Open Monograph Press  3.3.0
FileUploadWizardHandler.inc.php
1 <?php
2 
21 // Import the base handler.
22 import('lib.pkp.controllers.wizard.fileUpload.PKPFileUploadWizardHandler');
23 
24 class FileUploadWizardHandler extends PKPFileUploadWizardHandler {
25  //
26  // Implement template methods from PKPHandler
27  //
28  function authorize($request, &$args, $roleAssignments) {
29  // We validate file stage outside a policy because
30  // we don't need to validate in another places.
31  $fileStage = $request->getUserVar('fileStage');
32  if ($fileStage) {
33  $submissionFileDao = DAORegistry::getDAO('SubmissionFileDAO'); /* @var $submissionFileDao SubmissionFileDAO */
34  $fileStages = $submissionFileDao->getAllFileStages();
35  if (!in_array($fileStage, $fileStages)) {
36  return false;
37  }
38  }
39 
40  // Validate file ids. We have two cases where we might have a file id.
41  // CASE 1: user is uploading a revision to a file, the revised file id
42  // will need validation.
43  $revisedFileId = (int)$request->getUserVar('revisedFileId');
44  // CASE 2: user already have uploaded a file (and it's editing the metadata),
45  // we will need to validate the uploaded file id.
46  $fileId = (int)$request->getUserVar('fileId');
47  // Get the right one to validate.
48  $fileIdToValidate = null;
49  if ($revisedFileId && !$fileId) {
50  $fileIdToValidate = $revisedFileId;
51  } else if ($fileId && !$revisedFileId) {
52  $fileIdToValidate = $fileId;
53  } else if ($revisedFileId && $fileId) {
54  // Those two cases will not happen at the same time.
55  return false;
56  }
57  if ($fileIdToValidate) {
58  import('lib.pkp.classes.security.authorization.SubmissionFileAccessPolicy');
59  $this->addPolicy(new SubmissionFileAccessPolicy($request, $args, $roleAssignments, SUBMISSION_FILE_ACCESS_READ, $fileIdToValidate));
60  }
61 
62  // Allow both reviewers (if in review) and context roles.
63  $stageId = (int)$request->getUserVar('stageId');
64  import('lib.pkp.classes.security.authorization.ReviewStageAccessPolicy');
65  $this->addPolicy(new ReviewStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId));
66 
67  // Authorize review round id when this handler is used in review stages -- except
68  // for query files, which belong to the stage rather than the review round.
69  import('lib.pkp.classes.submission.SubmissionFile');
70  if (($stageId == WORKFLOW_STAGE_ID_INTERNAL_REVIEW || $stageId == WORKFLOW_STAGE_ID_EXTERNAL_REVIEW) && !in_array($request->getUserVar('fileStage'), array(SUBMISSION_FILE_QUERY, SUBMISSION_FILE_DEPENDENT))) {
71  import('lib.pkp.classes.security.authorization.internal.ReviewRoundRequiredPolicy');
72  $this->addPolicy(new ReviewRoundRequiredPolicy($request, $args));
73  }
74 
75  return parent::authorize($request, $args, $roleAssignments);
76  }
77 }
78 
79 
FileUploadWizardHandler
A controller that handles basic server-side operations of the file upload wizard.
Definition: FileUploadWizardHandler.inc.php:24
PKPFileUploadWizardHandler
Definition: PKPFileUploadWizardHandler.inc.php:23
DAORegistry\getDAO
static & getDAO($name, $dbconn=null)
Definition: DAORegistry.inc.php:57
FileUploadWizardHandler\authorize
authorize($request, &$args, $roleAssignments)
Definition: FileUploadWizardHandler.inc.php:28
ReviewRoundRequiredPolicy
Policy that ensures that the request contains a valid review round.
Definition: ReviewRoundRequiredPolicy.inc.php:17
ReviewStageAccessPolicy
Class to control access to review stage components.
Definition: ReviewStageAccessPolicy.inc.php:18
SubmissionFileAccessPolicy
Base class to control (write) access to submissions and (read) access to submission files.
Definition: SubmissionFileAccessPolicy.inc.php:23
PKPHandler\addPolicy
addPolicy($authorizationPolicy, $addToTop=false)
Definition: PKPHandler.inc.php:157