*5540* Implement new authorization approach that works for AJAX compo…

…nents and page handlers - implemented correct folder structure and nomenclature in OJS

classes/controllers/grid/filter/FilterGridHandler.inc.php

@@ -38,8 +38,8 @@ function FilterGridHandler() {
 	 */
 	function authorize(&$request, &$args, $roleAssignments) {
 		// Make sure the user can change the journal setup.
-		import('classes.security.authorization.OjsJournalSetupPolicy');
-		$this->addPolicy(new OjsJournalSetupPolicy($request, $roleAssignments));
+		import('classes.security.authorization.OjsJournalAccessPolicy');
+		$this->addPolicy(new OjsJournalAccessPolicy($request, $roleAssignments));
 		return parent::authorize($request, $args, $roleAssignments);
 	}
 }

classes/security/authorization/OjsJournalAccessPolicy.inc.php

@@ -0,0 +1,37 @@
+<?php
+/**
+ * @file classes/security/authorization/OjsJournalAccessPolicy.inc.php
+ *
+ * Copyright (c) 2000-2010 John Willinsky
+ * Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
+ *
+ * @class OjsJournalAccessPolicy
+ * @ingroup security_authorization
+ *
+ * @brief Class to control access to OJS' journal setup components
+ */
+
+import('classes.security.authorization.internal.JournalPolicy');
+
+class OjsJournalAccessPolicy extends JournalPolicy {
+	/**
+	 * Constructor
+	 * @param $request PKPRequest
+	 * @param $roleAssignments array
+	 */
+	function OjsJournalAccessPolicy(&$request, $roleAssignments) {
+		parent::JournalPolicy($request);
+
+		// On journal level we don't have role-specific conditions
+		// so we can simply add all role assignments. It's ok if
+		// any of these role conditions permits access.
+		$journalRolePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
+		import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
+		foreach($roleAssignments as $role => $operations) {
+			$journalRolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $role, $operations));
+		}
+		$this->addPolicy($journalRolePolicy);
+	}
+}
+
+?>

classes/security/authorization/OjsSubmissionEditingPolicy.inc.php → classes/security/authorization/OjsSubmissionAccessPolicy.inc.php

@@ -1,29 +1,29 @@
 <?php
 /**
- * @file classes/security/authorization/OjsSubmissionEditingPolicy.inc.php
+ * @file classes/security/authorization/OjsSubmissionAccessPolicy.inc.php
  *
  * Copyright (c) 2000-2010 John Willinsky
  * Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
  *
- * @class OjsSubmissionEditingPolicy
+ * @class OjsSubmissionAccessPolicy
  * @ingroup security_authorization
  *
  * @brief Class to control access to OJS's submission editing components
  */
 
-import('classes.security.authorization.OjsJournalPolicy');
+import('classes.security.authorization.internal.JournalPolicy');
 import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
 
-class OjsSubmissionEditingPolicy extends OjsJournalPolicy {
+class OjsSubmissionAccessPolicy extends JournalPolicy {
 	/**
 	 * Constructor
 	 * @param $request PKPRequest
 	 * @param $args array
 	 * @param $roleAssignments array
 	 * @param $submissionParameterName string
 	 */
-	function OjsSubmissionEditingPolicy(&$request, &$args, $roleAssignments, $submissionParameterName = 'articleId') {
-		parent::OjsJournalPolicy($request);
+	function OjsSubmissionAccessPolicy(&$request, &$args, $roleAssignments, $submissionParameterName = 'articleId') {
+		parent::JournalPolicy($request);
 
 		// Create a "permit overrides" policy set that specifies
 		// editor and copyeditor access to submissions.
@@ -38,7 +38,7 @@ function OjsSubmissionEditingPolicy(&$request, &$args, $roleAssignments, $submis
 		// valid section editor submission in the request.
 		// FIXME: We should find a way to check whether the user actually
 		// is a (section) editor before we execute this expensive policy.
-		import('classes.security.authorization.SectionEditorSubmissionRequiredPolicy');
+		import('classes.security.authorization.internal.SectionEditorSubmissionRequiredPolicy');
 		$editorsPolicy->addPolicy(new SectionEditorSubmissionRequiredPolicy($request, $args, $submissionParameterName));
 
 		$editorRolesPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
@@ -52,7 +52,7 @@ function OjsSubmissionEditingPolicy(&$request, &$args, $roleAssignments, $submis
 		$sectionEditorPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SECTION_EDITOR, $roleAssignments[ROLE_ID_SECTION_EDITOR]));
 
