/**
* @see AuthorizationPolicy::effect()
*/
function effect()
{
// Get the user
$user =& $this->_request->getUser();
if (!is_a($user, 'PKPUser')) {
return AUTHORIZATION_DENY;
}
// Get the press
$router =& $this->_request->getRouter();
$press =& $router->getContext($this->_request);
if (!is_a($press, 'Press')) {
return AUTHORIZATION_DENY;
}
// Get the monograph
$monograph =& $this->getAuthorizedContextObject(ASSOC_TYPE_MONOGRAPH);
if (!is_a($monograph, 'Monograph')) {
return AUTHORIZATION_DENY;
}
// Series editors can access all submissions in their series.
// Even those they've not been explicitly assigned to.
$seriesEditorsDao =& DAORegistry::getDAO('SeriesEditorsDAO');
if ($seriesEditorDao->editorExists($press->getId(), $monograph->getSeriesId(), $user->getId())) {
return AUTHORIZATION_PERMIT;
} else {
return AUTHORIZATION_DENY;
}
}
/**
* @copydoc AuthorizationPolicy::effect()
*/
function effect()
{
// Get the user
$user = $this->_request->getUser();
if (!is_a($user, 'PKPUser')) {
return AUTHORIZATION_DENY;
}
// Get the journal
$router = $this->_request->getRouter();
$context = $router->getContext($this->_request);
if (!is_a($context, 'Journal')) {
return AUTHORIZATION_DENY;
}
// Get the article
$article = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
if (!is_a($article, 'Article')) {
return AUTHORIZATION_DENY;
}
import('classes.security.authorization.internal.SectionAssignmentRule');
if (SectionAssignmentRule::effect($context->getId(), $article->getSectionId(), $user->getId())) {
return AUTHORIZATION_PERMIT;
} else {
return AUTHORIZATION_DENY;
}
}
/**
* @copydoc AuthorizationPolicy::effect()
*/
function effect()
{
// Get the user
$user = $this->_request->getUser();
if (!is_a($user, 'PKPUser')) {
return AUTHORIZATION_DENY;
}
// Get the context
$router = $this->_request->getRouter();
$context = $router->getContext($this->_request);
if (!is_a($context, 'Context')) {
return AUTHORIZATION_DENY;
}
// Get the submission
$submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
if (!is_a($submission, 'Submission')) {
return AUTHORIZATION_DENY;
}
import('lib.pkp.classes.security.authorization.internal.SectionAssignmentRule');
if (SectionAssignmentRule::effect($context->getId(), $submission->getSectionId(), $user->getId())) {
return AUTHORIZATION_PERMIT;
} else {
return AUTHORIZATION_DENY;
}
}
/**
* @see AuthorizationPolicy::effect()
*/
function effect()
{
// Get the user
$user = $this->_request->getUser();
if (!is_a($user, 'PKPUser')) {
return AUTHORIZATION_DENY;
}
// Get the press
$router = $this->_request->getRouter();
$press = $router->getContext($this->_request);
if (!is_a($press, 'Press')) {
return AUTHORIZATION_DENY;
}
// Get the monograph
$monograph = $this->getAuthorizedContextObject(ASSOC_TYPE_MONOGRAPH);
if (!is_a($monograph, 'Monograph')) {
return AUTHORIZATION_DENY;
}
import('classes.security.authorization.internal.SeriesAssignmentRule');
if (SeriesAssignmentRule::effect($press->getId(), $monograph->getSeriesId(), $user->getId())) {
return AUTHORIZATION_PERMIT;
} else {
return AUTHORIZATION_DENY;
}
}
/**
* Identifies a submission id in the request.
* @return integer|false returns false if no valid submission id could be found.
*/
function getSubmissionId()
{
// Identify the submission id.
$router =& $this->_request->getRouter();
switch (true) {
case is_a($router, 'PKPPageRouter'):
if (is_numeric($this->_request->getUserVar($this->_submissionParameterName))) {
// We may expect a submission id in the user vars
return (int) $this->_request->getUserVar($this->_submissionParameterName);
} else {
if (isset($this->_args[0]) && is_numeric($this->_args[0])) {
// Or the submission id can be expected as the first path in the argument list
return (int) $this->_args[0];
}
}
break;
case is_a($router, 'PKPComponentRouter'):
// We expect a named submission id argument.
if (isset($this->_args[$this->_submissionParameterName]) && is_numeric($this->_args[$this->_submissionParameterName])) {
return (int) $this->_args[$this->_submissionParameterName];
}
break;
default:
assert(false);
}
return false;
}
/**
* Check whether the requested operation is on
* the list of permitted operations.
