/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { $stageId = (int) $request->getUserVar('stageId'); import('classes.security.authorization.WorkflowStageAccessPolicy'); $this->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId)); return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { // Require a submission import('classes.security.authorization.SubmissionAccessPolicy'); $this->addPolicy(new SubmissionAccessPolicy($request, $args, $roleAssignments, 'submissionId')); return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { // We need a review round id in request. import('lib.pkp.classes.security.authorization.internal.ReviewRoundRequiredPolicy'); $this->addPolicy(new ReviewRoundRequiredPolicy($request, $args)); return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { // Allow both reviewers (if in review) and context roles. import('classes.security.authorization.ReviewStageAccessPolicy'); $this->addPolicy(new ReviewStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $request->getUserVar('stageId')), true); return parent::authorize($request, $args, $roleAssignments); }
/** * @see PKPHandler::authorize() * @param $request PKPRequest * @param $args array * @param $roleAssignments array */ function authorize(&$request, $args, $roleAssignments) { $stageId = $request->getUserVar('stageId'); import('classes.security.authorization.OmpWorkflowStageAccessPolicy'); $this->addPolicy(new OmpWorkflowStageAccessPolicy($request, $args, $roleAssignments, 'monographId', $stageId)); return parent::authorize($request, $args, $roleAssignments); }
function authorize($request, &$args, $roleAssignments) { $fileIds = $request->getUserVar('filesIdsAndRevisions'); $libraryFileId = $request->getUserVar('libraryFileId'); if (is_string($fileIds)) { $fileIdsArray = explode(';', $fileIds); // Remove empty entries (a trailing ";" will cause these) $fileIdsArray = array_filter($fileIdsArray, create_function('$a', 'return !empty($a);')); } if (!empty($fileIdsArray)) { $multipleSubmissionFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES); foreach ($fileIdsArray as $fileIdAndRevision) { $multipleSubmissionFileAccessPolicy->addPolicy($this->_getAccessPolicy($request, $args, $roleAssignments, $fileIdAndRevision)); } $this->addPolicy($multipleSubmissionFileAccessPolicy); } else { if (is_numeric($libraryFileId)) { import('lib.pkp.classes.security.authorization.ContextAccessPolicy'); $this->addPolicy(new ContextAccessPolicy($request, $roleAssignments)); } else { // IDs will be specified using the default parameters. $this->addPolicy($this->_getAccessPolicy($request, $args, $roleAssignments)); } } return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { // User must be logged in import('lib.pkp.classes.security.authorization.UserRequiredPolicy'); $this->addPolicy(new UserRequiredPolicy($request)); return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { // Authorize stage id. import('lib.pkp.classes.security.authorization.WorkflowStageAccessPolicy'); $this->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $this->_identifyStageId($request))); return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { // Some operations need a review round id in request. $reviewRoundOps = $this->_getReviewRoundOps(); import('lib.pkp.classes.security.authorization.internal.ReviewRoundRequiredPolicy'); $this->addPolicy(new ReviewRoundRequiredPolicy($request, $args, 'reviewRoundId', $reviewRoundOps)); return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { import('lib.pkp.classes.security.authorization.ContextRequiredPolicy'); $this->addPolicy(new ContextRequiredPolicy($request)); import('classes.security.authorization.OjsJournalMustPublishPolicy'); $this->addPolicy(new OjsJournalMustPublishPolicy($request)); return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { import('lib.pkp.classes.security.authorization.PKPSiteAccessPolicy'); $this->addPolicy(new PKPSiteAccessPolicy($request, array('header', 'sidebar', 'css'), SITE_ACCESS_ALL_ROLES)); if (!Config::getVar('general', 'installed')) { define('SESSION_DISABLE_INIT', true); } return parent::authorize($request, $args, $roleAssignments, false); }
