SubmissionFileAssignedReviewerAccessPolicy.inc.php

<?php
import('lib.pkp.classes.security.authorization.internal.SubmissionFileBaseAccessPolicy');
 
class SubmissionFileAssignedReviewerAccessPolicy extends SubmissionFileBaseAccessPolicy {
   function __construct($request, $fileIdAndRevision = null) {
      parent::__construct($request, $fileIdAndRevision);
   }
 
 
   //
   // Implement template methods from AuthorizationPolicy
   //
   function effect() {
      $request = $this->getRequest();
 
      // Get the user
      $user = $request->getUser();
      if (!is_a($user, 'User')) return AUTHORIZATION_DENY;
 
      // Get the submission file
      $submissionFile = $this->getSubmissionFile($request);
      if (!is_a($submissionFile, 'SubmissionFile')) return AUTHORIZATION_DENY;
 
      $context = $request->getContext();
      $reviewAssignmentDao = DAORegistry::getDAO('ReviewAssignmentDAO'); /* @var $reviewAssignmentDao ReviewAssignmentDAO */
      $reviewAssignments = $reviewAssignmentDao->getByUserId($user->getId());
      $reviewFilesDao = DAORegistry::getDAO('ReviewFilesDAO'); /* @var $reviewFilesDao ReviewFilesDAO */
      foreach ($reviewAssignments as $reviewAssignment) {
         if ($context->getData('restrictReviewerFileAccess') && !$reviewAssignment->getDateConfirmed()) continue;
 
         if (
            $submissionFile->getSubmissionId() == $reviewAssignment->getSubmissionId() &&
            $submissionFile->getFileStage() == SUBMISSION_FILE_REVIEW_FILE &&
            $reviewFilesDao->check($reviewAssignment->getId(), $submissionFile->getFileId())
         ) {
            return AUTHORIZATION_PERMIT;
         }
      }
 
      // If a pass condition wasn't found above, deny access.
      return AUTHORIZATION_DENY;
   }
}