Open Journal Systems  3.3.0
ReviewAssignmentRequiredPolicy.inc.php
1 <?php
15 import('lib.pkp.classes.security.authorization.DataObjectRequiredPolicy');
16 
17 class ReviewAssignmentRequiredPolicy extends DataObjectRequiredPolicy {
18 
20  var $_reviewMethods = array();
21 
32  function __construct($request, &$args, $parameterName = 'reviewAssignmentId', $operations = null, $reviewMethods = null) {
33  parent::__construct($request, $args, $parameterName, 'user.authorization.invalidReviewAssignment', $operations, $reviewMethods);
34  $this->_reviewMethods = $reviewMethods;
35  }
36 
37  //
38  // Implement template methods from AuthorizationPolicy
39  //
43  function dataObjectEffect() {
44  $reviewId = (int)$this->getDataObjectId();
45  if (!$reviewId) return AUTHORIZATION_DENY;
46 
47  $reviewAssignmentDao = DAORegistry::getDAO('ReviewAssignmentDAO'); /* @var $reviewAssignmentDao ReviewAssignmentDAO */
48  $reviewAssignment = $reviewAssignmentDao->getById($reviewId);
49  if (!is_a($reviewAssignment, 'ReviewAssignment')) return AUTHORIZATION_DENY;
50 
51  // If reviewMethods is defined, check that the assignment uses the defined method(s)
52  if ($this->_reviewMethods) {
53  if (!in_array($reviewAssignment->getReviewMethod(), $this->_reviewMethods)) {
54  return AUTHORIZATION_DENY;
55  }
56  }
57 
58  // Ensure that the review assignment actually belongs to the
59  // authorized submission.
60  $submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
61  assert(is_a($submission, 'Submission'));
62  if ($reviewAssignment->getSubmissionId() != $submission->getId()) return AUTHORIZATION_DENY;
63 
64  // Ensure that the review assignment is for this workflow stage
65  $stageId = $this->getAuthorizedContextObject(ASSOC_TYPE_WORKFLOW_STAGE);
66  if ($reviewAssignment->getStageId() != $stageId) return AUTHORIZATION_DENY;
67 
68  // Save the review Assignment to the authorization context.
69  $this->addAuthorizedContextObject(ASSOC_TYPE_REVIEW_ASSIGNMENT, $reviewAssignment);
70  return AUTHORIZATION_PERMIT;
71  }
72 }
73 
74 
DAORegistry\getDAO
static & getDAO($name, $dbconn=null)
Definition: DAORegistry.inc.php:57
DataObjectRequiredPolicy\getDataObjectId
getDataObjectId($lookOnlyByParameterName=false)
Definition: DataObjectRequiredPolicy.inc.php:111
ReviewAssignmentRequiredPolicy\$_reviewMethods
$_reviewMethods
Definition: ReviewAssignmentRequiredPolicy.inc.php:23
AuthorizationPolicy\getAuthorizedContextObject
& getAuthorizedContextObject($assocType)
Definition: AuthorizationPolicy.inc.php:117
ReviewAssignmentRequiredPolicy\dataObjectEffect
dataObjectEffect()
Definition: ReviewAssignmentRequiredPolicy.inc.php:46
AuthorizationPolicy\addAuthorizedContextObject
addAuthorizedContextObject($assocType, &$authorizedObject)
Definition: AuthorizationPolicy.inc.php:97
ReviewAssignmentRequiredPolicy\__construct
__construct($request, &$args, $parameterName='reviewAssignmentId', $operations=null, $reviewMethods=null)
Definition: ReviewAssignmentRequiredPolicy.inc.php:35
ReviewAssignmentRequiredPolicy
Policy that ensures that the request contains a valid review assignment.
Definition: ReviewAssignmentRequiredPolicy.inc.php:17
DataObjectRequiredPolicy
Abstract base class for policies that check for a data object from a parameter.
Definition: DataObjectRequiredPolicy.inc.php:17