/** * Display the form. * @param $request Request */ function display($request) { $canOnlyRead = true; $canOnlyReview = false; if (Validation::isReviewer()) { $canOnlyRead = false; $canOnlyReview = true; } if (Validation::isSiteAdmin() || Validation::isJournalManager() || Validation::isEditor() || Validation::isSectionEditor()) { $canOnlyRead = false; $canOnlyReview = false; } $templateMgr =& TemplateManager::getManager(); // Remove the notification setting categories that the user will not be receiving (to simplify the form) $notificationSettingCategories = $this->_getNotificationSettingCategories(); if ($canOnlyRead || $canOnlyReview) { unset($notificationSettingCategories['submissions']); } if ($canOnlyRead) { unset($notificationSettingCategories['reviewing']); } $templateMgr->assign('notificationSettingCategories', $notificationSettingCategories); $templateMgr->assign('notificationSettings', $this->_getNotificationSettingsMap()); $templateMgr->assign('titleVar', __('common.title')); return parent::display($request); }
/** * Display the form. */ function display() { $canOnlyRead = true; $canOnlyReview = false; if (Validation::isReviewer()) { $canOnlyRead = false; $canOnlyReview = true; } if (Validation::isSiteAdmin() || Validation::isJournalManager() || Validation::isEditor() || Validation::isSectionEditor()) { $canOnlyRead = false; $canOnlyReview = false; } $templateMgr =& TemplateManager::getManager(); $templateMgr->assign('canOnlyRead', $canOnlyRead); $templateMgr->assign('canOnlyReview', $canOnlyReview); return parent::display(); }
function email($args) { parent::validate(); parent::setupTemplate(true); $templateMgr =& TemplateManager::getManager(); $userDao =& DAORegistry::getDAO('UserDAO'); $journal =& Request::getJournal(); $user =& Request::getUser(); // See if this is the Editor or Manager and an email template has been chosen $template = Request::getUserVar('template'); if (!$journal || empty($template) || !Validation::isJournalManager($journal->getJournalId()) && !Validation::isEditor($journal->getJournalId()) && !Validation::isSectionEditor($journal->getJournalId())) { $template = null; } // Determine whether or not this account is subject to // email sending restrictions. $canSendUnlimitedEmails = Validation::isSiteAdmin(); $unlimitedEmailRoles = array(ROLE_ID_JOURNAL_MANAGER, ROLE_ID_EDITOR, ROLE_ID_SECTION_EDITOR); $roleDao =& DAORegistry::getDAO('RoleDAO'); if ($journal) { $roles =& $roleDao->getRolesByUserId($user->getUserId(), $journal->getJournalId()); foreach ($roles as $role) { if (in_array($role->getRoleId(), $unlimitedEmailRoles)) { $canSendUnlimitedEmails = true; } } } // Check when this user last sent an email, and if it's too // recent, make them wait. if (!$canSendUnlimitedEmails) { $dateLastEmail = $user->getDateLastEmail(); if ($dateLastEmail && strtotime($dateLastEmail) + (int) Config::getVar('email', 'time_between_emails') > strtotime(Core::getCurrentDate())) { $templateMgr->assign('pageTitle', 'email.compose'); $templateMgr->assign('message', 'email.compose.tooSoon'); $templateMgr->assign('backLink', 'javascript:history.back()'); $templateMgr->assign('backLinkLabel', 'email.compose'); return $templateMgr->display('common/message.tpl'); } } $email = null; if ($articleId = Request::getUserVar('articleId')) { // This message is in reference to an article. // Determine whether the current user has access // to the article in some form, and if so, use an // ArticleMailTemplate. $articleDao =& DAORegistry::getDAO('ArticleDAO'); $article =& $articleDao->getArticle($articleId); $hasAccess = false; // First, conditions where access is OK. // 1. User is submitter if ($article && $article->getUserId() == $user->getUserId()) { $hasAccess = true; } // 2. User is section editor of article or full editor $editAssignmentDao =& DAORegistry::getDAO('EditAssignmentDAO'); $editAssignments =& $editAssignmentDao->getEditAssignmentsByArticleId($articleId); while ($editAssignment =& $editAssignments->next()) { if ($editAssignment->getEditorId() === $user->getUserId()) { $hasAccess = true; } } if (Validation::isEditor($journal->getJournalId())) { $hasAccess = true; } // 3. User is reviewer $reviewAssignmentDao =& DAORegistry::getDAO('ReviewAssignmentDAO'); foreach ($reviewAssignmentDao->getReviewAssignmentsByArticleId($articleId) as $reviewAssignment) { if ($reviewAssignment->getReviewerId() === $user->getUserId()) { $hasAccess = true; } } // 4. User is copyeditor $copyAssignmentDao =& DAORegistry::getDAO('CopyAssignmentDAO'); $copyAssignment =& $copyAssignmentDao->getCopyAssignmentByArticleId($articleId); if ($copyAssignment && $copyAssignment->getCopyeditorId() === $user->getUserId()) { $hasAccess = true; } // 5. User is layout editor $layoutAssignmentDao =& DAORegistry::getDAO('LayoutAssignmentDAO'); $layoutAssignment =& $layoutAssignmentDao->getLayoutAssignmentByArticleId($articleId); if ($layoutAssignment && $layoutAssignment->getEditorId() === $user->getUserId()) { $hasAccess = true; } // 6. User is proofreader $proofAssignmentDao =& DAORegistry::getDAO('ProofAssignmentDAO'); $proofAssignment =& $proofAssignmentDao->getProofAssignmentByArticleId($articleId); if ($proofAssignment && $proofAssignment->getProofreaderId() === $user->getUserId()) { $hasAccess = true; } // Last, "deal-breakers" -- access is not allowed. if (!$article || $article && $article->getJournalId() !== $journal->getJournalId()) { $hasAccess = false; } if ($hasAccess) { import('mail.ArticleMailTemplate'); $email =& new ArticleMailTemplate($articleDao->getArticle($articleId, $template)); } } if ($email === null) { import('mail.MailTemplate'); $email =& new MailTemplate($template); } if (Request::getUserVar('send') && !$email->hasErrors()) { $recipients = $email->getRecipients(); $ccs = $email->getCcs(); $bccs = $email->getBccs(); // Make sure there aren't too many recipients (to // prevent use as a spam relay) $recipientCount = 0; if (is_array($recipients)) { $recipientCount += count($recipients); } if (is_array($ccs)) { $recipientCount += count($ccs); } if (is_array($bccs)) { $recipientCount += count($bccs); } if (!$canSendUnlimitedEmails && $recipientCount > (int) Config::getVar('email', 'max_recipients')) { $templateMgr->assign('pageTitle', 'email.compose'); $templateMgr->assign('message', 'email.compose.tooManyRecipients'); $templateMgr->assign('backLink', 'javascript:history.back()'); $templateMgr->assign('backLinkLabel', 'email.compose'); return $templateMgr->display('common/message.tpl'); } $email->send(); $redirectUrl = Request::getUserVar('redirectUrl'); if (empty($redirectUrl)) { $redirectUrl = Request::url(null, 'user'); } $user->setDateLastEmail(Core::getCurrentDate()); $userDao->updateUser($user); Request::redirectUrl($redirectUrl); } else { $email->displayEditForm(Request::url(null, null, 'email'), array('redirectUrl' => Request::getUserVar('redirectUrl'), 'articleId' => $articleId), null, array('disableSkipButton' => true, 'articleId' => $articleId)); } }
function validate($referralId = null) { parent::validate(); if ($referralId) { $referralDao =& DAORegistry::getDAO('ReferralDAO'); $publishedArticleDao =& DAORegistry::getDAO('PublishedArticleDAO'); $referral =& $referralDao->getReferral($referralId); if (!$referral) { Request::redirect(null, 'index'); } $user =& Request::getUser(); $journal =& Request::getJournal(); $article =& $publishedArticleDao->getPublishedArticleByArticleId($referral->getArticleId()); if (!$article || !$journal) { Request::redirect(null, 'index'); } if ($article->getJournalId() != $journal->getId()) { Request::redirect(null, 'index'); } // The article's submitter, journal SE, and journal Editors are allowed. if ($article->getUserId() != $user->getId() && !Validation::isSectionEditor($journal->getId()) && !Validation::isEditor($journal->getId())) { Request::redirect(null, 'index'); } } else { $referral = $article = null; } $plugin =& Registry::get('plugin'); return array(&$plugin, &$referral, &$article); }
/** * Validate that user is a section editor in the selected journal. * Redirects to user index page if not properly authenticated. */ function validate() { parent::validate(); $journal =& Request::getJournal(); // FIXME This is kind of evil $page = Request::getRequestedPage(); if (!isset($journal) || $page == 'sectionEditor' && !Validation::isSectionEditor($journal->getJournalId()) || $page == 'editor' && !Validation::isEditor($journal->getJournalId())) { Validation::redirectLogin(); } }