* @return boolean
*/
function _checkOperationWhitelist()
{
// Only permit if the requested operation has been whitelisted.
$router =& $this->_request->getRouter();
$requestedOperation = $router->getRequestedOp($this->_request);
assert(!empty($requestedOperation));
return in_array($requestedOperation, $this->_operations);
}
/**
* Identifies a submission id in the request.
* @return integer|false returns false if no valid submission id could be found.
*/
function getDataObjectId()
{
// Identify the data object id.
$router = $this->_request->getRouter();
switch (true) {
case is_a($router, 'PKPPageRouter'):
if (ctype_digit((string) $this->_request->getUserVar($this->_parameterName))) {
// We may expect a object id in the user vars
return (int) $this->_request->getUserVar($this->_parameterName);
} else {
if (isset($this->_args[0]) && ctype_digit((string) $this->_args[0])) {
// Or the object id can be expected as the first path in the argument list
return (int) $this->_args[0];
}
}
break;
case is_a($router, 'PKPComponentRouter'):
// We expect a named object id argument.
if (isset($this->_args[$this->_parameterName]) && ctype_digit((string) $this->_args[$this->_parameterName])) {
return (int) $this->_args[$this->_parameterName];
}
break;
default:
assert(false);
}
return false;
}
/**
* @see AuthorizationPolicy::effect()
*/
function effect()
{
$router =& $this->_request->getRouter();
// Get the press.
$press =& $router->getContext($this->_request);
if (!is_a($press, 'Press')) {
return AUTHORIZATION_DENY;
}
// Get the authorized user group.
$userGroup = $this->getAuthorizedContextObject(ASSOC_TYPE_USER_GROUP);
if (!is_integer($userGroup, 'UserGroup')) {
return AUTHORIZATION_DENY;
}
// Retrieve the requested workflow stage.
switch (true) {
case is_a($router, 'PKPPageRouter'):
// We expect the requested page to be a valid workflow path.
$stagePath = $router->getRequestedPage($this->_request);
break;
case is_a($router, 'PKPComponentRouter'):
// We expect a named 'workflowStage' argument.
$stagePath = $this->_request->getUserVar('workflowStage');
break;
default:
assert(false);
}
$stageId = UserGroupStageAssignmentDAO::getIdFromPath($stagePath);
if (!is_integer($stageId)) {
return AUTHORIZATION_DENY;
}
// Only grant access to workflow stages that have been explicitly
// assigned to the authorized user group in the press setup.
$userGroupStageAssignmentDao =& DAORegistry::getDAO('UserGroupStageAssignmentDAO');
if ($userGroupStageAssignmentDao->assignmentExists($press->getId(), $userGroup->getId(), $stageId)) {
return AUTHORIZATION_PERMIT;
} else {
return AUTHORIZATION_DENY;
}
}
/**
* Display page links for a listing of items that has been
* divided onto multiple pages.
* Usage:
* {page_links
* name="nameMustMatchGetRangeInfoCall"
* iterator=$myIterator
* additional_param=myAdditionalParameterValue
* }
*/
function smartyPageLinks($params, $smarty)
{
$iterator = $params['iterator'];
$name = $params['name'];
if (isset($params['params']) && is_array($params['params'])) {
$extraParams = $params['params'];
unset($params['params']);
$params = array_merge($params, $extraParams);
}
if (isset($params['anchor'])) {
$anchor = $params['anchor'];
unset($params['anchor']);
} else {
$anchor = null;
}
if (isset($params['all_extra'])) {
$allExtra = ' ' . $params['all_extra'];
unset($params['all_extra']);
} else {
$allExtra = '';
}
unset($params['iterator']);
unset($params['name']);
$numPageLinks = $smarty->get_template_vars('numPageLinks');
if (!is_numeric($numPageLinks)) {
$numPageLinks = 10;
}
$page = $iterator->getPage();
$pageCount = $iterator->getPageCount();
$pageBase = max($page - floor($numPageLinks / 2), 1);
$paramName = $name . 'Page';
if ($pageCount <= 1) {
return '';
}
$value = '';
$router = $this->_request->getRouter();
$requestedArgs = null;
if (is_a($router, 'PageRouter')) {
$requestedArgs = $router->getRequestedArgs($this->_request);
}
if ($page > 1) {
$params[$paramName] = 1;
$value .= '<a href="' . $this->_request->url(null, null, null, $requestedArgs, $params, $anchor) . '"' . $allExtra . '><<</a> ';
$params[$paramName] = $page - 1;
$value .= '<a href="' . $this->_request->url(null, null, null, $requestedArgs, $params, $anchor) . '"' . $allExtra . '><</a> ';
}
for ($i = $pageBase; $i < min($pageBase + $numPageLinks, $pageCount + 1); $i++) {
if ($i == $page) {
$value .= "<strong>{$i}</strong> ";
} else {
$params[$paramName] = $i;
$value .= '<a href="' . $this->_request->url(null, null, null, $requestedArgs, $params, $anchor) . '"' . $allExtra . '>' . $i . '</a> ';
}
}
if ($page < $pageCount) {
$params[$paramName] = $page + 1;
$value .= '<a href="' . $this->_request->url(null, null, null, $requestedArgs, $params, $anchor) . '"' . $allExtra . '>></a> ';
$params[$paramName] = $pageCount;
$value .= '<a href="' . $this->_request->url(null, null, null, $requestedArgs, $params, $anchor) . '"' . $allExtra . '>>></a> ';
}
return $value;
}
/**
* @see AuthorizationPolicy::effect()
*/
function effect()
{
// Get the session
$session =& $this->_request->getSession();
// Retrieve the user from the session.
