ReviewRoundRequiredPolicy.inc.php

<?php
import('lib.pkp.classes.security.authorization.DataObjectRequiredPolicy');
 
class ReviewRoundRequiredPolicy extends DataObjectRequiredPolicy {
   function __construct($request, &$args, $parameterName = 'reviewRoundId', $operations = null) {
      parent::__construct($request, $args, $parameterName, 'user.authorization.invalidReviewRound', $operations);
   }
 
   //
   // Implement template methods from AuthorizationPolicy
   //
   function dataObjectEffect() {
      // Get the review round id.
      $reviewRoundId = $this->getDataObjectId();
      if ($reviewRoundId === false) return AUTHORIZATION_DENY;
 
      // Validate the review round id.
      $reviewRoundDao = DAORegistry::getDAO('ReviewRoundDAO'); /* @var $reviewRoundDao ReviewRoundDAO */
      $reviewRound = $reviewRoundDao->getById($reviewRoundId);
      if (!is_a($reviewRound, 'ReviewRound')) return AUTHORIZATION_DENY;
 
      // Ensure that the review round actually belongs to the
      // authorized submission.
      $submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
      if ($reviewRound->getSubmissionId() != $submission->getId()) AUTHORIZATION_DENY;
 
      // Ensure that the review round is for this workflow stage
      $stageId = $this->getAuthorizedContextObject(ASSOC_TYPE_WORKFLOW_STAGE);
      if ($reviewRound->getStageId() != $stageId) return AUTHORIZATION_DENY;
 
      // Save the review round to the authorization context.
      $this->addAuthorizedContextObject(ASSOC_TYPE_REVIEW_ROUND, $reviewRound);
      return AUTHORIZATION_PERMIT;
   }
}