QueryNotesGridHandler.inc.php

<?php
 
// import grid base classes
import('lib.pkp.classes.controllers.grid.GridHandler');
import('lib.pkp.classes.controllers.grid.DataObjectGridCellProvider');
 
// Link action & modal classes
import('lib.pkp.classes.linkAction.request.AjaxModal');
 
class QueryNotesGridHandler extends GridHandler {
   var $_user;
 
   function __construct() {
      parent::__construct();
      $this->addRoleAssignment(
         array(ROLE_ID_MANAGER, ROLE_ID_REVIEWER, ROLE_ID_AUTHOR, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT),
         array('fetchGrid', 'fetchRow', 'addNote', 'insertNote', 'deleteNote'));
   }
 
 
   //
   // Getters/Setters
   //
   function getSubmission() {
      return $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
   }
 
   function getQuery() {
      return $this->getAuthorizedContextObject(ASSOC_TYPE_QUERY);
   }
 
   function getStageId() {
      return $this->getAuthorizedContextObject(ASSOC_TYPE_WORKFLOW_STAGE);
   }
 
   //
   // Overridden methods from PKPHandler.
   // Note: this is subclassed in application-specific grids.
   //
   function authorize($request, &$args, $roleAssignments) {
      $stageId = $request->getUserVar('stageId'); // This is being validated in WorkflowStageAccessPolicy
 
      // Get the access policy
      import('lib.pkp.classes.security.authorization.QueryAccessPolicy');
      $this->addPolicy(new QueryAccessPolicy($request, $args, $roleAssignments, $stageId));
      return parent::authorize($request, $args, $roleAssignments);
   }
 
   function initialize($request, $args = null) {
      parent::initialize($request, $args);
      $this->setTitle('submission.query.messages');
 
      // Load pkp-lib translations
      AppLocale::requireComponents(
         LOCALE_COMPONENT_PKP_SUBMISSION,
         LOCALE_COMPONENT_PKP_USER,
         LOCALE_COMPONENT_PKP_EDITOR
      );
 
      import('lib.pkp.controllers.grid.queries.QueryNotesGridCellProvider');
      $cellProvider = new QueryNotesGridCellProvider($this->getSubmission());
 
      // Columns
      $this->addColumn(
         new GridColumn(
            'contents',
            'common.note',
            null,
            null,
            $cellProvider,
            array('width' => 80, 'html' => true)
         )
      );
      $this->addColumn(
         new GridColumn(
            'from',
            'submission.query.from',
            null,
            null,
            $cellProvider,
            array('html' => true)
         )
      );
 
      $this->_user = $request->getUser();
   }
 
 
   //
   // Overridden methods from GridHandler
   //
   function getRowInstance() {
      import('lib.pkp.controllers.grid.queries.QueryNotesGridRow');
      return new QueryNotesGridRow($this->getRequestArgs(), $this->getQuery(), $this);
   }
 
   function getRequestArgs() {
      return array(
         'submissionId' => $this->getSubmission()->getId(),
         'stageId' => $this->getStageId(),
         'queryId' => $this->getQuery()->getId(),
      );
   }
 
   function loadData($request, $filter = null) {
      return $this->getQuery()->getReplies(null, NOTE_ORDER_DATE_CREATED, SORT_DIRECTION_ASC, $this->getCanManage(null));
   }
 
   //
   // Public Query Notes Grid Actions
   //
   function addNote($args, $request) {
      import('lib.pkp.controllers.grid.queries.form.QueryNoteForm');
      $queryNoteForm = new QueryNoteForm($this->getRequestArgs(), $this->getQuery(), $request->getUser());
      $queryNoteForm->initData();
      return new JSONMessage(true, $queryNoteForm->fetch($request));
   }
 
   function insertNote($args, $request) {
      import('lib.pkp.controllers.grid.queries.form.QueryNoteForm');
      $queryNoteForm = new QueryNoteForm($this->getRequestArgs(), $this->getQuery(), $request->getUser(), $request->getUserVar('noteId'));
      $queryNoteForm->readInputData();
      if ($queryNoteForm->validate()) {
         $note = $queryNoteForm->execute();
         return DAO::getDataChangedEvent($this->getQuery()->getId());
      } else {
         return new JSONMessage(true, $queryNoteForm->fetch($request));
      }
   }
 
   function getCanManage($note) {
      $isAdmin = (0 != count(array_intersect(
         $this->getAuthorizedContextObject(ASSOC_TYPE_USER_ROLES),
         array(ROLE_ID_MANAGER, ROLE_ID_ASSISTANT, ROLE_ID_SUB_EDITOR)
      )));
 
      if ($note === null) {
         return $isAdmin;
      } else {
         return ($note->getUserId() == $this->_user->getId() || $isAdmin);
      }
   }
 
   function deleteNote($args, $request) {
      $query = $this->getQuery();
      $noteDao = DAORegistry::getDAO('NoteDAO'); /* @var $noteDao NoteDAO */
      $note = $noteDao->getById($request->getUserVar('noteId'));
      $user = $request->getUser();
 
      if (!$request->checkCSRF() || !$note || $note->getAssocType() != ASSOC_TYPE_QUERY || $note->getAssocId() != $query->getId()) {
         // The note didn't exist or has the wrong assoc info.
         return new JSONMessage(false);
      }
 
      if (!$this->getCanManage($note)) {
         // The user doesn't own the note and isn't priveleged enough to delete it.
         return new JSONMessage(false);
      }
 
      $noteDao->deleteObject($note);
      return DAO::getDataChangedEvent($note->getId());
   }
 
}