SubmissionFileAssignedQueryAccessPolicy.inc.php

<?php
import('lib.pkp.classes.security.authorization.internal.SubmissionFileBaseAccessPolicy');
 
class SubmissionFileAssignedQueryAccessPolicy extends SubmissionFileBaseAccessPolicy {
   function __construct($request, $fileIdAndRevision = null) {
      parent::__construct($request, $fileIdAndRevision);
   }
 
 
   //
   // Implement template methods from AuthorizationPolicy
   //
   function effect() {
      $request = $this->getRequest();
 
      // Get the user
      $user = $request->getUser();
      if (!is_a($user, 'User')) return AUTHORIZATION_DENY;
 
      // Get the submission file
      $submissionFile = $this->getSubmissionFile($request);
      if (!is_a($submissionFile, 'SubmissionFile')) return AUTHORIZATION_DENY;
 
      // Check if it's associated with a note.
      if ($submissionFile->getAssocType() != ASSOC_TYPE_NOTE) return AUTHORIZATION_DENY;
 
      $noteDao = DAORegistry::getDAO('NoteDAO'); /* @var $noteDao NoteDAO */
      $note = $noteDao->getById($submissionFile->getAssocId());
      if (!is_a($note, 'Note')) return AUTHORIZATION_DENY;
 
      if ($note->getAssocType() != ASSOC_TYPE_QUERY) return AUTHORIZATION_DENY;
      $queryDao = DAORegistry::getDAO('QueryDAO'); /* @var $queryDao QueryDAO */
      $query = $queryDao->getById($note->getAssocId());
      if (!$query) return AUTHORIZATION_DENY;
 
      if ($queryDao->getParticipantIds($note->getAssocId(), $user->getId())) {
         return AUTHORIZATION_PERMIT;
      }
 
      return AUTHORIZATION_DENY;
   }
}