Open Monograph Press  3.3.0
OmpPublishedSubmissionRequiredPolicy.inc.php
1 <?php
15 import('lib.pkp.classes.security.authorization.DataObjectRequiredPolicy');
16 
17 class OmpPublishedSubmissionRequiredPolicy extends DataObjectRequiredPolicy {
19  var $context;
20 
29  function __construct($request, &$args, $submissionParameterName = 'submissionId', $operations = null) {
30  parent::__construct($request, $args, $submissionParameterName, 'user.authorization.invalidPublishedSubmission', $operations);
31  $this->context = $request->getContext();
32  }
33 
34  //
35  // Implement template methods from AuthorizationPolicy
36  //
40  function dataObjectEffect() {
41  $submissionId = $this->getDataObjectId();
42  if (!$submissionId) return AUTHORIZATION_DENY;
43 
44  // Make sure the published submissions belongs to the press.
45  $submission = Services::get('submission')->getByUrlPath($submissionId, $this->context->getId());
46  if (!$submission && ctype_digit((string) $submissionId)) {
47  $submission = Services::get('submission')->get($submissionId);
48  }
49  if (!$submission || $submission->getData('status') !== STATUS_PUBLISHED) return AUTHORIZATION_DENY;
50 
51  // Save the published submission to the authorization context.
52  $this->addAuthorizedContextObject(ASSOC_TYPE_SUBMISSION, $submission);
53  return AUTHORIZATION_PERMIT;
54  }
55 
60  function getDataObjectId($lookOnlyByParameterName = false) {
61  // Identify the data object id.
62  $router = $this->_request->getRouter();
63  switch(true) {
64  case is_a($router, 'PKPPageRouter'):
65  if ( ctype_digit((string) $this->_request->getUserVar($this->_parameterName)) ) {
66  // We may expect a object id in the user vars
67  return (int) $this->_request->getUserVar($this->_parameterName);
68  } else if (isset($this->_args[0])) {
69  // Or the object id can be expected as the first path in the argument list
70  return $this->_args[0];
71  }
72  break;
73 
74  default:
75  return parent::getDataObjectId($lookOnlyByParameterName);
76  }
77 
78  return false;
79  }
80 }
81 
82 
OmpPublishedSubmissionRequiredPolicy\__construct
__construct($request, &$args, $submissionParameterName='submissionId', $operations=null)
Definition: OmpPublishedSubmissionRequiredPolicy.inc.php:32
AuthorizationPolicy\addAuthorizedContextObject
addAuthorizedContextObject($assocType, &$authorizedObject)
Definition: AuthorizationPolicy.inc.php:97
OmpPublishedSubmissionRequiredPolicy\dataObjectEffect
dataObjectEffect()
Definition: OmpPublishedSubmissionRequiredPolicy.inc.php:43
OmpPublishedSubmissionRequiredPolicy
Policy that ensures that the request contains a valid published submission.
Definition: OmpPublishedSubmissionRequiredPolicy.inc.php:17
OmpPublishedSubmissionRequiredPolicy\$context
$context
Definition: OmpPublishedSubmissionRequiredPolicy.inc.php:22
OmpPublishedSubmissionRequiredPolicy\getDataObjectId
getDataObjectId($lookOnlyByParameterName=false)
Definition: OmpPublishedSubmissionRequiredPolicy.inc.php:63
DataObjectRequiredPolicy
Abstract base class for policies that check for a data object from a parameter.
Definition: DataObjectRequiredPolicy.inc.php:17
PKPServices\get
static get($service)
Definition: PKPServices.inc.php:49