| Server IP : 104.20.45.2 / Your IP : 172.16.20.3 Web Server : Apache/2.4.25 (Debian) System : Linux f64a392e70de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 User : application ( 1000) PHP Version : 5.6.40 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /app/classes/security/authorization/ |
Upload File : |
<?php
/**
* @file classes/security/authorization/OjsSubmissionAccessPolicy.inc.php
*
* Copyright (c) 2013-2019 Simon Fraser University
* Copyright (c) 2000-2019 John Willinsky
* Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
*
* @class OjsSubmissionAccessPolicy
* @ingroup security_authorization
*
* @brief Class to control access to OJS's submission editing components
*/
import('classes.security.authorization.internal.JournalPolicy');
import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
class OjsSubmissionAccessPolicy extends JournalPolicy {
/**
* Constructor
* @param $request PKPRequest
* @param $args array
* @param $roleAssignments array
* @param $submissionParameterName string
*/
function OjsSubmissionAccessPolicy(&$request, &$args, $roleAssignments, $submissionParameterName = 'articleId') {
parent::JournalPolicy($request);
// Create a "permit overrides" policy set that specifies
// editor and copyeditor access to submissions.
$submissionEditingPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
//
// Editor roles (Editor and Section Editor) policy
//
$editorsPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
// Editorial components can only be called if there's a
// valid section editor submission in the request.
// FIXME: We should find a way to check whether the user actually
// is a (section) editor before we execute this expensive policy.
import('classes.security.authorization.internal.SectionEditorSubmissionRequiredPolicy');
$editorsPolicy->addPolicy(new SectionEditorSubmissionRequiredPolicy($request, $args, $submissionParameterName));
$editorRolesPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
// Editors can access all operations.
$editorRolesPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_EDITOR, $roleAssignments[ROLE_ID_EDITOR]));
// Section editors
$sectionEditorPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
// 1) Section editors can access all remote operations ...
$sectionEditorPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SECTION_EDITOR, $roleAssignments[ROLE_ID_SECTION_EDITOR]));
// 2) ... but only if the requested submission has been explicitly assigned to them.
import('classes.security.authorization.internal.SectionSubmissionAssignmentPolicy');
$sectionEditorPolicy->addPolicy(new SectionSubmissionAssignmentPolicy($request));
$editorRolesPolicy->addPolicy($sectionEditorPolicy);
$editorsPolicy->addPolicy($editorRolesPolicy);
$submissionEditingPolicy->addPolicy($editorsPolicy);
//
// Copyeditor policy
//
$copyeditorPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
// 1) Copyeditors can only access editorial components when a valid
// copyeditor submission is in the request ...
import('classes.security.authorization.internal.CopyeditorSubmissionRequiredPolicy');
$copyeditorPolicy->addPolicy(new CopyeditorSubmissionRequiredPolicy($request, $args, $submissionParameterName));
// 2) ... If that's the case then copyeditors can access all remote operations ...
$copyeditorPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_COPYEDITOR, $roleAssignments[ROLE_ID_SECTION_EDITOR]));
// 3) ... but only if the requested submission has been explicitly assigned to them.
import('classes.security.authorization.internal.CopyeditorSubmissionAssignmentPolicy');
$copyeditorPolicy->addPolicy(new CopyeditorSubmissionAssignmentPolicy($request));
$submissionEditingPolicy->addPolicy($copyeditorPolicy);
// Add the submission editing policies to this policy set.
$this->addPolicy($submissionEditingPolicy);
}
}
?>