SubmissionFileNotQueryAccessPolicy.inc.php

<?php
import('lib.pkp.classes.security.authorization.internal.SubmissionFileBaseAccessPolicy');
 
class SubmissionFileNotQueryAccessPolicy extends SubmissionFileBaseAccessPolicy {
 
   function effect() {
      $request = $this->getRequest();
 
      // Get the submission file
      $submissionFile = $this->getSubmissionFile($request);
      if (!is_a($submissionFile, 'SubmissionFile')) return AUTHORIZATION_DENY;
 
      // Check if it's associated with a note.
      if ($submissionFile->getAssocType() != ASSOC_TYPE_NOTE) return AUTHORIZATION_PERMIT;
 
      // Check if that note is associated with a query
      $noteDao = DAORegistry::getDAO('NoteDAO'); /* @var $noteDao NoteDAO */
      $note = $noteDao->getById($submissionFile->getAssocId());
      if ($note->getAssocType() != ASSOC_TYPE_QUERY) return AUTHORIZATION_PERMIT;
 
      return AUTHORIZATION_DENY;
   }
}