/** * @copydoc PKPHandler::authorize */ function authorize($request, &$args, $roleAssignments) { $returner = parent::authorize($request, $args, $roleAssignments); if (!Config::getVar('oai', 'oai')) { return false; } else { return $returner; } }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { switch ($op = $request->getRequestedOp()) { case 'signInAsUser': import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy'); $this->addPolicy(new RoleBasedHandlerOperationPolicy($request, array(ROLE_ID_MANAGER, ROLE_ID_SITE_ADMIN), array('signInAsUser'))); break; } return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { $context = $request->getContext(); if (!$context || !$context->getSetting('restrictSiteAccess')) { $templateMgr = TemplateManager::getManager($request); $templateMgr->setCacheability(CACHEABILITY_PUBLIC); } import('lib.pkp.classes.security.authorization.ContextRequiredPolicy'); $this->addPolicy(new ContextRequiredPolicy($request)); return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { import('lib.pkp.classes.security.authorization.ContextRequiredPolicy'); $this->addPolicy(new ContextRequiredPolicy($request)); import('classes.security.authorization.OjsJournalMustPublishPolicy'); $this->addPolicy(new OjsJournalMustPublishPolicy($request)); import('classes.security.authorization.OjsIssueRequiredPolicy'); // the 'archives' op does not need this policy so it is left out of the operations array. $this->addPolicy(new OjsIssueRequiredPolicy($request, $args, array('view', 'download'))); return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { // Some operations need a review round id in request. $reviewRoundOps = $this->_getReviewRoundOps(); import('lib.pkp.classes.security.authorization.internal.ReviewRoundRequiredPolicy'); $this->addPolicy(new ReviewRoundRequiredPolicy($request, $args, 'reviewRoundId', $reviewRoundOps)); // Approve proof need submission access policy. $router = $request->getRouter(); if ($router->getRequestedOp($request) == 'saveApproveProof') { import('lib.pkp.classes.security.authorization.SubmissionFileAccessPolicy'); $this->addPolicy(new SubmissionFileAccessPolicy($request, $args, $roleAssignments, SUBMISSION_FILE_ACCESS_MODIFY)); } return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { // Get the galley Policy import('classes.security.authorization.GalleyRequiredPolicy'); $galleyPolicy = new GalleyRequiredPolicy($request, $args); // Get the workflow stage policy import('classes.security.authorization.WorkflowStageAccessPolicy'); $stagePolicy = new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', WORKFLOW_STAGE_ID_PRODUCTION); // Add the Galley policy to the stage policy. $stagePolicy->addPolicy($galleyPolicy); // Add the augmented policy to the handler. $this->addPolicy($stagePolicy); return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { // Require stage access import('classes.security.authorization.WorkflowStageAccessPolicy'); $this->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', (int) $request->getUserVar('stageId'))); if ($request->getUserVar('signoffId')) { // Determine the access mode $router = $request->getRouter(); // Require signoff access import('classes.security.authorization.SignoffAccessPolicy'); $this->addPolicy(new SignoffAccessPolicy($request, $args, $roleAssignments, $router->getRequestedOp($request) == 'saveNote' ? SIGNOFF_ACCESS_MODIFY : SIGNOFF_ACCESS_READ, $request->getUserVar('stageId'))); } return parent::authorize($request, $args, $roleAssignments); }
/** * @see PKPHandler::authorize() * @param $request PKPRequest * @param $args array * @param $roleAssignments array */ function authorize(&$request, $args, $roleAssignments) { // The policy for the submission handler depends on the // step currently requested. $step = isset($args[0]) ? (int) $args[0] : 1; if ($step < 1 || $step > 4) { return false; } // Do we have a monograph present in the request? $monographId = (int) $request->getUserVar('monographId'); // Are we in step one without a monograph present? if ($step === 1 && $monographId === 0) { // Authorize submission creation. import('classes.security.authorization.OmpPressAccessPolicy'); $this->addPolicy(new OmpPressAccessPolicy($request, $roleAssignments)); } else { // Authorize editing of incomplete submissions. import('classes.security.authorization.OmpSubmissionAccessPolicy'); $this->addPolicy(new OmpSubmissionAccessPolicy($request, $args, $roleAssignments, 'monographId')); } // Do policy checking. if (!parent::authorize($request, $args, $roleAssignments)) { return false; } // Execute additional checking of the step. // NB: Move this to its own policy for reuse when required in other places. $monograph =& $this->getAuthorizedContextObject(ASSOC_TYPE_MONOGRAPH); // Permit if there is no monograph set, but request is for initial step. if (!is_a($monograph, 'Monograph') && $step == 1) { return true; } // In all other cases we expect an authorized monograph due to the // submission access policy above. assert(is_a($monograph, 'Monograph')); // FIXME: What happens when returning to a prior step? See #5813. // FIXME: What happens when returning to an incomplete submission? See #5752. // Deny if submission is complete (==0 means complete) and at // any step other than the "complete" step (=4) if ($monograph->getSubmissionProgress() == 0 && $step != 4) { return false; } // Deny if trying to access a step greater than the current progress if ($monograph->getSubmissionProgress() != 0 && $step > $monograph->getSubmissionProgress()) { return false; } return true; }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { // The policy for the submission handler depends on the // step currently requested. $step = isset($args[0]) ? (int) $args[0] : 1; if ($step < 1 || $step > $this->_getStepCount()) { return false; } // Do we have a submission present in the request? $submissionId = (int) $request->getUserVar('submissionId'); // Are we in step one without a submission present? if ($step === 1 && $submissionId === 0) { // Authorize submission creation. import('lib.pkp.classes.security.authorization.PkpContextAccessPolicy'); $this->addPolicy(new PkpContextAccessPolicy($request, $roleAssignments)); } else { // Authorize editing of incomplete submissions. import('classes.security.authorization.SubmissionAccessPolicy'); $this->addPolicy(new SubmissionAccessPolicy($request, $args, $roleAssignments, 'submissionId')); } // Do policy checking. if (!parent::authorize($request, $args, $roleAssignments)) { return false; } // Execute additional checking of the step. // NB: Move this to its own policy for reuse when required in other places. $submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION); // Permit if there is no submission set, but request is for initial step. if (!is_a($submission, 'Submission') && $step == 1) { return true; } // In all other cases we expect an authorized submission due to // the submission access policy above. assert(is_a($submission, 'Submission')); // Deny if submission is complete (==0 means complete) and at // any step other than the "complete" step (the last one) if ($submission->getSubmissionProgress() == 0 && $step != $this->_getStepCount()) { return false; } // Deny if trying to access a step greater than the current progress if ($submission->getSubmissionProgress() != 0 && $step > $submission->getSubmissionProgress()) { return false; } return true; }
/** * @see PKPHandler::authorize() * @param $request PKPRequest * @param $args array * @param $roleAssignments array */ function authorize(&$request, $args, $roleAssignments) { $router =& $request->getRouter(); $operation = $router->getRequestedOp($request); switch ($operation) { case 'index': // The user only needs press-level permission to see a list // of submissions. import('classes.security.authorization.OmpPressAccessPolicy'); $this->addPolicy(new OmpPressAccessPolicy($request, $roleAssignments)); break; default: // All other operations require full submission access. import('classes.security.authorization.OmpSubmissionAccessPolicy'); $this->addPolicy(new OmpSubmissionAccessPolicy($request, $args, $roleAssignments)); } return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { $router = $request->getRouter(); $operation = $router->getRequestedOp($request); if ($operation == 'access' || $operation == 'expedite') { // Authorize requested submission. import('lib.pkp.classes.security.authorization.internal.SubmissionRequiredPolicy'); $this->addPolicy(new