/** * @see AuthorizationPolicy::effect() */ function effect() { // Get the user $user =& $this->_request->getUser(); if (!is_a($user, 'PKPUser')) { return AUTHORIZATION_DENY; } // Get the press $router =& $this->_request->getRouter(); $press =& $router->getContext($this->_request); if (!is_a($press, 'Press')) { return AUTHORIZATION_DENY; } // Get the monograph $monograph =& $this->getAuthorizedContextObject(ASSOC_TYPE_MONOGRAPH); if (!is_a($monograph, 'Monograph')) { return AUTHORIZATION_DENY; } // Series editors can access all submissions in their series. // Even those they've not been explicitly assigned to. $seriesEditorsDao =& DAORegistry::getDAO('SeriesEditorsDAO'); if ($seriesEditorDao->editorExists($press->getId(), $monograph->getSeriesId(), $user->getId())) { return AUTHORIZATION_PERMIT; } else { return AUTHORIZATION_DENY; } }
/** * @copydoc AuthorizationPolicy::effect() */ function effect() { // Get the user $user = $this->_request->getUser(); if (!is_a($user, 'PKPUser')) { return AUTHORIZATION_DENY; } // Get the journal $router = $this->_request->getRouter(); $context = $router->getContext($this->_request); if (!is_a($context, 'Journal')) { return AUTHORIZATION_DENY; } // Get the article $article = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION); if (!is_a($article, 'Article')) { return AUTHORIZATION_DENY; } import('classes.security.authorization.internal.SectionAssignmentRule'); if (SectionAssignmentRule::effect($context->getId(), $article->getSectionId(), $user->getId())) { return AUTHORIZATION_PERMIT; } else { return AUTHORIZATION_DENY; } }
/** * @copydoc AuthorizationPolicy::effect() */ function effect() { // Get the user $user = $this->_request->getUser(); if (!is_a($user, 'PKPUser')) { return AUTHORIZATION_DENY; } // Get the context $router = $this->_request->getRouter(); $context = $router->getContext($this->_request); if (!is_a($context, 'Context')) { return AUTHORIZATION_DENY; } // Get the submission $submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION); if (!is_a($submission, 'Submission')) { return AUTHORIZATION_DENY; } import('lib.pkp.classes.security.authorization.internal.SectionAssignmentRule'); if (SectionAssignmentRule::effect($context->getId(), $submission->getSectionId(), $user->getId())) { return AUTHORIZATION_PERMIT; } else { return AUTHORIZATION_DENY; } }
/** * @see AuthorizationPolicy::effect() */ function effect() { // Get the user $user = $this->_request->getUser(); if (!is_a($user, 'PKPUser')) { return AUTHORIZATION_DENY; } // Get the press $router = $this->_request->getRouter(); $press = $router->getContext($this->_request); if (!is_a($press, 'Press')) { return AUTHORIZATION_DENY; } // Get the monograph $monograph = $this->getAuthorizedContextObject(ASSOC_TYPE_MONOGRAPH); if (!is_a($monograph, 'Monograph')) { return AUTHORIZATION_DENY; } import('classes.security.authorization.internal.SeriesAssignmentRule'); if (SeriesAssignmentRule::effect($press->getId(), $monograph->getSeriesId(), $user->getId())) { return AUTHORIZATION_PERMIT; } else { return AUTHORIZATION_DENY; } }
/** * Identifies a submission id in the request. * @return integer|false returns false if no valid submission id could be found. */ function getSubmissionId() { // Identify the submission id. $router =& $this->_request->getRouter(); switch (true) { case is_a($router, 'PKPPageRouter'): if (is_numeric($this->_request->getUserVar($this->_submissionParameterName))) { // We may expect a submission id in the user vars return (int) $this->_request->getUserVar($this->_submissionParameterName); } else { if (isset($this->_args[0]) && is_numeric($this->_args[0])) { // Or the submission id can be expected as the first path in the argument list return (int) $this->_args[0]; } } break; case is_a($router, 'PKPComponentRouter'): // We expect a named submission id argument. if (isset($this->_args[$this->_submissionParameterName]) && is_numeric($this->_args[$this->_submissionParameterName])) { return (int) $this->_args[$this->_submissionParameterName]; } break; default: assert(false); } return false; }
