/** * @covers PolicySet */ public function testPolicySet() { // Test combining algorithm and default effect. $policySet = new PolicySet(); self::assertEquals(COMBINING_DENY_OVERRIDES, $policySet->getCombiningAlgorithm()); self::assertEquals(AUTHORIZATION_DENY, $policySet->getEffectIfNoPolicyApplies()); $policySet = new PolicySet(COMBINING_PERMIT_OVERRIDES); $policySet->setEffectIfNoPolicyApplies(AUTHORIZATION_PERMIT); self::assertEquals(COMBINING_PERMIT_OVERRIDES, $policySet->getCombiningAlgorithm()); self::assertEquals(AUTHORIZATION_PERMIT, $policySet->getEffectIfNoPolicyApplies()); // Test adding policies. $policySet->addPolicy($policy1 = new AuthorizationPolicy('policy1')); $policySet->addPolicy($policy2 = new AuthorizationPolicy('policy2')); $policySet->addPolicy($policy3 = new AuthorizationPolicy('policy3'), $addToTop = true); self::assertEquals(array($policy3, $policy1, $policy2), $policySet->getPolicies()); }
/** * Constructor * @param $request PKPRequest * @param $args array request arguments * @param $roleAssignments array * @param $accessMode int */ function OjsPluginAccessPolicy($request, &$args, $roleAssignments, $accessMode = ACCESS_MODE_ADMIN) { parent::PolicySet(); // A valid plugin is required. $this->addPolicy(new PluginRequiredPolicy($request)); // Journal managers and site admin have // access to plugins. We'll have to define // differentiated policies for those roles in a policy set. $pluginAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES); $pluginAccessPolicy->setEffectIfNoPolicyApplies(AUTHORIZATION_DENY); // // Managerial role // if (isset($roleAssignments[ROLE_ID_MANAGER])) { if ($accessMode & ACCESS_MODE_MANAGE) { // Journal managers have edit settings access mode... $journalManagerPluginAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES); $journalManagerPluginAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_MANAGER, $roleAssignments[ROLE_ID_MANAGER])); // ...only to journal level plugins. $journalManagerPluginAccessPolicy->addPolicy(new PluginLevelRequiredPolicy($request, CONTEXT_JOURNAL)); $pluginAccessPolicy->addPolicy($journalManagerPluginAccessPolicy); } } // // Site administrator role // if (isset($roleAssignments[ROLE_ID_SITE_ADMIN])) { // Site admin have access to all plugins... $siteAdminPluginAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES); $siteAdminPluginAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SITE_ADMIN, $roleAssignments[ROLE_ID_SITE_ADMIN])); if ($accessMode & ACCESS_MODE_MANAGE) { // ...of site level only. $siteAdminPluginAccessPolicy->addPolicy(new PluginLevelRequiredPolicy($request, CONTEXT_SITE)); } $pluginAccessPolicy->addPolicy($siteAdminPluginAccessPolicy); } $this->addPolicy($pluginAccessPolicy); }