classes/security/authorization/internal/ReviewAssignmentRequiredPolicy.inc.php

<?php
import('lib.pkp.classes.security.authorization.DataObjectRequiredPolicy');

class ReviewAssignmentRequiredPolicy extends DataObjectRequiredPolicy {
   function ReviewAssignmentRequiredPolicy(&$request, &$args, $parameterName = 'reviewAssignmentId', $operations = null) {
      parent::DataObjectRequiredPolicy($request, $args, $parameterName, 'user.authorization.invalidReviewAssignment', $operations);
   }

   //
   // Implement template methods from AuthorizationPolicy
   //
   function dataObjectEffect() {
      $reviewId = (int)$this->getDataObjectId();
      if (!$reviewId) return AUTHORIZATION_DENY;

      $reviewAssignmentDao =& DAORegistry::getDAO('ReviewAssignmentDAO'); /* @var $reviewAssignmentDao ReviewAssignmentDAO */
      $reviewAssignment =& $reviewAssignmentDao->getById($reviewId);
      if (!is_a($reviewAssignment, 'ReviewAssignment')) return AUTHORIZATION_DENY;

      // Ensure that the review assignment actually belongs to the
      // authorized monograph.
      $monograph =& $this->getAuthorizedContextObject(ASSOC_TYPE_MONOGRAPH);
      if ($reviewAssignment->getSubmissionId() != $monograph->getId()) AUTHORIZATION_DENY;

      // Ensure that the review assignment is for this workflow stage
      $stageId = $this->getAuthorizedContextObject(ASSOC_TYPE_WORKFLOW_STAGE);
      if ($reviewAssignment->getStageId() != $stageId) return AUTHORIZATION_DENY;

      // Save the review Assignment to the authorization context.
      $this->addAuthorizedContextObject(ASSOC_TYPE_REVIEW_ASSIGNMENT, $reviewAssignment);
      return AUTHORIZATION_PERMIT;
   }
}

?>