Open Monograph Press  1.1
 All Classes Namespaces Functions Variables Groups Pages
PKPSubmissionFileRequestedRevisionRequiredPolicy.inc.php
1 <?php
17 import('lib.pkp.classes.security.authorization.internal.SubmissionFileBaseAccessPolicy');
18 
24  function PKPSubmissionFileRequestedRevisionRequiredPolicy($request, $fileIdAndRevision = null) {
25  parent::SubmissionFileBaseAccessPolicy($request, $fileIdAndRevision);
26  }
27 
28 
29  //
30  // Implement template methods from AuthorizationPolicy
31  // Note: This class is subclassed in each Application, so that Policies have the opportunity to add
32  // constraints to the effect() method. See e.g. SubmissionFileRequestedRevisionRequiredPolicy.inc.php in OMP.
33  //
37  function effect() {
38  $request = $this->getRequest();
39  $reviewRoundDao = DAORegistry::getDAO('ReviewRoundDAO'); /* @var $reviewRoundDao ReviewRoundDAO */
40 
41  // Get the submission file.
42  $submissionFile = $this->getSubmissionFile($request);
43  if (!is_a($submissionFile, 'SubmissionFile')) return AUTHORIZATION_DENY;
44 
45  // Make sure the file belongs to the submission in request.
46  $submission =& $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
47  if (!is_a($submission, 'Submission')) return AUTHORIZATION_DENY;
48  if ($submission->getId() != $submissionFile->getSubmissionId()) return AUTHORIZATION_DENY;
49 
50  // Make sure the file is part of a review round
51  // with a requested revision decision.
52  $reviewRound = $reviewRoundDao->getBySubmissionFileId($submissionFile->getFileId());
53  if (!is_a($reviewRound, 'ReviewRound')) return AUTHORIZATION_DENY;
54  import('classes.workflow.EditorDecisionActionsManager');
55  if (!EditorDecisionActionsManager::getEditorTakenActionInReviewRound($reviewRound, array(SUBMISSION_EDITOR_DECISION_PENDING_REVISIONS))) {
56  return AUTHORIZATION_DENY;
57  }
58 
59  // Make sure that it's in the review stage.
60  $reviewRound = $reviewRoundDao->getBySubmissionFileId($submissionFile->getFileId());
61  if (!is_a($reviewRound, 'ReviewRound')) return AUTHORIZATION_DENY;
62 
63  // Make sure review round stage is the same of the current stage in request.
64  $stageId = $this->getAuthorizedContextObject(ASSOC_TYPE_WORKFLOW_STAGE);
65  if ($reviewRound->getStageId() != $stageId) return AUTHORIZATION_DENY;
66 
67  // Made it through -- permit access.
68  return AUTHORIZATION_PERMIT;
69  }
70 }
71 
72 ?>
static & getDAO($name, $dbconn=null)
& getAuthorizedContextObject($assocType)
Base Submission file policy to ensure we have a viewable file that is part of a review round with the...
Abstract class for submission file access policies.
getEditorTakenActionInReviewRound($reviewRound, $decisions=array())