Open Journal Systems  3.3.0
OjsIssueRequiredPolicy.inc.php
1 <?php
15 import('lib.pkp.classes.security.authorization.DataObjectRequiredPolicy');
16 
19  var $journal;
20 
27  function __construct($request, &$args, $operations = null) {
28  parent::__construct($request, $args, 'issueId', 'user.authorization.invalidIssue', $operations);
29  $this->journal = $request->getJournal();
30  }
31 
32  //
33  // Implement template methods from AuthorizationPolicy
34  //
38  function dataObjectEffect() {
39  $issueId = $this->getDataObjectId();
40  if (!$issueId) return AUTHORIZATION_DENY;
41 
42  // Make sure the issue belongs to the journal.
43  $issueDao = DAORegistry::getDAO('IssueDAO'); /* @var $issueDao IssueDAO */
44  $issue = $issueDao->getByBestId($issueId, $this->journal->getId());
45 
46  if (!is_a($issue, 'Issue')) return AUTHORIZATION_DENY;
47 
48  // The issue must be published, or we must have pre-publication
49  // access to it.
50  $userRoles = $this->getAuthorizedContextObject(ASSOC_TYPE_USER_ROLES);
51  if (!$issue->getPublished() && count(array_intersect(
52  $userRoles,
53  array(
54  ROLE_ID_SITE_ADMIN,
55  ROLE_ID_MANAGER,
56  ROLE_ID_SUB_EDITOR,
57  ROLE_ID_ASSISTANT,
58  )
59  ))==0) {
60  return AUTHORIZATION_DENY;
61  }
62 
63  // Save the issue to the authorization context.
64  $this->addAuthorizedContextObject(ASSOC_TYPE_ISSUE, $issue);
65  return AUTHORIZATION_PERMIT;
66  }
67 
72  function getDataObjectId($lookOnlyByParameterName = false) {
73  if ($lookOnlyByParameterName) throw new Exception('lookOnlyByParameterName not supported for issues.');
74  // Identify the data object id.
75  $router = $this->_request->getRouter();
76  switch(true) {
77  case is_a($router, 'PKPPageRouter'):
78  if ( ctype_digit((string) $this->_request->getUserVar($this->_parameterName)) ) {
79  // We may expect a object id in the user vars
80  return (int) $this->_request->getUserVar($this->_parameterName);
81  } else if (isset($this->_args[0])) {
82  // Or the object id can be expected as the first path in the argument list
83  return $this->_args[0];
84  }
85  break;
86 
87  default:
88  return parent::getDataObjectId();
89  }
90 
91  return false;
92  }
93 }
94 
95 
OjsIssueRequiredPolicy\$journal
$journal
Definition: OjsIssueRequiredPolicy.inc.php:22
DAORegistry\getDAO
static & getDAO($name, $dbconn=null)
Definition: DAORegistry.inc.php:57
OjsIssueRequiredPolicy
Policy that ensures that the request contains a valid issue.
Definition: OjsIssueRequiredPolicy.inc.php:17
OjsIssueRequiredPolicy\__construct
__construct($request, &$args, $operations=null)
Definition: OjsIssueRequiredPolicy.inc.php:30
AuthorizationPolicy\getAuthorizedContextObject
& getAuthorizedContextObject($assocType)
Definition: AuthorizationPolicy.inc.php:117
AuthorizationPolicy\addAuthorizedContextObject
addAuthorizedContextObject($assocType, &$authorizedObject)
Definition: AuthorizationPolicy.inc.php:97
OjsIssueRequiredPolicy\getDataObjectId
getDataObjectId($lookOnlyByParameterName=false)
Definition: OjsIssueRequiredPolicy.inc.php:75
OjsIssueRequiredPolicy\dataObjectEffect
dataObjectEffect()
Definition: OjsIssueRequiredPolicy.inc.php:41
DataObjectRequiredPolicy
Abstract base class for policies that check for a data object from a parameter.
Definition: DataObjectRequiredPolicy.inc.php:17