SubmissionRequiredPolicy($request, $args, 'submissionId')); // This policy will deny access if user has no accessible workflow stage. // Otherwise it will build an authorized object with all accessible // workflow stages and authorize user operation access. import('classes.security.authorization.internal.UserAccessibleWorkflowStageRequiredPolicy'); $this->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request)); } else { import('classes.security.authorization.WorkflowStageAccessPolicy'); $this->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $this->identifyStageId($request, $args))); } return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments, $enforceRestrictedSite = true) { import('lib.pkp.classes.security.authorization.PKPSiteAccessPolicy'); $this->addPolicy(new PKPSiteAccessPolicy($request, null, $roleAssignments)); $returner = parent::authorize($request, $args, $roleAssignments, $enforceRestrictedSite); // Make sure user is in a context. Otherwise, redirect. $context = $request->getContext(); $router = $request->getRouter(); $requestedOp = $router->getRequestedOp($request); if ($requestedOp == 'settings') { $contextDao = Application::getContextDAO(); $contextFactory = $contextDao->getAll(); if ($contextFactory->getCount() == 1) { // Don't let users access site settings in a single context installation. // In that case, those settings are available under management or are not // relevant (like site appearance). return false; } } return $returner; }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { import('lib.pkp.classes.security.authorization.AuthorDashboardAccessPolicy'); $this->addPolicy(new AuthorDashboardAccessPolicy($request, $args, $roleAssignments), true); return parent::authorize($request, $args, $roleAssignments); }
function authorize($request, &$args, $roleAssignments) { import('lib.pkp.classes.security.authorization.SubmissionFileAccessPolicy'); $this->addPolicy(new SubmissionFileAccessPolicy($request, $args, $roleAssignments, SUBMISSION_FILE_ACCESS_MODIFY)); return parent::authorize($request, $args, $roleAssignments); }
/** * Ensure that we have a selected journal and the plugin is enabled */ function authorize(&$request, &$args, $roleAssignments) { $journal =& $request->getJournal(); if (!isset($journal)) { return false; } $bfrPlugin =& PluginRegistry::getPlugin('generic', BOOKS_FOR_REVIEW_PLUGIN_NAME); if (!isset($bfrPlugin)) { return false; } if (!$bfrPlugin->getEnabled()) { return false; } return parent::authorize($request, $args, $roleAssignments); }
/** * Ensure that we have a journal and the plugin is enabled. */ function authorize($request, &$args, $roleAssignments) { $router = $request->getRouter(); $journal = $router->getContext($request); if (!isset($journal)) { return false; } $browsePlugin = PluginRegistry::getPlugin('generic', BROWSE_PLUGIN_NAME); if (!isset($browsePlugin)) { return false; } if (!$browsePlugin->getEnabled()) { return false; } return parent::authorize($request, $args, $roleAssignments); }
/** * Ensure that we have a journal, plugin is enabled, and user is author. */ function authorize($request, &$args, $roleAssignments) { $journal = $request->getJournal(); if (!isset($journal)) { return false; } $bfrPlugin = PluginRegistry::getPlugin('generic', BOOKS_FOR_REVIEW_PLUGIN_NAME); if (!isset($bfrPlugin)) { return false; } if (!$bfrPlugin->getEnabled()) { return false; } if (!Validation::isAuthor($journal->getId())) { Validation::redirectLogin(); } return parent::authorize($request, $args, $roleAssignments); }
/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { import('lib.pkp.classes.security.authorization.SubmissionAccessPolicy'); $this->addPolicy(new SubmissionAccessPolicy($request, $args, $roleAssignments)); return parent::authorize($request, $args, $roleAssignments); }
/** * @see PKPHandler::authorize() */ function authorize(&$request, $args, $roleAssignments) { import('classes.security.authorization.OmpWorkflowStageAccessPolicy'); $this->addPolicy(new OmpWorkflowStageAccessPolicy($request, $args, $roleAssignments, 'monographId', WORKFLOW_STAGE_ID_SUBMISSION)); return parent::authorize($request, $args, $roleAssignments); }