master/html/ReviewerHandler_8inc_8php_source.html

<?php


import('lib.pkp.pages.reviewer.PKPReviewerHandler');


class ReviewerHandler extends PKPReviewerHandler {

   function __construct() {

      parent::__construct();

      $this->addRoleAssignment(

         ROLE_ID_REVIEWER, array(

            'submission', 'step', 'saveStep',

            'showDeclineReview', 'saveDeclineReview', 'downloadFile'

         )

      );

   }


   function authorize($request, &$args, $roleAssignments) {

      $context = $request->getContext();

      if ($context->getData('reviewerAccessKeysEnabled')) {

         $this->_validateAccessKey($request);

      }


      import('lib.pkp.classes.security.authorization.SubmissionAccessPolicy');

      $router = $request->getRouter();

      $this->addPolicy(new SubmissionAccessPolicy(

         $request,

         $args,

         $roleAssignments

      ));


      return parent::authorize($request, $args, $roleAssignments);

   }


   function _validateAccessKey($request) {

      $accessKeyCode = $request->getUserVar('key');

      $reviewId = $request->getUserVar('reviewId');

      if (!($accessKeyCode && $reviewId)) { return false; }


      // Check if the user is already logged in

      $sessionManager = SessionManager::getManager();

      $session = $sessionManager->getUserSession();

      if ($session->getUserId()) { return false; }


      import('lib.pkp.classes.security.AccessKeyManager');

      $reviewerSubmissionDao = DAORegistry::getDAO('ReviewerSubmissionDAO'); /* @var $reviewerSubmissionDao ReviewerSubmissionDAO */

      $reviewerSubmission = $reviewerSubmissionDao->getReviewerSubmission($reviewId);


      // Validate the access key

      $context = $request->getContext();

      $accessKeyManager = new AccessKeyManager();

      $accessKeyHash = AccessKeyManager::generateKeyHash($accessKeyCode);

      $accessKey = $accessKeyManager->validateKey(

         $context->getId(),

         $reviewerSubmission->getReviewerId(),

         $accessKeyHash

      );

      if (!$accessKey) { return false; }


      // Get the reviewer user object

      $userDao = DAORegistry::getDAO('UserDAO'); /* @var $userDao UserDAO */

      $user = $userDao->getById($accessKey->getUserId());

      if (!$user) { return false; }


      // Register the user object in the session

      import('lib.pkp.classes.security.Validation');

      $reason = null;

      if (Validation::registerUserSession($user, $reason)) {

         $this->submission = $reviewerSubmission;

         $this->user = $user;

      }

   }


   public function getReviewForm($step, $request, $reviewerSubmission, $reviewAssignment) {

       switch ($step) {

           case 3:

            import("classes.submission.reviewer.form.ReviewerReviewStep3Form");

            return new ReviewerReviewStep3Form($request, $reviewerSubmission, $reviewAssignment);

       }

       return parent::getReviewForm($step, $request, $reviewerSubmission, $reviewAssignment);

   }


}