Open Monograph Press  3.3.0
DataObjectRequiredPolicy.inc.php
1 <?php
15 import('lib.pkp.classes.security.authorization.AuthorizationPolicy');
16 
17 class DataObjectRequiredPolicy extends AuthorizationPolicy {
19  var $_request;
20 
22  var $_args;
23 
25  var $_parameterName;
26 
28  var $_operations;
29 
30  //
31  // Getters and Setters
32  //
37  function &getRequest() {
38  return $this->_request;
39  }
40 
45  function &getArgs() {
46  return $this->_args;
47  }
48 
57  function __construct($request, &$args, $parameterName, $message = null, $operations = null) {
58  parent::__construct($message);
59  $this->_request = $request;
60  assert(is_array($args));
61  $this->_args =& $args;
62  $this->_parameterName = $parameterName;
63  $this->_operations = $operations;
64  }
65 
66  //
67  // Implement template methods from AuthorizationPolicy
68  //
72  function effect() {
73  // Check if the object is required for the requested Op. (No operations means check for all.)
74  if (is_array($this->_operations) && !in_array($this->_request->getRequestedOp(), $this->_operations)) {
75  return AUTHORIZATION_PERMIT;
76  } else {
77  return $this->dataObjectEffect();
78  }
79  }
80 
81  //
82  // Protected helper method
83  //
88  function dataObjectEffect() {
89  // Deny by default. Must be implemented by subclass.
90  return AUTHORIZATION_DENY;
91  }
92 
99  function getDataObjectId($lookOnlyByParameterName = false) {
100  // Identify the data object id.
101  $router = $this->_request->getRouter();
102  switch(true) {
103  case is_a($router, 'PKPPageRouter'):
104  if ( ctype_digit((string) $this->_request->getUserVar($this->_parameterName)) ) {
105  // We may expect a object id in the user vars
106  return (int) $this->_request->getUserVar($this->_parameterName);
107  } else if (!$lookOnlyByParameterName && isset($this->_args[0]) && ctype_digit((string) $this->_args[0])) {
108  // Or the object id can be expected as the first path in the argument list
109  return (int) $this->_args[0];
110  }
111  break;
112 
113  case is_a($router, 'PKPComponentRouter'):
114  // We expect a named object id argument.
115  if (isset($this->_args[$this->_parameterName])
116  && ctype_digit((string) $this->_args[$this->_parameterName])) {
117  return (int) $this->_args[$this->_parameterName];
118  }
119  break;
120 
121  case is_a($router, 'APIRouter'):
122  $handler = $router->getHandler();
123  return $handler->getParameter($this->_parameterName);
124  break;
125 
126  default:
127  assert(false);
128  }
129 
130  return false;
131  }
132 }
133 
134 
DataObjectRequiredPolicy\getRequest
& getRequest()
Definition: DataObjectRequiredPolicy.inc.php:49
DataObjectRequiredPolicy\$_operations
$_operations
Definition: DataObjectRequiredPolicy.inc.php:40
DataObjectRequiredPolicy\$_request
$_request
Definition: DataObjectRequiredPolicy.inc.php:22
DataObjectRequiredPolicy\effect
effect()
Definition: DataObjectRequiredPolicy.inc.php:84
DataObjectRequiredPolicy\dataObjectEffect
dataObjectEffect()
Definition: DataObjectRequiredPolicy.inc.php:100
DataObjectRequiredPolicy\getDataObjectId
getDataObjectId($lookOnlyByParameterName=false)
Definition: DataObjectRequiredPolicy.inc.php:111
DataObjectRequiredPolicy\__construct
__construct($request, &$args, $parameterName, $message=null, $operations=null)
Definition: DataObjectRequiredPolicy.inc.php:69
DataObjectRequiredPolicy\$_parameterName
$_parameterName
Definition: DataObjectRequiredPolicy.inc.php:34
DataObjectRequiredPolicy\$_args
$_args
Definition: DataObjectRequiredPolicy.inc.php:28
AuthorizationPolicy
Class to represent an authorization policy.
Definition: AuthorizationPolicy.inc.php:31
DataObjectRequiredPolicy
Abstract base class for policies that check for a data object from a parameter.
Definition: DataObjectRequiredPolicy.inc.php:17
DataObjectRequiredPolicy\getArgs
& getArgs()
Definition: DataObjectRequiredPolicy.inc.php:57