 		// 2) ... but only if the requested submission has been explicitly assigned to them.
-		import('classes.security.authorization.SectionSubmissionAssignmentPolicy');
+		import('classes.security.authorization.internal.SectionSubmissionAssignmentPolicy');
 		$sectionEditorPolicy->addPolicy(new SectionSubmissionAssignmentPolicy($request));
 		$editorRolesPolicy->addPolicy($sectionEditorPolicy);
 
@@ -68,14 +68,14 @@ function OjsSubmissionEditingPolicy(&$request, &$args, $roleAssignments, $submis
 
 		// 1) Copyeditors can only access editorial components when a valid
 		//    copyeditor submission is in the request ...
-		import('classes.security.authorization.CopyeditorSubmissionRequiredPolicy');
+		import('classes.security.authorization.internal.CopyeditorSubmissionRequiredPolicy');
 		$copyeditorPolicy->addPolicy(new CopyeditorSubmissionRequiredPolicy($request, $args, $submissionParameterName));
 
 		// 2) ... If that's the case then copyeditors can access all remote operations ...
 		$copyeditorPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_COPYEDITOR, $roleAssignments[ROLE_ID_SECTION_EDITOR]));
 
 		// 3) ... but only if the requested submission has been explicitly assigned to them.
-		import('classes.security.authorization.CopyeditorSubmissionAssignmentPolicy');
+		import('classes.security.authorization.internal.CopyeditorSubmissionAssignmentPolicy');
 		$copyeditorPolicy->addPolicy(new CopyeditorSubmissionAssignmentPolicy($request));
 
 		$submissionEditingPolicy->addPolicy($copyeditorPolicy);

classes/security/authorization/CopyeditorSubmissionAssignmentPolicy.inc.php → classes/security/authorization/internal/CopyeditorSubmissionAssignmentPolicy.inc.php

@@ -1,12 +1,12 @@
 <?php
 /**
- * @file classes/security/authorization/CopyeditorSubmissionAssignmentPolicy.inc.php
+ * @file classes/security/authorization/internal/CopyeditorSubmissionAssignmentPolicy.inc.php
  *
  * Copyright (c) 2000-2010 John Willinsky
  * Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
  *
  * @class CopyeditorSubmissionAssignmentPolicy
- * @ingroup security_authorization
+ * @ingroup security_authorization_internal
  *
  * @brief Class to control access of copyeditors to submissions.
  *

classes/security/authorization/CopyeditorSubmissionRequiredPolicy.inc.php → classes/security/authorization/internal/CopyeditorSubmissionRequiredPolicy.inc.php

@@ -1,12 +1,12 @@
 <?php
 /**
- * @file classes/security/authorization/CopyeditorSubmissionRequiredPolicy.inc.php
+ * @file classes/security/authorization/internal/CopyeditorSubmissionRequiredPolicy.inc.php
  *
  * Copyright (c) 2000-2010 John Willinsky
  * Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
  *
  * @class CopyeditorSubmissionRequiredPolicy
- * @ingroup security_authorization
+ * @ingroup security_authorization_internal
  *
  * @brief Policy that ensures that the request contains a valid
  *  copyeditor submission.
@@ -20,7 +20,7 @@ class CopyeditorSubmissionRequiredPolicy extends SubmissionRequiredPolicy {
 	 * @param $request PKPRequest
 	 */
 	function CopyeditorSubmissionRequiredPolicy(&$request, &$args, $submissionParameterName = 'articleId') {
-		parent::SubmissionRequiredPolicy($request, $args, $submissionParameterName, 'Invalid section editor submission or no section editor submission requested!');
+		parent::SubmissionRequiredPolicy($request, $args, $submissionParameterName);
 	}
 
 	//

classes/security/authorization/OjsJournalPolicy.inc.php → classes/security/authorization/internal/JournalPolicy.inc.php

@@ -1,28 +1,28 @@
 <?php
 /**
- * @file classes/security/authorization/OjsJournalPolicy.inc.php
+ * @file classes/security/authorization/internal/JournalPolicy.inc.php
  *
  * Copyright (c) 2000-2010 John Willinsky
  * Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
  *
- * @class OjsJournalPolicy
- * @ingroup security_authorization
+ * @class JournalPolicy
+ * @ingroup security_authorization_internal
  *
  * @brief Policy that ensures availability of an OJS journal in
  *  the request context
  */
 
 import('lib.pkp.classes.security.authorization.PolicySet');
 
-class OjsJournalPolicy extends PolicySet {
+class JournalPolicy extends PolicySet {
 	/**
 	 * Constructor
 	 * @param $request PKPRequest
 	 */
-	function OjsJournalPolicy(&$request) {
+	function JournalPolicy(&$request) {
 		parent::PolicySet();
 
-		// