Open Journal Systems  3.3.0
SubmissionAuthorPolicy.inc.php
1 <?php
18 import('lib.pkp.classes.security.authorization.AuthorizationPolicy');
19 import('lib.pkp.classes.security.authorization.internal.UserAccessibleWorkflowStageRequiredPolicy');
20 
21 class SubmissionAuthorPolicy extends AuthorizationPolicy {
23  var $_request;
24 
29  function __construct($request) {
30  parent::__construct('user.authorization.submissionAuthor');
31  $this->_request = $request;
32  }
33 
34  //
35  // Implement template methods from AuthorizationPolicy
36  //
40  function effect() {
41  // Get the user
42  $user = $this->_request->getUser();
43  if (!is_a($user, 'User')) return AUTHORIZATION_DENY;
44 
45  // Get the submission
46  $submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
47  if (!is_a($submission, 'Submission')) return AUTHORIZATION_DENY;
48 
49  $context = $this->_request->getContext();
50 
51  // Check authorship of the submission. Any ROLE_ID_AUTHOR assignment will do.
52  $stageAssignmentDao = DAORegistry::getDAO('StageAssignmentDAO'); /* @var $stageAssignmentDao StageAssignmentDAO */
53  $userGroupDao = DAORegistry::getDAO('UserGroupDAO'); /* @var $userGroupDao UserGroupDAO */
54  $submitterAssignments = $stageAssignmentDao->getBySubmissionAndStageId($submission->getId(), null, null, $user->getId());
55  $workflowStages = Application::getApplicationStages();
56  while ($assignment = $submitterAssignments->next()) {
57  $userGroup = $userGroupDao->getById($assignment->getUserGroupId());
58  if ($userGroup->getRoleId() == ROLE_ID_AUTHOR) {
59 
60  $accessibleWorkflowStages = array();
61  foreach ($workflowStages as $stageId) {
62  $accessibleStageRoles = Services::get('user')->getAccessibleStageRoles($user->getId(), $context->getId(), $submission, $stageId);
63  if (!empty($accessibleStageRoles)) {
64  $accessibleWorkflowStages[$stageId] = $accessibleStageRoles;
65  }
66  }
67  $this->addAuthorizedContextObject(ASSOC_TYPE_ACCESSIBLE_WORKFLOW_STAGES, $accessibleWorkflowStages);
68 
69  return AUTHORIZATION_PERMIT;
70  }
71  }
72  return AUTHORIZATION_DENY;
73  }
74 }
75 
76 
DAORegistry\getDAO
static & getDAO($name, $dbconn=null)
Definition: DAORegistry.inc.php:57
SubmissionAuthorPolicy\$_request
$_request
Definition: SubmissionAuthorPolicy.inc.php:26
AuthorizationPolicy\getAuthorizedContextObject
& getAuthorizedContextObject($assocType)
Definition: AuthorizationPolicy.inc.php:117
AuthorizationPolicy\addAuthorizedContextObject
addAuthorizedContextObject($assocType, &$authorizedObject)
Definition: AuthorizationPolicy.inc.php:97
SubmissionAuthorPolicy
Class to control access to a submission based on authorship.
Definition: SubmissionAuthorPolicy.inc.php:21
SubmissionAuthorPolicy\effect
effect()
Definition: SubmissionAuthorPolicy.inc.php:43
SubmissionAuthorPolicy\__construct
__construct($request)
Definition: SubmissionAuthorPolicy.inc.php:32
AuthorizationPolicy
Class to represent an authorization policy.
Definition: AuthorizationPolicy.inc.php:31
Application\getApplicationStages
static getApplicationStages()
Definition: Application.inc.php:185
PKPServices\get
static get($service)
Definition: PKPServices.inc.php:49