SubmissionRequiredPolicy.inc.php

<?php
import('lib.pkp.classes.security.authorization.DataObjectRequiredPolicy');
 
class SubmissionRequiredPolicy extends DataObjectRequiredPolicy {
   function __construct($request, &$args, $submissionParameterName = 'submissionId', $operations = null) {
      parent::__construct($request, $args, $submissionParameterName, 'user.authorization.invalidSubmission', $operations);
 
      $callOnDeny = array($request->getDispatcher(), 'handle404', array());
      $this->setAdvice(
         AUTHORIZATION_ADVICE_CALL_ON_DENY,
         $callOnDeny
      );
   }
 
   //
   // Implement template methods from AuthorizationPolicy
   //
   function dataObjectEffect() {
      // Get the submission id.
      $submissionId = $this->getDataObjectId();
      if ($submissionId === false) return AUTHORIZATION_DENY;
 
      // Validate the submission id.
      $submissionDao = DAORegistry::getDAO('SubmissionDAO'); /* @var $submissionDao SubmissionDAO */
      $submission = $submissionDao->getById($submissionId);
      if (!is_a($submission, 'Submission')) return AUTHORIZATION_DENY;
 
      // Validate that this submission belongs to the current context.
      $context = $this->_request->getContext();
      if ($context->getId() != $submission->getData('contextId')) return AUTHORIZATION_DENY;
 
      // Save the submission to the authorization context.
      $this->addAuthorizedContextObject(ASSOC_TYPE_SUBMISSION, $submission);
      return AUTHORIZATION_PERMIT;
   }
}