/** * Identifies a submission id in the request. * @return integer|false returns false if no valid submission id could be found. */ function getSubmissionId() { // Identify the submission id. $router =& $this->_request->getRouter(); switch (true) { case is_a($router, 'PKPPageRouter'): if (is_numeric($this->_request->getUserVar($this->_submissionParameterName))) { // We may expect a submission id in the user vars return (int) $this->_request->getUserVar($this->_submissionParameterName); } else { if (isset($this->_args[0]) && is_numeric($this->_args[0])) { // Or the submission id can be expected as the first path in the argument list return (int) $this->_args[0]; } } break; case is_a($router, 'PKPComponentRouter'): // We expect a named submission id argument. if (isset($this->_args[$this->_submissionParameterName]) && is_numeric($this->_args[$this->_submissionParameterName])) { return (int) $this->_args[$this->_submissionParameterName]; } break; default: assert(false); } return false; }
/** * Identifies a submission id in the request. * @return integer|false returns false if no valid submission id could be found. */ function getDataObjectId() { // Identify the data object id. $router = $this->_request->getRouter(); switch (true) { case is_a($router, 'PKPPageRouter'): if (ctype_digit((string) $this->_request->getUserVar($this->_parameterName))) { // We may expect a object id in the user vars return (int) $this->_request->getUserVar($this->_parameterName); } else { if (isset($this->_args[0]) && ctype_digit((string) $this->_args[0])) { // Or the object id can be expected as the first path in the argument list return (int) $this->_args[0]; } } break; case is_a($router, 'PKPComponentRouter'): // We expect a named object id argument. if (isset($this->_args[$this->_parameterName]) && ctype_digit((string) $this->_args[$this->_parameterName])) { return (int) $this->_args[$this->_parameterName]; } break; default: assert(false); } return false; }
/** * Display upgrade form. */ function upgrade() { $this->validate(); $this->setupTemplate(); if (($setLocale = PKPRequest::getUserVar('setLocale')) != null && AppLocale::isLocaleValid($setLocale)) { PKPRequest::setCookieVar('currentLocale', $setLocale); } $installForm = new UpgradeForm(); $installForm->initData(); $installForm->display(); }
/** * @see AuthorizationPolicy::effect() */ function effect() { $router =& $this->_request->getRouter(); // Get the press. $press =& $router->getContext($this->_request); if (!is_a($press, 'Press')) { return AUTHORIZATION_DENY; } // Get the authorized user group. $userGroup = $this->getAuthorizedContextObject(ASSOC_TYPE_USER_GROUP); if (!is_integer($userGroup, 'UserGroup')) { return AUTHORIZATION_DENY; } // Retrieve the requested workflow stage. switch (true) { case is_a($router, 'PKPPageRouter'): // We expect the requested page to be a valid workflow path. $stagePath = $router->getRequestedPage($this->_request); break; case is_a($router, 'PKPComponentRouter'): // We expect a named 'workflowStage' argument. $stagePath = $this->_request->getUserVar('workflowStage'); break; default: assert(false); } $stageId = UserGroupStageAssignmentDAO::getIdFromPath($stagePath); if (!is_integer($stageId)) { return AUTHORIZATION_DENY; } // Only grant access to workflow stages that have been explicitly // assigned to the authorized user group in the press setup. $userGroupStageAssignmentDao =& DAORegistry::getDAO('UserGroupStageAssignmentDAO'); if ($userGroupStageAssignmentDao->assignmentExists($press->getId(), $userGroup->getId(), $stageId)) { return AUTHORIZATION_PERMIT; } else { return AUTHORIZATION_DENY; } }
