Open Monograph Press: classes/security/authorization/internal/SignoffExistsAccessPolicy.inc.php Source File

00001 <?php
00015 import('lib.pkp.classes.security.authorization.AuthorizationPolicy');
00016 
00017 class SignoffExistsAccessPolicy extends AuthorizationPolicy {
00019    var $_request;
00020 
00025    function SignoffExistsAccessPolicy(&$request) {
00026       parent::AuthorizationPolicy('user.authorization.monographSignoff');
00027       $this->_request =& $request;
00028    }
00029 
00030    //
00031    // Implement template methods from AuthorizationPolicy
00032    //
00036    function effect() {
00037       // Check if the signoff exists
00038       $signoffDao =& DAORegistry::getDAO('SignoffDAO'); /* @var $signoffDao SignoffDAO */
00039       $signoff =& $signoffDao->getById($this->_request->getUserVar('signoffId'));
00040       $baseSignoff =& $signoff;
00041 
00042       // Check that the signoff exists
00043       if (!is_a($signoff, 'Signoff')) return AUTHORIZATION_DENY;
00044 
00045       // Check that we know what the current press is
00046       $press =& $this->_request->getPress();
00047       if (!is_a($press, 'Press')) return AUTHORIZATION_DENY;
00048 
00049       // Ensure that the signoff belongs to the current press
00050       $signoffDao =& DAORegistry::getDAO('SignoffDAO');
00051       $monographFileDao =& DAORegistry::getDAO('SubmissionFileDAO');
00052       $monographDao =& DAORegistry::getDAO('MonographDAO');
00053       while (true) switch ($signoff->getAssocType()) {
00054          case ASSOC_TYPE_SIGNOFF:
00055             // This signoff is attached to another signoff.
00056             // We need to determine that the attached
00057             // signoff belongs to the current press.
00058             $newSignoff =& $signoffDao->getById($signoff->getAssocId());
00059             if (!is_a($newSignoff, 'Signoff')) return AUTHORIZATION_DENY;
00060 
00061             // Flip the reference so that the new object
00062             // gets authorized.
00063             unset($signoff);
00064             $signoff =& $newSignoff;
00065             unset($newSignoff);
00066             break;
00067          case ASSOC_TYPE_MONOGRAPH_FILE:
00068             // Get the monograph file
00069             $monographFile =& $monographFileDao->getLatestRevision($signoff->getAssocId());
00070             if (!is_a($monographFile, 'MonographFile')) return AUTHORIZATION_DENY;
00071 
00072             // Get the monograph
00073             $monograph =& $monographDao->getById($monographFile->getSubmissionId(), $press->getId());
00074             if (!is_a($monograph, 'Monograph')) return AUTHORIZATION_DENY;
00075 
00076             // Integrity checks OK. Permit.
00077             $this->addAuthorizedContextObject(ASSOC_TYPE_SIGNOFF, $baseSignoff);
00078             return AUTHORIZATION_PERMIT;
00079          case ASSOC_TYPE_MONOGRAPH:
00080             $monograph =& $monographDao->getById($signoff->getAssocId());
00081             if (!is_a($monograph, 'Monograph')) return AUTHORIZATION_DENY;
00082 
00083             if ($monograph->getPressId() != $press->getId()) return AUTHORIZATION_DENY;
00084 
00085             // Checks out OK. Permit.
00086             $this->addAuthorizedContextObject(ASSOC_TYPE_SIGNOFF, $baseSignoff);
00087             return AUTHORIZATION_PERMIT;
00088          default: return AUTHORIZATION_DENY;
00089       }
00090    }
00091 }
00092 
00093 ?>