$user =& $session->getUser();
// Check that the user group exists and
// that the currently logged in user has been
// assigned to it.
$userGroupDao = DAORegistry::getDAO('UserGroupDAO');
// If any of the above objects is not present then
// we deny access. This is regularly the case if the
// user is not logged in (=no user object).
foreach (array($session, $user, $userGroupDao) as $requiredObject) {
if (is_null($requiredObject)) {
return AUTHORIZATION_DENY;
}
}
// Retrieve the acting as user group id saved
// in the session.
$actingAsUserGroupId = $session->getActingAsUserGroupId();
// Get the context (assumed to be authorized!).
$router =& $this->_request->getRouter();
$context =& $router->getContext($this->_request);
// Check whether the user still is in the group we found in the session.
// This is necessary because the user might have switched contexts
// also. User group assignments are per context and we have to make sure
// that the user really has the role in the current context.
if (is_integer($actingAsUserGroupId) && $actingAsUserGroupId > 0) {
if (is_null($context)) {
$application =& PKPApplication::getApplication();
if ($application->getContextDepth() > 0) {
// Handle site-wide user groups.
$userInGroup = $userGroupDao->userInGroup(0, $user->getId(), $actingAsUserGroupId);
} else {
// Handle apps that don't use context.
$userInGroup = $userGroupDao->userInGroup($user->getId(), $actingAsUserGroupId);
}
} else {
// Handle context-specific user groups.
$userInGroup = $userGroupDao->userInGroup($context->getId(), $user->getId(), $actingAsUserGroupId);
}
// Invalidate the current user group if the user is not in this
// group for the requested context.
if (!$userInGroup) {
$actingAsUserGroupId = null;
} else {
// Retrieve the user group
if (is_null($context)) {
// Handle apps that don't use context or site-wide groups.
$userGroup =& $userGroupDao->getById($actingAsUserGroupId);
} else {
// Handle context-specific groups.
$userGroup =& $userGroupDao->getById($actingAsUserGroupId, $context->getId());
}
}
}
// Get the user's default group if no user group is set or
// if the previous user group was invalid.
if (!(is_integer($actingAsUserGroupId) && $actingAsUserGroupId > 0)) {
// Retrieve the user's groups for the current context.
if (is_null($context)) {
// Handle apps that don't use context or site-wide groups.
$userGroups =& $userGroupDao->getByUserId($user->getId());
} else {
// Handle context-specific groups.
$userGroups =& $userGroupDao->getByUserId($user->getId(), $context->getId());
}
// We use the first user group as default user group.
$defaultUserGroup =& $userGroups->next();
$actingAsUserGroupId = $defaultUserGroup->getId();
// Set the acting as user group
$session->setActingAsUserGroupId($actingAsUserGroupId);
$userGroup =& $defaultUserGroup;
}
// Deny access if we didn't find a valid user group for the user.
if (!is_a($userGroup, 'UserGroup')) {
return AUTHORIZATION_DENY;
}
// Add the user group to the authorization context
$this->addAuthorizedContextObject(ASSOC_TYPE_USER_GROUP, $userGroup);
return AUTHORIZATION_PERMIT;
}
