/** * @copydoc AuthorizationPolicy::effect() */ function effect() { // Get the user $user = $this->_request->getUser(); if (!is_a($user, 'PKPUser')) { return AUTHORIZATION_DENY; } // Get the journal $router = $this->_request->getRouter(); $context = $router->getContext($this->_request); if (!is_a($context, 'Journal')) { return AUTHORIZATION_DENY; } // Get the article $article = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION); if (!is_a($article, 'Article')) { return AUTHORIZATION_DENY; } import('classes.security.authorization.internal.SectionAssignmentRule'); if (SectionAssignmentRule::effect($context->getId(), $article->getSectionId(), $user->getId())) { return AUTHORIZATION_PERMIT; } else { return AUTHORIZATION_DENY; } }
/** * @copydoc AuthorizationPolicy::effect() */ function effect() { // Get the user $user = $this->_request->getUser(); if (!is_a($user, 'PKPUser')) { return AUTHORIZATION_DENY; } // Get the context $router = $this->_request->getRouter(); $context = $router->getContext($this->_request); if (!is_a($context, 'Context')) { return AUTHORIZATION_DENY; } // Get the submission $submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION); if (!is_a($submission, 'Submission')) { return AUTHORIZATION_DENY; } import('lib.pkp.classes.security.authorization.internal.SectionAssignmentRule'); if (SectionAssignmentRule::effect($context->getId(), $submission->getSectionId(), $user->getId())) { return AUTHORIZATION_PERMIT; } else { return AUTHORIZATION_DENY; } }
/** * Check for roles that give access to the passed workflow stage. * @param int $userId * @param int $contextId * @param Submission $submission * @param int $stageId * @return array */ function _getAccessibleStageRoles($userId, $contextId, &$submission, $stageId) { $userGroupDao = DAORegistry::getDAO('UserGroupDAO'); $userRoles = $this->getAuthorizedContextObject(ASSOC_TYPE_USER_ROLES); $accessibleStageRoles = parent::_getAccessibleStageRoles($userId, $contextId, $submission, $stageId); foreach ($userRoles as $roleId) { switch ($roleId) { case ROLE_ID_SUB_EDITOR: // The requested submission must be part of their series... // and the requested workflow stage must be assigned to // them in the journal settings. import('classes.security.authorization.internal.SectionAssignmentRule'); if (SectionAssignmentRule::effect($contextId, $submission->getSectionId(), $userId) && $userGroupDao->userAssignmentExists($contextId, $userId, $stageId)) { $accessibleStageRoles[] = $roleId; } break; default: break; } } return $accessibleStageRoles; }
/** * Check for roles that give access to the passed workflow stage. * @param int $userId * @param int $contextId * @param Submission $submission * @param int $stageId * @return array */ function _getAccessibleStageRoles($userId, $contextId, &$submission, $stageId) { $stageAssignmentDao = DAORegistry::getDAO('StageAssignmentDAO'); /* @var $stageAssignmentDao StageAssignmentDAO */ $userRoles = $this->getAuthorizedContextObject(ASSOC_TYPE_USER_ROLES); $accessibleStageRoles = array(); foreach ($userRoles as $roleId) { switch ($roleId) { case ROLE_ID_MANAGER: // Context managers have access to all submission stages. $accessibleStageRoles[] = $roleId; break; case ROLE_ID_ASSISTANT: case ROLE_ID_SUB_EDITOR: case ROLE_ID_AUTHOR: // The requested workflow stage has been assigned to them // in the requested submission. $stageAssignments = $stageAssignmentDao->getBySubmissionAndRoleId($submission->getId(), $roleId, $stageId, $userId); if (!$stageAssignments->wasEmpty()) { $accessibleStageRoles[] = $roleId; } if ($roleId == ROLE_ID_SUB_EDITOR) { // The requested submission must be part of their section/series... // and the requested workflow stage must be assigned to // them in the context settings. import('lib.pkp.classes.security.authorization.internal.SectionAssignmentRule'); $userGroupDao = DAORegistry::getDAO('UserGroupDAO'); if (SectionAssignmentRule::effect($contextId, $submission->getSectionId(), $userId) && $userGroupDao->userAssignmentExists($contextId, $userId, $stageId)) { $accessibleStageRoles[] = $roleId; } } break; default: break; } } return $accessibleStageRoles; }