/** * Check whether the requested operation is on * the list of permitted operations. * @return boolean */ function _checkOperationWhitelist() { // Only permit if the requested operation has been whitelisted. $router =& $this->_request->getRouter(); $requestedOperation = $router->getRequestedOp($this->_request); assert(!empty($requestedOperation)); return in_array($requestedOperation, $this->_operations); }
/** * Identifies a submission id in the request. * @return integer|false returns false if no valid submission id could be found. */ function getDataObjectId() { // Identify the data object id. $router = $this->_request->getRouter(); switch (true) { case is_a($router, 'PKPPageRouter'): if (ctype_digit((string) $this->_request->getUserVar($this->_parameterName))) { // We may expect a object id in the user vars return (int) $this->_request->getUserVar($this->_parameterName); } else { if (isset($this->_args[0]) && ctype_digit((string) $this->_args[0])) { // Or the object id can be expected as the first path in the argument list return (int) $this->_args[0]; } } break; case is_a($router, 'PKPComponentRouter'): // We expect a named object id argument. if (isset($this->_args[$this->_parameterName]) && ctype_digit((string) $this->_args[$this->_parameterName])) { return (int) $this->_args[$this->_parameterName]; } break; default: assert(false); } return false; }
/** * @see AuthorizationPolicy::effect() */ function effect() { $router =& $this->_request->getRouter(); // Get the press. $press =& $router->getContext($this->_request); if (!is_a($press, 'Press')) { return AUTHORIZATION_DENY; } // Get the authorized user group. $userGroup = $this->getAuthorizedContextObject(ASSOC_TYPE_USER_GROUP); if (!is_integer($userGroup, 'UserGroup')) { return AUTHORIZATION_DENY; } // Retrieve the requested workflow stage. switch (true) { case is_a($router, 'PKPPageRouter'): // We expect the requested page to be a valid workflow path. $stagePath = $router->getRequestedPage($this->_request); break; case is_a($router, 'PKPComponentRouter'): // We expect a named 'workflowStage' argument. $stagePath = $this->_request->getUserVar('workflowStage'); break; default: assert(false); } $stageId = UserGroupStageAssignmentDAO::getIdFromPath($stagePath); if (!is_integer($stageId)) { return AUTHORIZATION_DENY; } // Only grant access to workflow stages that have been explicitly // assigned to the authorized user group in the press setup. $userGroupStageAssignmentDao =& DAORegistry::getDAO('UserGroupStageAssignmentDAO'); if ($userGroupStageAssignmentDao->assignmentExists($press->getId(), $userGroup->getId(), $stageId)) { return AUTHORIZATION_PERMIT; } else { return AUTHORIZATION_DENY; } }
/** * Display page links for a listing of items that has been * divided onto multiple pages. * Usage: * {page_links * name="nameMustMatchGetRangeInfoCall" * iterator=$myIterator * additional_param=myAdditionalParameterValue * } */ function smartyPageLinks($params, $smarty) { $iterator = $params['iterator']; $name = $params['name']; if (isset($params['params']) && is_array($params['params'])) { $extraParams = $params['params']; unset($params['params']); $params = array_merge($params, $extraParams); } if (isset($params['anchor'])) { $anchor = $params['anchor']; unset($params['anchor']); } else { $anchor = null; } if (isset($params['all_extra'])) { $allExtra = ' ' . $params['all_extra']; unset($params['all_extra']); } else { $allExtra = ''; } unset($params['iterator']); unset($params['name']); $numPageLinks = $smarty->get_template_vars('numPageLinks'); if (!is_numeric($numPageLinks)) { $numPageLinks = 10; } $page = $iterator->getPage(); $pageCount = $iterator->getPageCount(); $pageBase = max($page - floor($numPageLinks / 2), 1); $paramName = $name . 'Page'; if ($pageCount <= 1) { return ''; } $value = ''; $router = $this->_request->getRouter(); $requestedArgs = null; if (is_a($router, 'PageRouter')) { $requestedArgs = $router->getRequestedArgs($this->_request); } if ($page > 1) { $params[$paramName] = 1; $value .= '<a href="' . $this->_request->url(null, null, null, $requestedArgs, $params, $anchor) . '"' . $allExtra . '><<</a> '; $params[$paramName] = $page - 1; $value .