/**
* Constructor
* @param $request PKPRequest
* @param $args array request parameters
* @param $roleAssignments array
* @param $submissionParameterName string the request parameter we expect
* the submission id in.
*/
function OmpSubmissionAccessPolicy(&$request, $args, $roleAssignments, $submissionParameterName = 'monographId')
{
parent::PressPolicy($request);
// We need a submission in the request.
import('classes.security.authorization.internal.MonographRequiredPolicy');
$this->addPolicy(new MonographRequiredPolicy($request, $args, $submissionParameterName));
// Authors, press managers and series editors potentially have access
// to submissions. We'll have to define differentiated policies for those
// roles in a policy set.
$submissionAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
//
// Managerial role
//
if (isset($roleAssignments[ROLE_ID_PRESS_MANAGER])) {
// Press managers have access to all submissions.
$submissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_PRESS_MANAGER, $roleAssignments[ROLE_ID_PRESS_MANAGER]));
}
//
// Series editor role
//
if (isset($roleAssignments[ROLE_ID_SERIES_EDITOR])) {
// 1) Series editors can access all operations on submissions ...
$seriesEditorSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$seriesEditorSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SERIES_EDITOR, $roleAssignments[ROLE_ID_SERIES_EDITOR]));
// 2) ... but only if the requested submission is part of their series.
import('classes.security.authorization.internal.SeriesAssignmentPolicy');
$seriesEditorSubmissionAccessPolicy->addPolicy(new SeriesAssignmentPolicy($request));
$submissionAccessPolicy->addPolicy($seriesEditorSubmissionAccessPolicy);
}
//
// Author role
//
if (isset($roleAssignments[ROLE_ID_AUTHOR])) {
// 1) Author role user groups can access whitelisted operations ...
$authorSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$authorSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_AUTHOR, $roleAssignments[ROLE_ID_AUTHOR]));
// 2) ... if the requested submission is their own ...
import('classes.security.authorization.internal.MonographAuthorPolicy');
$authorSubmissionAccessPolicy->addPolicy(new MonographAuthorPolicy($request));
$submissionAccessPolicy->addPolicy($authorSubmissionAccessPolicy);
}
//
// Reviewer role
//
if (isset($roleAssignments[ROLE_ID_REVIEWER])) {
// 1) Reviewers can access whitelisted operations ...
$reviewerSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$reviewerSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_REVIEWER, $roleAssignments[ROLE_ID_REVIEWER]));
// 2) ... but only if they have been assigned to the submission as reviewers.
import('classes.security.authorization.internal.ReviewAssignmentAccessPolicy');
$reviewerSubmissionAccessPolicy->addPolicy(new ReviewAssignmentAccessPolicy($request));
$submissionAccessPolicy->addPolicy($reviewerSubmissionAccessPolicy);
}
$this->addPolicy($submissionAccessPolicy);
}
/**
* Constructor
* @param $request PKPRequest
* @param $roleAssignments array
*/
function OmpPressAccessPolicy(&$request, $roleAssignments)
{
parent::PressPolicy($request);
// On press level we don't have role-specific conditions
// so we can simply add all role assignments. It's ok if
// any of these role conditions permits access.
$pressRolePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
foreach ($roleAssignments as $role => $operations) {
$pressRolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $role, $operations));
}
$this->addPolicy($pressRolePolicy);
}
/**
* Constructor
* @param $request PKPRequest
* @param $args array request arguments
* @param $roleAssignments array
*/
function OmpWorkflowStageAccessPolicy(&$request, &$args, $roleAssignments, $submissionParameterName = 'monographId', $stageId = null)
{
parent::PressPolicy($request);
// A workflow stage component can only be called if there's a
// valid series editor submission in the request.
import('classes.security.authorization.internal.SeriesEditorSubmissionRequiredPolicy');
$this->addPolicy(new SeriesEditorSubmissionRequiredPolicy($request, $args, $submissionParameterName));
// Create a "permit overrides" policy set that specifies
// role-specific access to submission stage operations.
$workflowStagePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
//
// Managerial role
//
if (isset($roleAssignments[ROLE_ID_PRESS_MANAGER])) {
// Press managers can access all whitelisted operations for all submissions and all workflow stages.
$workflowStagePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_PRESS_MANAGER, $roleAssignments[ROLE_ID_PRESS_MANAGER]));
}
//
// Series editor role
//
if (isset($roleAssignments[ROLE_ID_SERIES_EDITOR])) {
// 1) Series editors can access whitelisted operations ...
$seriesEditorWorkflowStagePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$seriesEditorWorkflowStagePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SERIES_EDITOR, $roleAssignments[ROLE_ID_SERIES_EDITOR]));
// 2) ... if the requested workflow stage has been assigned to them in the press settings ...
import('classes.security.authorization.internal.WorkflowSettingsAssignmentPolicy');
$seriesEditorWorkflowStagePolicy->addPolicy(new WorkflowSettingsAssignmentPolicy($request));
// 3) ... but only if the requested submission is part of their series.
import('classes.security.authorization.internal.SeriesAssignmentPolicy');
$seriesEditorWorkflowStagePolicy->addPolicy(new SeriesAssignmentPolicy($request));
$workflowStagePolicy->addPolicy($seriesEditorWorkflowStagePolicy);
}
//
// Press role
//
if (isset($roleAssignments[ROLE_ID_PRESS_ASSISTANT])) {
// 1) Press role user groups can access whitelisted operations ...
$pressRoleWorkflowStagePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$pressRoleWorkflowStagePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_PRESS_ASSISTANT, $roleAssignments[ROLE_ID_PRESS_ASSISTANT]));
// 2) ... but only if the requested workflow stage has been assigned to them in the requested submission.
import('classes.security.authorization.internal.WorkflowSubmissionAssignmentPolicy');
$pressRoleWorkflowStagePolicy->addPolicy(new WorkflowSubmissionAssignmentPolicy($request, $stageId));
$workflowStagePolicy->addPolicy($pressRoleWorkflowStagePolicy);
}
//
// Author role
//
if (isset($roleAssignments[ROLE_ID_AUTHOR])) {
// 1) Author role user groups can access whitelisted operations ...
$authorRoleWorkflowStagePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$authorRoleWorkflowStagePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_AUTHOR, $roleAssignments[ROLE_ID_AUTHOR]));
// 2) ... if the requested submission is their own ...
import('classes.security.authorization.internal.MonographAuthorPolicy');
$authorRoleWorkflowStagePolicy->addPolicy(new MonographAuthorPolicy($request));
// 3) ... and only if the requested workflow stage has been assigned to them in the requested submission.
import('classes.security.authorization.internal.WorkflowSubmissionAssignmentPolicy');
$authorRoleWorkflowStagePolicy->addPolicy(new WorkflowSubmissionAssignmentPolicy($request, $stageId));
$workflowStagePolicy->addPolicy($authorRoleWorkflowStagePolicy);
}
// Add the role-specific policies to this policy set.
$this->addPolicy($workflowStagePolicy);
}
