master/html/QueriesAccessHelper_8inc_8php_source.html

<?php


class QueriesAccessHelper {

   var $_authorizedContext;


   var $_user;


   function __construct($authorizedContext, $user) {

      $this->_authorizedContext = $authorizedContext;

      $this->_user = $user;

   }


   function getAuthorizedContextObject($assocType) {

      return isset($this->_authorizedContext[$assocType])?$this->_authorizedContext[$assocType]:null;

   }


   function getCanOpenClose($query) {

      // Managers and sub editors are always allowed

      if ($this->hasStageRole($query->getStageId(), array(ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR))) return true;


      // Assigned assistants are allowed

      if ($this->hasStageRole($query->getStageId(), array(ROLE_ID_ASSISTANT)) && $this->isAssigned($this->_user->getId(), $query->getId())) return true;


      // Otherwise, not allowed.

      return false;

   }


   function getCanOrder($stageId) {

      return $this->hasStageRole($stageId, array(ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR));

   }


   function getCanCreate($stageId) {

      return $this->hasStageRole($stageId, array(ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_AUTHOR, ROLE_ID_REVIEWER));

   }


   function getCanEdit($queryId) {

      $queryDao = DAORegistry::getDAO('QueryDAO'); /* @var $queryDao QueryDAO */

      $query = $queryDao->getById($queryId);

      if (!$query) return false;


      // Assistants, authors and reviewers are allowed, if they created the query

      if ($this->hasStageRole($query->getStageId(), array(ROLE_ID_ASSISTANT, ROLE_ID_AUTHOR, ROLE_ID_REVIEWER))) {

         if ($query->getHeadNote()->getUserId() == $this->_user->getId()) return true;

      }


      // Managers are always allowed

      if ($this->hasStageRole($query->getStageId(), array(ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR))) return true;


      // Otherwise, not allowed.

      return false;

   }


   function getCanDelete($queryId) {

      // Users can always delete their own placeholder queries.

      $queryDao = DAORegistry::getDAO('QueryDAO'); /* @var $queryDao QueryDAO */

      $query = $queryDao->getById($queryId);

      if ($query) {

         $headNote = $query->getHeadNote();

         if ($headNote->getUserId() == $this->_user->getId() && $headNote->getTitle()=='') return true;

      }


      // Managers are always allowed

      if ($this->hasStageRole($query->getStageId(), array(ROLE_ID_MANAGER))) return true;


      // Otherwise, not allowed.

      return false;

   }


   function getCanListAll($stageId) {

      return $this->hasStageRole($stageId, array(ROLE_ID_MANAGER));

   }


   protected function isAssigned($userId, $queryId) {

      $queryDao = DAORegistry::getDAO('QueryDAO'); /* @var $queryDao QueryDAO */

      return (boolean) $queryDao->getParticipantIds($queryId, $userId);

   }


   protected function hasStageRole($stageId, $roles) {

      $stageRoles = $this->getAuthorizedContextObject(ASSOC_TYPE_ACCESSIBLE_WORKFLOW_STAGES);

      return !empty(array_intersect($stageRoles[$stageId], $roles));

   }

}