/** * Gather information about a user's role within a journal. * @param $userId int * @param $journalId int * @param $submissionsCount array reference * @param $isValid array reference */ function _getRoleDataForJournal($userId, $journalId, &$submissionsCount, &$isValid) { if (Validation::isJournalManager($journalId)) { $journalDao =& DAORegistry::getDAO('JournalDAO'); $isValid["JournalManager"][$journalId] = true; } if (Validation::isSubscriptionManager($journalId)) { $isValid["SubscriptionManager"][$journalId] = true; } if (Validation::isAuthor($journalId)) { $authorSubmissionDao =& DAORegistry::getDAO('AuthorSubmissionDAO'); $submissionsCount["Author"][$journalId] = $authorSubmissionDao->getSubmissionsCount($userId, $journalId); $isValid["Author"][$journalId] = true; } if (Validation::isCopyeditor($journalId)) { $copyeditorSubmissionDao =& DAORegistry::getDAO('CopyeditorSubmissionDAO'); $submissionsCount["Copyeditor"][$journalId] = $copyeditorSubmissionDao->getSubmissionsCount($userId, $journalId); $isValid["Copyeditor"][$journalId] = true; } if (Validation::isLayoutEditor($journalId)) { $layoutEditorSubmissionDao =& DAORegistry::getDAO('LayoutEditorSubmissionDAO'); $submissionsCount["LayoutEditor"][$journalId] = $layoutEditorSubmissionDao->getSubmissionsCount($userId, $journalId); $isValid["LayoutEditor"][$journalId] = true; } if (Validation::isEditor($journalId)) { $editorSubmissionDao =& DAORegistry::getDAO('EditorSubmissionDAO'); $submissionsCount["Editor"][$journalId] = $editorSubmissionDao->getEditorSubmissionsCount($journalId); $isValid["Editor"][$journalId] = true; } if (Validation::isSectionEditor($journalId)) { $sectionEditorSubmissionDao =& DAORegistry::getDAO('SectionEditorSubmissionDAO'); $submissionsCount["SectionEditor"][$journalId] = $sectionEditorSubmissionDao->getSectionEditorSubmissionsCount($userId, $journalId); $isValid["SectionEditor"][$journalId] = true; } if (Validation::isProofreader($journalId)) { $proofreaderSubmissionDao =& DAORegistry::getDAO('ProofreaderSubmissionDAO'); $submissionsCount["Proofreader"][$journalId] = $proofreaderSubmissionDao->getSubmissionsCount($userId, $journalId); $isValid["Proofreader"][$journalId] = true; } if (Validation::isReviewer($journalId)) { $reviewerSubmissionDao =& DAORegistry::getDAO('ReviewerSubmissionDAO'); $submissionsCount["Reviewer"][$journalId] = $reviewerSubmissionDao->getSubmissionsCount($userId, $journalId); $isValid["Reviewer"][$journalId] = true; } }
/** * Validate that the user is the assigned section editor for * the article, or is a managing editor. * Redirects to sectionEditor index page if validation fails. * @param $articleId int Article ID to validate * @param $access int Optional name of access level required -- see SECTION_EDITOR_ACCESS_... constants */ function validate($articleId, $access = null) { parent::validate(); $isValid = true; $sectionEditorSubmissionDao =& DAORegistry::getDAO('SectionEditorSubmissionDAO'); $journal =& Request::getJournal(); $user =& Request::getUser(); $sectionEditorSubmission =& $sectionEditorSubmissionDao->getSectionEditorSubmission($articleId); if ($sectionEditorSubmission == null) { $isValid = false; } else { if ($sectionEditorSubmission->getJournalId() != $journal->getId()) { $isValid = false; } else { if ($sectionEditorSubmission->getDateSubmitted() == null) { $isValid = false; } else { $templateMgr =& TemplateManager::getManager(); if (Validation::isEditor() || Validation::isSectionEditor()) { // Make canReview and canEdit available to templates. // Since this user is an editor, both are available. $templateMgr->assign('canReview', true); $templateMgr->assign('canEdit', true); } else { // If this user isn't the submission's editor, they don't have access. $sectionEditorsDao =& DAORegistry::getDAO('SectionEditorsDAO'); $sectionEditors =& $sectionEditorsDao->getEditorsBySectionId($journal->getId(), $sectionEditorSubmission->getSectionId()); $wasFound = false; foreach ($sectionEditors as $sectionEditor) { if ($sectionEditor->getId() == $user->getId()) { $templateMgr->assign('canReview', true); $templateMgr->assign('canEdit', true); switch ($access) { case SECTION_EDITOR_ACCESS_EDIT: $wasFound = true; break; case SECTION_EDITOR_ACCESS_REVIEW: $wasFound = true; break; default: $wasFound = true; break; } } } if (!$wasFound) { $isValid = false; } } } } } if (!$isValid) { Request::redirect(null, Request::getRequestedPage()); } $this->submission =& $sectionEditorSubmission; return true; }