->addPolicy($policy3 = new AuthorizationPolicy('policy3'), $addToTop = true);
self::assertEquals(array($policy3, $policy1, $policy2), $policySet->getPolicies());
}
/**
* Constructor
* @param $request PKPRequest
* @param $args array request arguments
* @param $roleAssignments array
* @param $accessMode int
*/
function OjsPluginAccessPolicy($request, &$args, $roleAssignments, $accessMode = ACCESS_MODE_ADMIN)
{
parent::PolicySet();
// A valid plugin is required.
$this->addPolicy(new PluginRequiredPolicy($request));
// Journal managers and site admin have
// access to plugins. We'll have to define
// differentiated policies for those roles in a policy set.
$pluginAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
$pluginAccessPolicy->setEffectIfNoPolicyApplies(AUTHORIZATION_DENY);
//
// Managerial role
//
if (isset($roleAssignments[ROLE_ID_MANAGER])) {
if ($accessMode & ACCESS_MODE_MANAGE) {
// Journal managers have edit settings access mode...
$journalManagerPluginAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$journalManagerPluginAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_MANAGER, $roleAssignments[ROLE_ID_MANAGER]));
// ...only to journal level plugins.
$journalManagerPluginAccessPolicy->addPolicy(new PluginLevelRequiredPolicy($request, CONTEXT_JOURNAL));
$pluginAccessPolicy->addPolicy($journalManagerPluginAccessPolicy);
}
}
//
// Site administrator role
//
if (isset($roleAssignments[ROLE_ID_SITE_ADMIN])) {
// Site admin have access to all plugins...
$siteAdminPluginAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$siteAdminPluginAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SITE_ADMIN, $roleAssignments[ROLE_ID_SITE_ADMIN]));
if ($accessMode & ACCESS_MODE_MANAGE) {
// ...of site level only.
$siteAdminPluginAccessPolicy->addPolicy(new PluginLevelRequiredPolicy($request, CONTEXT_SITE));
}
$pluginAccessPolicy->addPolicy($siteAdminPluginAccessPolicy);
}
$this->addPolicy($pluginAccessPolicy);
}
