Open Preprint Systems  3.3.0
api/v1/submissions/SubmissionHandler.inc.php
1 <?php
2 
17 import('lib.pkp.api.v1.submissions.PKPSubmissionHandler');
18 import('lib.pkp.classes.handler.APIHandler');
19 import('classes.core.Services');
20 
21 class SubmissionHandler extends PKPSubmissionHandler {
22 
26  public function __construct() {
27  $this->_handlerPath = 'submissions';
28  $this->_endpoints = [
29  'GET' => [
30  [
31  'pattern' => $this->getEndpointPattern(),
32  'handler' => [$this, 'getMany'],
33  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_REVIEWER, ROLE_ID_AUTHOR],
34  ],
35  [
36  'pattern' => $this->getEndpointPattern() . '/{submissionId}',
37  'handler' => [$this, 'get'],
38  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_REVIEWER, ROLE_ID_AUTHOR],
39  ],
40  [
41  'pattern' => $this->getEndpointPattern() . '/{submissionId}/participants',
42  'handler' => [$this, 'getParticipants'],
43  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR],
44  ],
45  [
46  'pattern' => $this->getEndpointPattern() . '/{submissionId}/participants/{stageId}',
47  'handler' => [$this, 'getParticipants'],
48  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR],
49  ],
50  [
51  'pattern' => $this->getEndpointPattern() . '/{submissionId}/publications',
52  'handler' => [$this, 'getPublications'],
53  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_REVIEWER, ROLE_ID_AUTHOR],
54  ],
55  [
56  'pattern' => $this->getEndpointPattern() . '/{submissionId}/publications/{publicationId}',
57  'handler' => [$this, 'getPublication'],
58  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_REVIEWER, ROLE_ID_AUTHOR],
59  ],
60  [
61  'pattern' => $this->getEndpointPattern() . '/{submissionId}/publications/{publicationId}/publish',
62  'handler' => [$this, 'publishPublication'],
63  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_AUTHOR],
64  ],
65  ],
66  'POST' => [
67  [
68  'pattern' => $this->getEndpointPattern(),
69  'handler' => [$this, 'add'],
70  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR],
71  ],
72  [
73  'pattern' => $this->getEndpointPattern() . '/{submissionId}/publications',
74  'handler' => [$this, 'addPublication'],
75  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_AUTHOR],
76  ],
77  [
78  'pattern' => $this->getEndpointPattern() . '/{submissionId}/publications/{publicationId}/version',
79  'handler' => [$this, 'versionPublication'],
80  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_AUTHOR],
81  ],
82  ],
83  'PUT' => [
84  [
85  'pattern' => $this->getEndpointPattern() . '/{submissionId}',
86  'handler' => [$this, 'edit'],
87  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR],
88  ],
89  [
90  'pattern' => $this->getEndpointPattern() . '/{submissionId}/publications/{publicationId}',
91  'handler' => [$this, 'editPublication'],
92  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_AUTHOR],
93  ],
94  [
95  'pattern' => $this->getEndpointPattern() . '/{submissionId}/publications/{publicationId}/publish',
96  'handler' => [$this, 'publishPublication'],
97  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_AUTHOR],
98  ],
99  [
100  'pattern' => $this->getEndpointPattern() . '/{submissionId}/publications/{publicationId}/unpublish',
101  'handler' => [$this, 'unpublishPublication'],
102  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_AUTHOR],
103  ],
104  [
105  'pattern' => $this->getEndpointPattern() . '/{submissionId}/publications/{publicationId}/relate',
106  'handler' => [$this, 'relatePublication'],
107  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_AUTHOR],
108  ],
109  ],
110  'DELETE' => [
111  [
112  'pattern' => $this->getEndpointPattern() . '/{submissionId}',
113  'handler' => [$this, 'delete'],
114  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR],
115  ],
116  [
117  'pattern' => $this->getEndpointPattern() . '/{submissionId}/publications/{publicationId}',
118  'handler' => [$this, 'deletePublication'],
119  'roles' => [ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT],
120  ],
121  ],
122  ];
123  APIHandler::__construct();
124  }
125 
126  //
127  // Implement methods from PKPHandler
128  //
129  function authorize($request, &$args, $roleAssignments) {
130  $routeName = $this->getSlimRequest()->getAttribute('route')->getName();
131 
132  import('lib.pkp.classes.security.authorization.ContextAccessPolicy');
133  $this->addPolicy(new ContextAccessPolicy($request, $roleAssignments));
134 
135  $requiresSubmissionAccess = [
136  'get',
137  'edit',
138  'delete',
139  'getGalleys',
140  'getParticipants',
141  'getPublications',
142  'getPublication',
143  'addPublication',
144  'versionPublication',
145  'editPublication',
146  'publishPublication',
147  'unpublishPublication',
148  'deletePublication',
149  'relatePublication',
150  ];
151  if (in_array($routeName, $requiresSubmissionAccess)) {
152  import('lib.pkp.classes.security.authorization.SubmissionAccessPolicy');
153  $this->addPolicy(new SubmissionAccessPolicy($request, $args, $roleAssignments));
154  }
155 
156  $requiresPublicationWriteAccess = [
157  'addPublication',
158  'editPublication',
159  ];
160  if (in_array($routeName, $requiresPublicationWriteAccess)) {
161  import('lib.pkp.classes.security.authorization.PublicationWritePolicy');
162  $this->addPolicy(new PublicationWritePolicy($request, $args, $roleAssignments));
163  }
164 
165  $requiresProductionStageAccess = [
166  'versionPublication',
167  'publishPublication',
168  'unpublishPublication',
169  'deletePublication',
170  'relatePublication',
171  ];
172  if (in_array($routeName, $requiresProductionStageAccess)) {
173  // Can the user access this stage?
