Open Journal Systems  3.3.0
QueryAccessPolicy.inc.php
1 <?php
15 import('lib.pkp.classes.security.authorization.internal.ContextPolicy');
16 import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
17 
18 class QueryAccessPolicy extends ContextPolicy {
26  function __construct($request, $args, $roleAssignments, $stageId) {
27  parent::__construct($request);
28 
29  // We need a valid workflow stage.
30  import('lib.pkp.classes.security.authorization.QueryWorkflowStageAccessPolicy');
31  $this->addPolicy(new QueryWorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId));
32 
33  // We need a query matching the submission in the request.
34  import('lib.pkp.classes.security.authorization.internal.QueryRequiredPolicy');
35  $this->addPolicy(new QueryRequiredPolicy($request, $args));
36 
37  // The query must be assigned to the current user, with exceptions for Managers
38  import('lib.pkp.classes.security.authorization.internal.QueryAssignedToUserAccessPolicy');
39  $this->addPolicy(new QueryAssignedToUserAccessPolicy($request));
40 
41  // Authors, reviewers, context managers and sub editors potentially have
42  // access to queries. We'll have to define
43  // differentiated policies for those roles in a policy set.
44  $queryAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
45 
46  //
47  // Managerial role
48  //
49  if (isset($roleAssignments[ROLE_ID_MANAGER])) {
50  // Managers have all access to all queries.
51  $queryAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_MANAGER, $roleAssignments[ROLE_ID_MANAGER]));
52  }
53 
54  //
55  // Assistants
56  //
57  if (isset($roleAssignments[ROLE_ID_ASSISTANT])) {
58 
59  // 1) Assistants can access all operations on queries...
60  $assistantQueryAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
61  $assistantQueryAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_ASSISTANT, $roleAssignments[ROLE_ID_ASSISTANT]));
62 
63  // 2) ... but only if they have access to the workflow stage.
64  import('lib.pkp.classes.security.authorization.QueryWorkflowStageAccessPolicy'); // pulled from context-specific class path.
65  $assistantQueryAccessPolicy->addPolicy(new QueryWorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId));
66 
67  $queryAccessPolicy->addPolicy($assistantQueryAccessPolicy);
68  }
69 
70  //
71  // Reviewers
72  //
73  if (isset($roleAssignments[ROLE_ID_REVIEWER])) {
74  // 1) Reviewers can access read operations on queries...
75  $reviewerQueryAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
76  $reviewerQueryAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_REVIEWER, $roleAssignments[ROLE_ID_REVIEWER]));
77 
78  // 2) ... but only if they are assigned to the submissions as a reviewer
79  import('lib.pkp.classes.security.authorization.QueryWorkflowStageAccessPolicy');
80  $reviewerQueryAccessPolicy->addPolicy(new QueryWorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId));
81 
82  $queryAccessPolicy->addPolicy($reviewerQueryAccessPolicy);
83  }
84 
85  //
86  // Authors
87  //
88  if (isset($roleAssignments[ROLE_ID_AUTHOR])) {
89  // 1) Authors can access read operations on queries...
90  $authorQueryAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
91  $authorQueryAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_AUTHOR, $roleAssignments[ROLE_ID_AUTHOR]));
92 
93  // 2) ... but only if they are assigned to the workflow stage as an stage participant...
94  import('lib.pkp.classes.security.authorization.QueryWorkflowStageAccessPolicy');
95  $authorQueryAccessPolicy->addPolicy(new QueryWorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId));
96 
97  $queryAccessPolicy->addPolicy($authorQueryAccessPolicy);
98  }
99 
100  //
101  // Sub editor role
102  //
103  if (isset($roleAssignments[ROLE_ID_SUB_EDITOR])) {
104  // 1) Sub editors can access all operations on submissions ...
105  $subEditorQueryAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
106  $subEditorQueryAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SUB_EDITOR, $roleAssignments[ROLE_ID_SUB_EDITOR]));
107 
108  // 2) ... but only if they have been assigned to the requested submission.
109  import('lib.pkp.classes.security.authorization.internal.QueryUserAccessibleWorkflowStageRequiredPolicy');
110  $subEditorQueryAccessPolicy->addPolicy(new QueryUserAccessibleWorkflowStageRequiredPolicy($request));
111 
112  $queryAccessPolicy->addPolicy($subEditorQueryAccessPolicy);
113  }
114  $this->addPolicy($queryAccessPolicy);
115 
116  return $queryAccessPolicy;
117  }
118 }
119 
120 
QueryRequiredPolicy
Policy that ensures that the request contains a valid query.
Definition: QueryRequiredPolicy.inc.php:17
QueryAssignedToUserAccessPolicy
Class to control access to a query that is assigned to the current user.
Definition: QueryAssignedToUserAccessPolicy.inc.php:18
QueryAccessPolicy
Class to control access to queries.
Definition: QueryAccessPolicy.inc.php:18
ContextPolicy
Basic policy that ensures availability of a context in the request context and a valid user group....
Definition: ContextPolicy.inc.php:19
QueryWorkflowStageAccessPolicy
Class to control access to submission workflow stage components related to queries.
Definition: QueryWorkflowStageAccessPolicy.inc.php:19
PolicySet\addPolicy
addPolicy($policyOrPolicySet, $addToTop=false)
Definition: PolicySet.inc.php:63
QueryAccessPolicy\__construct
__construct($request, $args, $roleAssignments, $stageId)
Definition: QueryAccessPolicy.inc.php:26
RoleBasedHandlerOperationPolicy
Class to control access to handler operations via role based access control.
Definition: RoleBasedHandlerOperationPolicy.inc.php:18
PolicySet
An ordered list of policies. Policy sets can be added to decision managers like policies....
Definition: PolicySet.inc.php:26
QueryUserAccessibleWorkflowStageRequiredPolicy
Policy to extend access to queries to assigned reviewers.
Definition: QueryUserAccessibleWorkflowStageRequiredPolicy.inc.php:18