/** * @copydoc PKPHandler::authorize() */ function authorize($request, &$args, $roleAssignments) { // Get the galley Policy import('classes.security.authorization.GalleyRequiredPolicy'); $galleyPolicy = new GalleyRequiredPolicy($request, $args); // Get the workflow stage policy import('classes.security.authorization.WorkflowStageAccessPolicy'); $stagePolicy = new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', WORKFLOW_STAGE_ID_PRODUCTION); // Add the Galley policy to the stage policy. $stagePolicy->addPolicy($galleyPolicy); // Add the augmented policy to the handler. $this->addPolicy($stagePolicy); return parent::authorize($request, $args, $roleAssignments); }
/** * @see PKPHandler::authorize() * @param $request PKPRequest * @param $args array * @param $roleAssignments array */ function authorize($request, &$args, $roleAssignments) { $stageId = $request->getUserVar('stageId'); // This is being validated in WorkflowStageAccessPolicy // Not all actions need a stageId. Some work off the reviewAssignment which has the type and round. $this->_stageId = (int) $stageId; // Get the stage access policy import('lib.pkp.classes.security.authorization.WorkflowStageAccessPolicy'); $ompWorkflowStageAccessPolicy = new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId); // Add policy to ensure there is a review round id. import('lib.pkp.classes.security.authorization.internal.ReviewRoundRequiredPolicy'); $ompWorkflowStageAccessPolicy->addPolicy(new ReviewRoundRequiredPolicy($request, $args, 'reviewRoundId', $this->_getReviewRoundOps())); // Add policy to ensure there is a review assignment for certain operations. import('lib.pkp.classes.security.authorization.internal.ReviewAssignmentRequiredPolicy'); $ompWorkflowStageAccessPolicy->addPolicy(new ReviewAssignmentRequiredPolicy($request, $args, 'reviewAssignmentId', $this->_getReviewAssignmentOps())); $this->addPolicy($ompWorkflowStageAccessPolicy); return parent::authorize($request, $args, $roleAssignments); }