/**
* Validate that the user is the assigned section editor for
* the citation's article, or is a managing editor. Raises a
* fatal error if validation fails.
* @param $requiredContexts array
* @param $request PKPRequest
* @return boolean
*/
function validate($requiredContexts, $request)
{
// Retrieve the request context
$router =& $request->getRouter();
$journal =& $router->getContext($request);
// Authorization and validation checks
// NB: Error messages are in plain English as they directly go to fatal errors.
// (Validation errors in components are either programming errors or somebody
// trying to call components directly which is no legal use case anyway.)
// 1) restricted site access
if (isset($journal) && $journal->getSetting('restrictSiteAccess')) {
import('handler.validation.HandlerValidatorCustom');
$this->addCheck(new HandlerValidatorCustom($this, false, 'Restricted site access!', null, create_function('', 'if (!Validation::isLoggedIn()) return false; else return true;')));
}
// 2) we need a journal
$this->addCheck(new HandlerValidatorJournal($this, false, 'No journal in context!'));
// 3) only editors or section editors may access
$this->addCheck(new HandlerValidatorRoles($this, false, 'Insufficient privileges!', null, array(ROLE_ID_EDITOR, ROLE_ID_SECTION_EDITOR)));
// Execute standard checks
if (!parent::validate($requiredContexts, $request)) {
return false;
}
// Retrieve and validate the article id
$articleId =& $request->getUserVar('articleId');
if (!is_numeric($articleId)) {
return false;
}
// Retrieve the article associated with this citation grid
$articleDAO =& DAORegistry::getDAO('ArticleDAO');
$article =& $articleDAO->getArticle($articleId);
// Article and editor validation
if (!is_a($article, 'Article')) {
return false;
}
if ($article->getJournalId() != $journal->getId()) {
return false;
}
// Editors have access to all articles, section editors will be
// checked individually.
if (!Validation::isEditor()) {
// Retrieve the edit assignments
$editAssignmentDao =& DAORegistry::getDAO('EditAssignmentDAO');
$editAssignments =& $editAssignmentDao->getEditAssignmentsByArticleId($article->getId());
assert(is_a($editAssignments, 'DAOResultFactory'));
$editAssignmentsArray =& $editAssignments->toArray();
// Check whether the user is the article's editor,
// otherwise deny access.
$user =& $request->getUser();
$userId = $user->getId();
$wasFound = false;
foreach ($editAssignmentsArray as $editAssignment) {
if ($editAssignment->getEditorId() == $userId) {
if ($editAssignment->getCanEdit()) {
$wasFound = true;
}
break;
}
}
if (!$wasFound) {
return false;
}
}
// Validation successful
$this->_article =& $article;
return true;
}
