Open Monograph Press: classes/security/authorization/OmpPluginAccessPolicy.inc.php Source File

00001 <?php
00014 import('lib.pkp.classes.security.authorization.PolicySet');
00015 import('classes.security.authorization.internal.PluginLevelRequiredPolicy');
00016 import('classes.security.authorization.internal.PluginRequiredPolicy');
00017 
00018 define('ACCESS_MODE_MANAGE', 0x01);
00019 define('ACCESS_MODE_ADMIN', 0x02);
00020 
00021 class OmpPluginAccessPolicy extends PolicySet {
00029    function OmpPluginAccessPolicy(&$request, &$args, $roleAssignments, $accessMode = ACCESS_MODE_ADMIN) {
00030       parent::PolicySet();
00031 
00032       // A valid plugin is required.
00033       $this->addPolicy(new PluginRequiredPolicy($request));
00034 
00035       // Press managers and site admin have
00036       // access to plugins. We'll have to define
00037       // differentiated policies for those roles in a policy set.
00038       $pluginAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
00039       $pluginAccessPolicy->setEffectIfNoPolicyApplies(AUTHORIZATION_DENY);
00040 
00041       //
00042       // Managerial role
00043       //
00044       if (isset($roleAssignments[ROLE_ID_PRESS_MANAGER])) {
00045          if ($accessMode & ACCESS_MODE_MANAGE) {
00046             // Press managers have edit settings access mode...
00047             $pressManagerPluginAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
00048             $pressManagerPluginAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_PRESS_MANAGER, $roleAssignments[ROLE_ID_PRESS_MANAGER]));
00049 
00050             // ...only to press level plugins.
00051             $pressManagerPluginAccessPolicy->addPolicy(new PluginLevelRequiredPolicy($request, CONTEXT_PRESS));
00052 
00053             $pluginAccessPolicy->addPolicy($pressManagerPluginAccessPolicy);
00054          }
00055       }
00056 
00057       //
00058       // Site administrator role
00059       //
00060       if (isset($roleAssignments[ROLE_ID_SITE_ADMIN])) {
00061          // Site admin have access to all plugins...
00062          $siteAdminPluginAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
00063          $siteAdminPluginAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SITE_ADMIN, $roleAssignments[ROLE_ID_SITE_ADMIN]));
00064 
00065          if ($accessMode & ACCESS_MODE_MANAGE) {
00066             // ...of site level only.
00067             $siteAdminPluginAccessPolicy->addPolicy(new PluginLevelRequiredPolicy($request, CONTEXT_SITE));
00068          }
00069 
00070          $pluginAccessPolicy->addPolicy($siteAdminPluginAccessPolicy);
00071       }
00072 
00073       $this->addPolicy($pluginAccessPolicy);
00074    }
00075 }
00076 
00077 ?>