174  import('lib.pkp.classes.security.authorization.internal.UserAccessibleWorkflowStageRequiredPolicy');
175  $this->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request));
176 
177  import('lib.pkp.classes.security.authorization.StageRolePolicy');
178  $this->addPolicy(new StageRolePolicy([ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_AUTHOR]));
179  }
180 
181  return APIHandler::authorize($request, $args, $roleAssignments);
182  }
183 
192  public function relatePublication($slimRequest, $response, $args) {
193  $request = $this->getRequest();
194  $submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
195  $publication = Services::get('publication')->get((int) $args['publicationId']);
196 
197  if (!$publication) {
198  return $response->withStatus(404)->withJsonError('api.404.resourceNotFound');
199  }
200 
201  if ($submission->getId() !== $publication->getData('submissionId')) {
202  return $response->withStatus(403)->withJsonError('api.publications.403.submissionsDidNotMatch');
203  }
204 
205  if (!Services::get('publication')->canAuthorPublish($submission->getId())) {
206  return $response->withStatus(403)->withJsonError('api.publications.403.authorCantPublish');
207  }
208 
209  $publication = Services::get('publication')->relate($publication, $slimRequest->getParams());
210 
211  $publicationProps = Services::get('publication')->getFullProperties(
212  $publication,
213  [
214  'request' => $request,
215  'userGroups' => DAORegistry::getDAO('UserGroupDAO')->getByContextId($submission->getData('contextId'))->toArray(),
216  ]
217  );
218 
219  return $response->withJson($publicationProps, 200);
220  }
221 
222 }
APIHandler\__construct
__construct()
Definition: APIHandler.inc.php:43
UserAccessibleWorkflowStageRequiredPolicy
Policy to deny access if an user assigned workflow stage is not found.
Definition: UserAccessibleWorkflowStageRequiredPolicy.inc.php:19
SubmissionHandler\__construct
__construct()
Definition: api/v1/submissions/SubmissionHandler.inc.php:26
ContextAccessPolicy
Class to control access to PKP applications' setup components.
Definition: ContextAccessPolicy.inc.php:17
DAORegistry\getDAO
static & getDAO($name, $dbconn=null)
Definition: DAORegistry.inc.php:57
SubmissionHandler\relatePublication
relatePublication($slimRequest, $response, $args)
Definition: api/v1/submissions/SubmissionHandler.inc.php:192
SubmissionHandler
Handle API requests for submission operations.
Definition: api/v1/submissions/SubmissionHandler.inc.php:21
SubmissionHandler\authorize
authorize($request, &$args, $roleAssignments)
Definition: api/v1/submissions/SubmissionHandler.inc.php:129
PKPSubmissionHandler
Base handler for submission requests.
Definition: api/v1/submissions/PKPSubmissionHandler.inc.php:20
APIHandler\getSlimRequest
getSlimRequest()
Definition: APIHandler.inc.php:158
PublicationWritePolicy
Class to permit or deny write functions (add/edit) on a publication.
Definition: PublicationWritePolicy.inc.php:19
StageRolePolicy
Class to check if the user has an assigned role on a specific submission stage. Optionally deny autho...
Definition: StageRolePolicy.inc.php:19
PKPHandler\getAuthorizedContextObject
& getAuthorizedContextObject($assocType)
Definition: PKPHandler.inc.php:174
APIHandler\getRequest
getRequest()
Definition: APIHandler.inc.php:149
SubmissionAccessPolicy
Base class to control (write) access to submissions and (read) access to submission details in OMP.
Definition: SubmissionAccessPolicy.inc.php:19
PKPHandler\addPolicy
addPolicy($authorizationPolicy, $addToTop=false)
Definition: PKPHandler.inc.php:157
PKPHandler\authorize
authorize($request, &$args, $roleAssignments)
Definition: PKPHandler.inc.php:288
APIHandler\getEndpointPattern
getEndpointPattern()
Definition: APIHandler.inc.php:186
PKPServices\get
static get($service)
Definition: PKPServices.inc.php:49