= '<a href="' . $this->_request->url(null, null, null, $requestedArgs, $params, $anchor) . '"' . $allExtra . '><</a> '; } for ($i = $pageBase; $i < min($pageBase + $numPageLinks, $pageCount + 1); $i++) { if ($i == $page) { $value .= "<strong>{$i}</strong> "; } else { $params[$paramName] = $i; $value .= '<a href="' . $this->_request->url(null, null, null, $requestedArgs, $params, $anchor) . '"' . $allExtra . '>' . $i . '</a> '; } } if ($page < $pageCount) { $params[$paramName] = $page + 1; $value .= '<a href="' . $this->_request->url(null, null, null, $requestedArgs, $params, $anchor) . '"' . $allExtra . '>></a> '; $params[$paramName] = $pageCount; $value .= '<a href="' . $this->_request->url(null, null, null, $requestedArgs, $params, $anchor) . '"' . $allExtra . '>>></a> '; } return $value; }
/** * @see AuthorizationPolicy::effect() */ function effect() { // Get the session $session =& $this->_request->getSession(); // Retrieve the user from the session. $user =& $session->getUser(); // Check that the user group exists and // that the currently logged in user has been // assigned to it. $userGroupDao = DAORegistry::getDAO('UserGroupDAO'); // If any of the above objects is not present then // we deny access. This is regularly the case if the // user is not logged in (=no user object). foreach (array($session, $user, $userGroupDao) as $requiredObject) { if (is_null($requiredObject)) { return AUTHORIZATION_DENY; } } // Retrieve the acting as user group id saved // in the session. $actingAsUserGroupId = $session->getActingAsUserGroupId(); // Get the context (assumed to be authorized!). $router =& $this->_request->getRouter(); $context =& $router->getContext($this->_request); // Check whether the user still is in the group we found in the session. // This is necessary because the user might have switched contexts // also. User group assignments are per context and we have to make sure // that the user really has the role in the current context. if (is_integer($actingAsUserGroupId) && $actingAsUserGroupId > 0) { if (is_null($context)) { $application =& PKPApplication::getApplication(); if ($application->getContextDepth() > 0) { // Handle site-wide user groups. $userInGroup = $userGroupDao->userInGroup(0, $user->getId(), $actingAsUserGroupId); } else { // Handle apps that don't use context. $userInGroup = $userGroupDao->userInGroup($user->getId(), $actingAsUserGroupId); } } else { // Handle context-specific user groups. $userInGroup = $userGroupDao->userInGroup($context->getId(), $user->getId(), $actingAsUserGroupId); } // Invalidate the current user group if the user is not in this // group for the requested context. if (!$userInGroup) { $actingAsUserGroupId = null; } else { // Retrieve the user group if (is_null($context)) { // Handle apps that don't use context or site-wide groups. $userGroup =& $userGroupDao->getById($actingAsUserGroupId); } else { // Handle context-specific groups. $userGroup =& $userGroupDao->getById($actingAsUserGroupId, $context->getId()); } } } // Get the user's default group if no user group is set or // if the previous user group was invalid. if (!(is_integer($actingAsUserGroupId) && $actingAsUserGroupId > 0)) { // Retrieve the user's groups for the current context. if (is_null($context)) { // Handle apps that don't use context or site-wide groups. $userGroups =& $userGroupDao->getByUserId($user->getId()); } else { // Handle context-specific groups. $userGroups =& $userGroupDao->getByUserId($user->getId(), $context->getId()); } // We use the first user group as default user group. $defaultUserGroup =& $userGroups->next(); $actingAsUserGroupId = $defaultUserGroup->getId(); // Set the acting as user group $session->setActingAsUserGroupId($actingAsUserGroupId); $userGroup =& $defaultUserGroup; } // Deny access if we didn't find a valid user group for the user. if (!is_a($userGroup, 'UserGroup')) { return AUTHORIZATION_DENY; } // Add the user group to the authorization context $this->addAuthorizedContextObject(ASSOC_TYPE_USER_GROUP, $userGroup); return AUTHORIZATION_PERMIT; }