Open Monograph Press  1.1
 All Classes Namespaces Functions Variables Groups Pages
ReviewAssignmentRequiredPolicy.inc.php
1 <?php
15 import('lib.pkp.classes.security.authorization.DataObjectRequiredPolicy');
16 
25  function ReviewAssignmentRequiredPolicy($request, &$args, $parameterName = 'reviewAssignmentId', $operations = null) {
26  parent::DataObjectRequiredPolicy($request, $args, $parameterName, 'user.authorization.invalidReviewAssignment', $operations);
27  }
28 
29  //
30  // Implement template methods from AuthorizationPolicy
31  //
35  function dataObjectEffect() {
36  $reviewId = (int)$this->getDataObjectId();
37  if (!$reviewId) return AUTHORIZATION_DENY;
38 
39  $reviewAssignmentDao = DAORegistry::getDAO('ReviewAssignmentDAO'); /* @var $reviewAssignmentDao ReviewAssignmentDAO */
40  $reviewAssignment = $reviewAssignmentDao->getById($reviewId);
41  if (!is_a($reviewAssignment, 'ReviewAssignment')) return AUTHORIZATION_DENY;
42 
43  // Ensure that the review assignment actually belongs to the
44  // authorized submission.
45  $submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
46  assert(is_a($submission, 'Submission'));
47  if ($reviewAssignment->getSubmissionId() != $submission->getId()) AUTHORIZATION_DENY;
48 
49  // Ensure that the review assignment is for this workflow stage
50  $stageId = $this->getAuthorizedContextObject(ASSOC_TYPE_WORKFLOW_STAGE);
51  if ($reviewAssignment->getStageId() != $stageId) return AUTHORIZATION_DENY;
52 
53  // Save the review Assignment to the authorization context.
54  $this->addAuthorizedContextObject(ASSOC_TYPE_REVIEW_ASSIGNMENT, $reviewAssignment);
55  return AUTHORIZATION_PERMIT;
56  }
57 }
58 
59 ?>
static & getDAO($name, $dbconn=null)
Abstract base class for policies that check for a data object from a parameter.
Policy that ensures that the request contains a valid review assignment.
& getAuthorizedContextObject($assocType)
addAuthorizedContextObject($assocType, &$authorizedObject)
ReviewAssignmentRequiredPolicy($request, &$args, $parameterName= 'reviewAssignmentId', $operations=null)