/** * * @param PKPRequest $request * @param array $args * @param array $roleAssignments * @param int bitfield $mode * @param string $fileIdAndRevision * @param string $submissionParameterName */ function buildFileAccessPolicy($request, $args, $roleAssignments, $mode, $fileIdAndRevision, $submissionParameterName) { // We need a submission matching the file in the request. import('lib.pkp.classes.security.authorization.internal.SubmissionRequiredPolicy'); $this->addPolicy(new SubmissionRequiredPolicy($request, $args, $submissionParameterName)); import('lib.pkp.classes.security.authorization.internal.SubmissionFileMatchesSubmissionPolicy'); $this->addPolicy(new SubmissionFileMatchesSubmissionPolicy($request, $fileIdAndRevision)); // Authors, managers and series editors potentially have // access to submission files. We'll have to define // differentiated policies for those roles in a policy set. $fileAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES); // // Managerial role // if (isset($roleAssignments[ROLE_ID_MANAGER])) { // Managers have all access to all submissions. $fileAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_MANAGER, $roleAssignments[ROLE_ID_MANAGER])); } // // Author role // if (isset($roleAssignments[ROLE_ID_AUTHOR])) { // 1) Author role user groups can access whitelisted operations ... $authorFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES); $authorFileAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_AUTHOR, $roleAssignments[ROLE_ID_AUTHOR])); // 2) ...if they are assigned to the workflow stage. Note: This loads the application-specific policy class. import('classes.security.authorization.WorkflowStageAccessPolicy'); $authorFileAccessPolicy->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $request->getUserVar('stageId'))); // 3) ...and if they meet one of the following requirements: $authorFileAccessOptionsPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES); // 3a) If the file was uploaded by the current user, allow... import('lib.pkp.classes.security.authorization.internal.SubmissionFileUploaderAccessPolicy'); $authorFileAccessOptionsPolicy->addPolicy(new SubmissionFileUploaderAccessPolicy($request, $fileIdAndRevision)); // 3b) ...or if the file is a file in a review round with requested revision decision, allow... // Note: This loads the application-specific policy class import('classes.security.authorization.internal.SubmissionFileRequestedRevisionRequiredPolicy'); $authorFileAccessOptionsPolicy->addPolicy(new SubmissionFileRequestedRevisionRequiredPolicy($request, $fileIdAndRevision)); // ...or if we don't want to modify the file... if (!($mode & SUBMISSION_FILE_ACCESS_MODIFY)) { // 3c) ...and the file is at submission stage... import('lib.pkp.classes.security.authorization.internal.SubmissionFileSubmissionStageRequiredPolicy'); $authorFileAccessOptionsPolicy->addPolicy(new SubmissionFileSubmissionStageRequiredPolicy($request, $fileIdAndRevision)); // 3d) ...or the file is a viewable reviewer response... import('lib.pkp.classes.security.authorization.internal.SubmissionFileViewableReviewerResponseRequiredPolicy'); $authorFileAccessOptionsPolicy->addPolicy(new SubmissionFileViewableReviewerResponseRequiredPolicy($request, $fileIdAndRevision)); // 3e) ...or if the file is part of a signoff assigned to the user, allow. import('lib.pkp.classes.security.authorization.internal.SubmissionFileAssignedAuditorAccessPolicy'); $authorFileAccessOptionsPolicy->addPolicy(new SubmissionFileAssignedAuditorAccessPolicy($request, $fileIdAndRevision)); } // Add the rules from 3) $authorFileAccessPolicy->addPolicy($authorFileAccessOptionsPolicy); $fileAccessPolicy->addPolicy($authorFileAccessPolicy); } // // Reviewer role // if (isset($roleAssignments[ROLE_ID_REVIEWER])) { // 1) Reviewers can access whitelisted operations ... $reviewerFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES); $reviewerFileAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_REVIEWER, $roleAssignments[ROLE_ID_REVIEWER])); // 2) ...if they meet one of the following requirements: $reviewerFileAccessOptionsPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES); // 2a) If the file was uploaded by the current user, allow. import('lib.pkp.classes.security.authorization.internal.SubmissionFileUploaderAccessPolicy'); $reviewerFileAccessOptionsPolicy->addPolicy(new SubmissionFileUploaderAccessPolicy($request, $fileIdAndRevision)); // 2b) If the file is part of an assigned review, and we're not // trying to modify it, allow. import('lib.pkp.classes.security.authorization.internal.SubmissionFileAssignedReviewerAccessPolicy'); if (!