Open Monograph Press  1.1
 All Classes Namespaces Functions Variables Groups Pages
SubmissionRequiredPolicy.inc.php
1 <?php
15 import('lib.pkp.classes.security.authorization.DataObjectRequiredPolicy');
16 
25  function SubmissionRequiredPolicy($request, &$args, $submissionParameterName = 'submissionId', $operations = null) {
26  parent::DataObjectRequiredPolicy($request, $args, $submissionParameterName, 'user.authorization.invalidSubmission', $operations);
27  }
28 
29  //
30  // Implement template methods from AuthorizationPolicy
31  //
35  function dataObjectEffect() {
36  // Get the submission id.
37  $submissionId = $this->getDataObjectId();
38  if ($submissionId === false) return AUTHORIZATION_DENY;
39 
40  // Validate the submission id.
41  $submissionDao = Application::getSubmissionDAO();
42  $submission = $submissionDao->getById($submissionId);
43  if (!is_a($submission, 'Submission')) return AUTHORIZATION_DENY;
44 
45  // Validate that this submission belongs to the current context.
46  $context = $this->_request->getContext();
47  if ($context->getId() !== $submission->getContextId()) return AUTHORIZATION_DENY;
48 
49  // Save the submission to the authorization context.
50  $this->addAuthorizedContextObject(ASSOC_TYPE_SUBMISSION, $submission);
51  return AUTHORIZATION_PERMIT;
52  }
53 }
54 
55 ?>
Abstract base class for policies that check for a data object from a parameter.
Policy that ensures that the request contains a valid submission.
static getSubmissionDAO()
addAuthorizedContextObject($assocType, &$authorizedObject)
SubmissionRequiredPolicy($request, &$args, $submissionParameterName= 'submissionId', $operations=null)