Open Journal Systems  3.3.0
ReviewAssignmentAccessPolicy.inc.php
1 <?php
18 import('lib.pkp.classes.security.authorization.AuthorizationPolicy');
19 
20 class ReviewAssignmentAccessPolicy extends AuthorizationPolicy {
22  var $_request;
23 
25  var $_permitDeclinedOrCancelled;
26 
32  function __construct($request, $permitDeclinedOrCancelled = false) {
33  parent::__construct('user.authorization.submissionReviewer');
34  $this->_request = $request;
35  $this->_permitDeclinedOrCancelled = $permitDeclinedOrCancelled;
36  }
37 
38  //
39  // Implement template methods from AuthorizationPolicy
40  //
44  function effect() {
45  // Get the user
46  $user = $this->_request->getUser();
47  if (!is_a($user, 'User')) return AUTHORIZATION_DENY;
48 
49  // Get the submission
50  $submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
51  if (!is_a($submission, 'Submission')) return AUTHORIZATION_DENY;
52 
53  // Check if a review assignment exists between the submission and the user
54  $reviewAssignmentDao = DAORegistry::getDAO('ReviewAssignmentDAO'); /* @var $reviewAssignmentDao ReviewAssignmentDAO */
55  $reviewAssignment = $reviewAssignmentDao->getLastReviewRoundReviewAssignmentByReviewer($submission->getId(), $user->getId());
56 
57  // Ensure a valid review assignment was fetched from the database
58  if (!is_a($reviewAssignment, 'ReviewAssignment')) return AUTHORIZATION_DENY;
59 
60  // Ensure that the assignment isn't declined or cancelled, unless that's permitted
61  if (!$this->_permitDeclinedOrCancelled && ($reviewAssignment->getDeclined())) return AUTHORIZATION_DENY;
62 
63  // Save the review assignment to the authorization context.
64  $this->addAuthorizedContextObject(ASSOC_TYPE_REVIEW_ASSIGNMENT, $reviewAssignment);
65  return AUTHORIZATION_PERMIT;
66  }
67 }
68 
69 
ReviewAssignmentAccessPolicy\$_request
$_request
Definition: ReviewAssignmentAccessPolicy.inc.php:25
DAORegistry\getDAO
static & getDAO($name, $dbconn=null)
Definition: DAORegistry.inc.php:57
ReviewAssignmentAccessPolicy\effect
effect()
Definition: ReviewAssignmentAccessPolicy.inc.php:50
AuthorizationPolicy\getAuthorizedContextObject
& getAuthorizedContextObject($assocType)
Definition: AuthorizationPolicy.inc.php:117
AuthorizationPolicy\addAuthorizedContextObject
addAuthorizedContextObject($assocType, &$authorizedObject)
Definition: AuthorizationPolicy.inc.php:97
ReviewAssignmentAccessPolicy\__construct
__construct($request, $permitDeclinedOrCancelled=false)
Definition: ReviewAssignmentAccessPolicy.inc.php:38
AuthorizationPolicy
Class to represent an authorization policy.
Definition: AuthorizationPolicy.inc.php:31
ReviewAssignmentAccessPolicy
Class to control access to a submission based on whether the user is an assigned reviewer.
Definition: ReviewAssignmentAccessPolicy.inc.php:20
ReviewAssignmentAccessPolicy\$_permitDeclinedOrCancelled
$_permitDeclinedOrCancelled
Definition: ReviewAssignmentAccessPolicy.inc.php:31