($mode & SUBMISSION_FILE_ACCESS_MODIFY)) { $reviewerFileAccessOptionsPolicy->addPolicy(new SubmissionFileAssignedReviewerAccessPolicy($request, $fileIdAndRevision)); } // Add the rules from 2) $reviewerFileAccessPolicy->addPolicy($reviewerFileAccessOptionsPolicy); // Add this policy set $fileAccessPolicy->addPolicy($reviewerFileAccessPolicy); } // // Assistant role. // if (isset($roleAssignments[ROLE_ID_ASSISTANT])) { // 1) Assistants can access whitelisted operations... $contextAssistantFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES); $contextAssistantFileAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_ASSISTANT, $roleAssignments[ROLE_ID_ASSISTANT])); // 2) ... but only if they have been assigned to the submission workflow. // Note: This loads the application-specific policy class import('classes.security.authorization.WorkflowStageAccessPolicy'); $contextAssistantFileAccessPolicy->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $request->getUserVar('stageId'))); $fileAccessPolicy->addPolicy($contextAssistantFileAccessPolicy); } return $fileAccessPolicy; }
/** * Fetches the application-specific submission id from the request object. * Should be overridden by subclasses. * @param PKPRequest $request * @return int */ function getRequestedSubmissionId($request) { return $request->getUserVar('submissionId'); }
/** * Return the DBResultRange structure and misc. variables describing the current page of a set of pages. * @param $rangeName string Symbolic name of range of pages; must match the Smarty {page_list ...} name. * @param $contextData array If set, this should contain a set of data that are required to * define the context of this request (for maintaining page numbers across requests). * To disable persistent page contexts, set this variable to null. * @return array ($pageNum, $dbResultRange) */ function &getRangeInfo($rangeName, $contextData = null) { //FIXME: is there any way to get around calling a Request (instead of a PKPRequest) here? $context =& Request::getContext(); $pageNum = PKPRequest::getUserVar($rangeName . 'Page'); if (empty($pageNum)) { $session =& PKPRequest::getSession(); $pageNum = 1; // Default to page 1 if ($session && $contextData !== null) { // See if we can get a page number from a prior request $contextHash = PKPHandler::hashPageContext($contextData); if (PKPRequest::getUserVar('clearPageContext')) { // Explicitly clear the old page context $session->unsetSessionVar("page-{$contextHash}"); } else { $oldPage = $session->getSessionVar("page-{$contextHash}"); if (is_numeric($oldPage)) { $pageNum = $oldPage; } } } } else { $session =& PKPRequest::getSession(); if ($session && $contextData !== null) { // Store the page number $contextHash = PKPHandler::hashPageContext($contextData); $session->setSessionVar("page-{$contextHash}", $pageNum); } } if ($context) { $count = $context->getSetting('itemsPerPage'); } if (!isset($count)) { $count = Config::getVar('interface', 'items_per_page'); } import('db.DBResultRange'); if (isset($count)) { $returner = new DBResultRange($count, $pageNum); } else { $returner = new DBResultRange(-1, -1); } return $returner; }
/** * Connector from AnthroNet. Receives a token in the 'token' query string argument * that is used to fetch author information via SOAP, create/or validate the author login, * and redirect to author home page. * @param array $args * @param PKPRequest $request */ function objectsForReviewLogin($args, $request) { $token = $request->getUserVar('token'); if ($token) { $authToken = $this->_doAuthenticate(); if ($authToken) { $user = $this->_doUserRequest($token, $authToken); if ($user) { $sessionManager =& SessionManager::getManager(); $sessionManager->regenerateSessionId(); $session =& $sessionManager->getUserSession(); $session->setSessionVar('userId', $user->getId()); $session->setUserId($user->getId()); $session->setSessionVar('username', $user->getUsername()); $request->redirect(null, 'objectsForReview'); // place them on the landing page for available objects. } else { $request->redirect(null, 'user'); } } } }
