Bug 8266

Summary: Editors receiving reviewer notifications get incorrect URLs
Product: OJS Reporter: Alec Smecher <alec>
Component: EditorsAssignee: Jason Nugent <jason.nugent>
Status: RESOLVED WONTFIX    
Severity: normal CC: dgardner, jason.nugent
Priority: P3    
Version: 2.4.3   
Hardware: All   
OS: All   
Version Reported In: Also Affects:

Description Alec Smecher 2013-06-18 16:33:01 PDT
See http://pkp.sfu.ca/support/forum/viewtopic.php?f=8&t=10133 for details. The problematic line of code appears to be NotificationManager.inc.php line 70 (in OJS 2.4.2).
Comment 1 Jason Nugent 2013-09-04 07:01:35 PDT
Hi Alec,

Looking at this bug a bit more, the notification manager builds the url based on a call to _getCachedRole() which in turn looks at either privilegedRoles() or _getHighestPrivilegedRolesForArticle() for that user.  The bug report indicates that a journal editor is getting a link with 'reviewer' as the role, which seems to indicate that highest privileged role isn't the one being returned.  

This code also seems to make the assumption that the page op being included in the url exists in the handlers for all possible roles.
Comment 2 Alec Smecher 2013-09-04 08:57:21 PDT
Yes, I think that captures the bug. That code is a liability, and already gone for OJS 3.0a, but we ought to be able to patch this particular hole without too much work.
Comment 3 Jason Nugent 2013-09-10 09:23:28 PDT
This bug appears to have been fixed in this commit:

https://github.com/pkp/ojs/commit/faa31d7fa99c27277483220e037b4f2fafc92f30#diff-11

Previously, notifications were being created for all users associated with an article. This would have generated incorrect URLs in certain conditions.  Users with older installations may still have incorrect notifications in their database, but upgraded installations will not generate incorrect ones any more.