Open Monograph Press: classes/security/authorization/OmpSignoffAccessPolicy.inc.php Source File

00001 <?php
00014 import('classes.security.authorization.internal.PressPolicy');
00015 import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
00016 
00017 define('SIGNOFF_ACCESS_READ', 1);
00018 define('SIGNOFF_ACCESS_MODIFY', 2);
00019 
00020 class OmpSignoffAccessPolicy extends PressPolicy {
00029    function OmpSignoffAccessPolicy(&$request, $args, $roleAssignments, $mode, $stageId) {
00030       parent::PressPolicy($request);
00031 
00032       // We need a submission matching the file in the request.
00033       import('classes.security.authorization.internal.SignoffExistsAccessPolicy');
00034       $this->addPolicy(new SignoffExistsAccessPolicy($request, $args));
00035 
00036       // We need a valid workflow stage.
00037       import('classes.security.authorization.internal.WorkflowStageRequiredPolicy');
00038       $this->addPolicy(new WorkflowStageRequiredPolicy($stageId));
00039 
00040       // Authors, press managers and series editors potentially have
00041       // access to signoffs. We'll have to define
00042       // differentiated policies for those roles in a policy set.
00043       $signoffAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
00044 
00045       //
00046       // Managerial role
00047       //
00048       if (isset($roleAssignments[ROLE_ID_PRESS_MANAGER])) {
00049          // Press managers have all access to all signoffs.
00050          $signoffAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_PRESS_MANAGER, $roleAssignments[ROLE_ID_PRESS_MANAGER]));
00051       }
00052 
00053 
00054       //
00055       // Series editor role
00056       //
00057       if (isset($roleAssignments[ROLE_ID_SERIES_EDITOR])) {
00058          // 1) Series editors can access all operations on signoffs ...
00059          $seriesEditorFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
00060          $seriesEditorFileAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SERIES_EDITOR, $roleAssignments[ROLE_ID_SERIES_EDITOR]));
00061 
00062          // 2) ... but only if the requested signoff submission is part of their series.
00063          import('classes.security.authorization.internal.SeriesAssignmentPolicy');
00064          $seriesEditorFileAccessPolicy->addPolicy(new SeriesAssignmentPolicy($request));
00065          $signoffAccessPolicy->addPolicy($seriesEditorFileAccessPolicy);
00066       }
00067 
00068 
00069       //
00070       // Press assistants
00071       //
00072       if (isset($roleAssignments[ROLE_ID_PRESS_ASSISTANT])) {
00073          // 1) Press assistants can access all operations on signoffs...
00074          $pressAssistantSignoffAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
00075          $pressAssistantSignoffAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_PRESS_ASSISTANT, $roleAssignments[ROLE_ID_PRESS_ASSISTANT]));
00076 
00077          // 2) ... but only if they have access to the workflow stage.
00078          import('classes.security.authorization.OmpWorkflowStageAccessPolicy');
00079          $pressAssistantSignoffAccessPolicy->addPolicy(new OmpWorkflowStageAccessPolicy($request, $args, $roleAssignments, 'monographId', $stageId));
00080          $signoffAccessPolicy->addPolicy($pressAssistantSignoffAccessPolicy);
00081       }
00082 
00083 
00084       //
00085       // Authors
00086       //
00087       if (isset($roleAssignments[ROLE_ID_AUTHOR])) {
00088          if ($mode & SIGNOFF_ACCESS_READ) {
00089             // 1) Authors can access read operations on signoffs...
00090             $authorSignoffAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
00091             $authorSignoffAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_AUTHOR, $roleAssignments[ROLE_ID_AUTHOR]));
00092 
00093             // 2) ... but only if they are assigned to the workflow stage as an stage participant.
00094             import('classes.security.authorization.OmpWorkflowStageAccessPolicy');
00095             $authorSignoffAccessPolicy->addPolicy(new OmpWorkflowStageAccessPolicy($request, $args, $roleAssignments, 'monographId', $stageId));
00096             $signoffAccessPolicy->addPolicy($authorSignoffAccessPolicy);
00097          }
00098       }
00099 
00100       //
00101       // User owns the signoff (all roles): permit
00102       //
00103       import('classes.security.authorization.internal.SignoffAssignedToUserAccessPolicy');
00104       $userOwnsSignoffPolicy = new SignoffAssignedToUserAccessPolicy($request);
00105       $signoffAccessPolicy->addPolicy($userOwnsSignoffPolicy);
00106       $this->addPolicy($signoffAccessPolicy);
00107    }
00108 }
00109 
00110 ?>