/** * @see AuthorizationPolicy::effect() */ function effect() { // Check if the signoff exists $signoffDao = DAORegistry::getDAO('SignoffDAO'); /* @var $signoffDao SignoffDAO */ $signoff = $signoffDao->getById($this->_request->getUserVar('signoffId')); $baseSignoff =& $signoff; // Check that the signoff exists if (!is_a($signoff, 'Signoff')) { return AUTHORIZATION_DENY; } // Check that we know what the current context is $context = $this->_request->getContext(); if (!is_a($context, 'Context')) { return AUTHORIZATION_DENY; } // Ensure that the signoff belongs to the current context $signoffDao = DAORegistry::getDAO('SignoffDAO'); $submissionFileDao = DAORegistry::getDAO('SubmissionFileDAO'); $submissionDao = Application::getSubmissionDAO(); while (true) { switch ($signoff->getAssocType()) { case ASSOC_TYPE_SIGNOFF: // This signoff is attached to another signoff. // We need to determine that the attached // signoff belongs to the current context. $newSignoff = $signoffDao->getById($signoff->getAssocId()); if (!is_a($newSignoff, 'Signoff')) { return AUTHORIZATION_DENY; } // Flip the reference so that the new object // gets authorized. unset($signoff); $signoff =& $newSignoff; unset($newSignoff); break; case ASSOC_TYPE_SUBMISSION_FILE: // Get the submission file $submissionFile =& $submissionFileDao->getLatestRevision($signoff->getAssocId()); if (!is_a($submissionFile, 'SubmissionFile')) { return AUTHORIZATION_DENY; } // Get the submission $submission = $submissionDao->getById($submissionFile->getSubmissionId(), $context->getId()); if (!is_a($submission, 'Submission')) { return AUTHORIZATION_DENY; } // Integrity checks OK. Permit. $this->addAuthorizedContextObject(ASSOC_TYPE_SIGNOFF, $baseSignoff); return AUTHORIZATION_PERMIT; case ASSOC_TYPE_SUBMISSION: $submission = $submissionDao->getById($signoff->getAssocId()); if (!is_a($submission, 'Submission')) { return AUTHORIZATION_DENY; } if ($submission->getContextId() != $context->getId()) { return AUTHORIZATION_DENY; } // Checks out OK. Permit. $this->addAuthorizedContextObject(ASSOC_TYPE_SIGNOFF, $baseSignoff); return AUTHORIZATION_PERMIT; default: return AUTHORIZATION_DENY; } } }
/** * Batch import from an ONIX XML export. * @param array $args * @param PKPRequest $request */ function uploadONIXObjectForReview($args, &$request) { $user = $request->getUser(); $journal =& $request->getJournal(); $ofrOrgDao =& DAORegistry::getDAO('ObjectForReviewOrganizationDAO'); $ofrPlugin =& $this->_getObjectsForReviewPlugin(); $ofrPlugin->import('classes.form.ObjectForReviewForm'); $reviewObjectTypeId = (int) $request->getUserVar('reviewObjectTypeId'); import('classes.file.TemporaryFileManager'); $temporaryFileManager = new TemporaryFileManager(); $temporaryFile = $temporaryFileManager->handleUpload('onixFile', $user->getId()); $filePath = $temporaryFile->getFilePath(); $parser = new XMLParser(); $doc =& $parser->parse($filePath); $multiple = $request->getUserVar('multiple'); if ($doc) { // Determine if we have short or long tags. $productNodes = $doc->getChildByName('product'); $shortTags = $productNodes ? true : false; for ($index = 0; $productNode = $doc->getChildByName($this->_getOnixTag('Product', $shortTags), $index); $index++) { $importData = array(); if ($productNode) { $publisherNode = $productNode->getChildByName($this->_getOnixTag('Publisher', $shortTags)); if ($publisherNode) { $publisherNameNode = $publisherNode->getChildByName($this->_getOnixTag('PublisherName', $shortTags)); if ($publisherNameNode) { $publisher = $publisherNameNode->getValue(); $organization =& $ofrOrgDao->getOrganizationByName(trim($publisher)); if ($organization) { $importData['publisherId'] = $organization->getId(); } } } $websiteNode = $publisherNode->getChildByName($this->_getOnixTag('Website', $shortTags)); if ($websiteNode) { $websiteLinkNode = $websiteNode->getChildByName($this->_getOnixTag('WebsiteLink', $shortTags)); $websiteLink = $websiteLinkNode->getValue(); $importData['book_publisher_url'] = $websiteLink; } $titleNode = $productNode->getChildByName($this->_getOnixTag('Title', $shortTags)); if ($titleNode) { $titleTextNode = $titleNode->getChildByName($this->_getOnixTag('TitleText', $shortTags)); $title = $titleTextNode->getValue(); $importData['title'] = $title; } $subTitleNode = $titleNode->getChildByName($this->_getOnixTag('Subtitle', $shortTags)); if ($subTitleNode) { $subTitle = $subTitleNode->getValue(); $importData['shortTitle'] = $subTitle; } $seriesNode = $productNode->getChildByName($this->_getOnixTag('Series', $shortTags)); if ($seriesNode) { $seriesTextNode = $seriesNode->getChildByName($this->_getOnixTag('TitleOfSeries', $shortTags)); $series = $seriesTextNode->getValue(); $importData['book_series'] = $series; } $languageNode = $productNode->getChildByName($this->_getOnixTag('Language', $shortTags)); if ($languageNode) { $languageCodeNode = $languageNode->getChildByName($this->_getOnixTag('LanguageCode', $shortTags)); $language = $languageCodeNode->getValue(); $importData['language'] = substr($language, 0, 2); } else { $importData['language'] = 'en'; } $pageNode = $productNode->getChildByName($this->_getOnixTag('NumberOfPages', $shortTags)); if ($pageNode) { $pages = $pageNode->getValue(); $importData['book_pages_no'] = $pages; } // Abstract. Look for OtherText with // sub element of TextTypeCode of '01' (main description) $abstract = ''; for ($authorIndex = 0; $node = $productNode->getChildByName($this->_getOnixTag('OtherText', $shortTags), $authorIndex); $authorIndex++) { $typeNode = $node->getChildByName($this->_getOnixTag('TextTypeCode', $shortTags)); if ($typeNode && $typeNode->getValue() == '01') { $textNode = $node->getChildByName($this->_getOnixTag('Text', $shortTags)); if ($textNode) { $abstract = strip_tags($textNode->getValue()); } break; } } $importData['abstract'] = $abstract; // ISBN-13 for ($productIdentifierIndex = 0; $node = $productNode->getChildByName($this->_getOnixTag('ProductIdentifier', $shortTags), $productIdentifierIndex); $productIdentifierIndex++) { $idTypeNode = $node->getChildByName($this->_getOnixTag('ProductIDType', $shortTags)); if ($idTypeNode && $idTypeNode->getValue() == '15') { // ISBN-13 $textNode = $node->getChildByName($this->_getOnixTag('IDValue', $shortTags)); if ($textNode) { $importData['book_isbn'] = $textNode->getValue(); } break; } } // Subjects $importData['subjectKeywords'] = ''; $subjects = array(); for ($subjectIndex = 0; $node = $productNode->getChildByName($this->_getOnixTag('Subject', $shortTags), $subjectIndex); $subjectIndex++) { $textNode = $node->getChildByName($this->_getOnixTag('SubjectHeadingText', $shortTags)); if ($textNode) { $subjects[] = $textNode->getValue(); } } $importData['subjectKeywords'] = join(', ', $subjects); $publicationDateNode = $productNode->getChildByName($this->_getOnixTag('PublicationDate', $shortTags)); if ($publicationDateNode) { $publicationDate = $publicationDateNode->getValue(); $importData['date'] = $publicationDate; } // Contributors. $persons = array(); for ($authorIndex = 0; $node = $productNode->getChildByName($this->_getOnixTag('Contributor', $shortTags), $authorIndex); $authorIndex++) { $firstNameNode = $node->getChildByName($this->_getOnixTag('NamesBeforeKey', $shortTags)); if ($firstNameNode) { $firstName = $firstNameNode->getValue(); } $lastNameNode = $node->getChildByName($this->_getOnixTag('KeyNames', $shortTags)); if ($lastNameNode) { $lastName = $lastNameNode->getValue(); } $seqNode = $node->getChildByName($this->_getOnixTag('SequenceNumber', $shortTags)); if ($seqNode) { $seq = $seqNode->getValue(); } $contributorRoleNode = $node->getChildByName($this->_getOnixTag('ContributorRole', $shortTags)); $contributorRole = ''; if ($contributorRoleNode) { switch ($contributorRoleNode->getValue()) { case 'A01': $contributorRole = '1'; break; case 'B01': $contributorRole = '3'; break; case 'B09': $contributorRole = '4'; break; case 'B06': $contributorRole = '5'; break; default: $contributorRole = '2'; // Contributor break; } } $persons[] = array('personId' => '', 'role' => $contributorRole, 'firstName' => $firstName, 'middleName' => '', 'lastName' => $lastName, 'seq' => (int) $seq); unset($node); } $importData['persons'] = $persons; if (!$multiple) { $temporaryFileManager->deleteFile($temporaryFile->getId(), $user->getId()); $this->editObjectForReview($args, &$request, $importData); break; } else { // we are processing more than one Product. Instaniate the form and let it // handle the object creation. $ofrForm = new ObjectForReviewForm($ofrPlugin->getName(), null, $reviewObjectTypeId, $importData); $ofrForm->initData(); $ofrForm->execute(); } } else { $request->redirect(null, 'editor', 'objectsForReview', 'onixError'); } } $request->redirect(null, 'editor', 'objectsForReview'); } else { // this deleteFile is only called if the document does not parse. $temporaryFileManager->deleteFile($temporaryFile->getId(), $user->getId()); $request->redirect(null, 'editor', 'objectsForReview'); } }