Open Journal Systems  3.3.0
RepresentationRequiredPolicy.inc.php
1 <?php
15 import('lib.pkp.classes.security.authorization.DataObjectRequiredPolicy');
16 
17 class RepresentationRequiredPolicy extends DataObjectRequiredPolicy {
25  function __construct($request, &$args, $parameterName = 'representationId', $operations = null) {
26  parent::__construct($request, $args, $parameterName, 'user.authorization.invalidRepresentation', $operations);
27  }
28 
29  //
30  // Implement template methods from AuthorizationPolicy
31  //
35  function dataObjectEffect() {
36  $representationId = (int)$this->getDataObjectId();
37  if (!$representationId) return AUTHORIZATION_DENY;
38 
39  // Need a valid submission in request.
40  $submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
41  if (!is_a($submission, 'Submission')) return AUTHORIZATION_DENY;
42 
43  // Need a valid publication in request
44  $publication = $this->getAuthorizedContextObject(ASSOC_TYPE_PUBLICATION);
45  if (!is_a($publication, 'Publication')) return AUTHORIZATION_DENY;
46 
47  // Make sure the representation belongs to the submission.
48  $representationDao = Application::getRepresentationDAO();
49  $representation = $representationDao->getById($representationId, $publication->getId(), null);
50  if (!is_a($representation, 'Representation')) return AUTHORIZATION_DENY;
51 
52  // Save the representation to the authorization context.
53  $this->addAuthorizedContextObject(ASSOC_TYPE_REPRESENTATION, $representation);
54  return AUTHORIZATION_PERMIT;
55  }
56 }
57 
58 
Application\getRepresentationDAO
static getRepresentationDAO()
Definition: Application.inc.php:162
RepresentationRequiredPolicy
Policy that ensures that the request contains a valid representation.
Definition: RepresentationRequiredPolicy.inc.php:17
DataObjectRequiredPolicy\getDataObjectId
getDataObjectId($lookOnlyByParameterName=false)
Definition: DataObjectRequiredPolicy.inc.php:111
AuthorizationPolicy\getAuthorizedContextObject
& getAuthorizedContextObject($assocType)
Definition: AuthorizationPolicy.inc.php:117
AuthorizationPolicy\addAuthorizedContextObject
addAuthorizedContextObject($assocType, &$authorizedObject)
Definition: AuthorizationPolicy.inc.php:97
RepresentationRequiredPolicy\dataObjectEffect
dataObjectEffect()
Definition: RepresentationRequiredPolicy.inc.php:35
RepresentationRequiredPolicy\__construct
__construct($request, &$args, $parameterName='representationId', $operations=null)
Definition: RepresentationRequiredPolicy.inc.php:25
DataObjectRequiredPolicy
Abstract base class for policies that check for a data object from a parameter.
Definition: DataObjectRequiredPolicy.inc.php:17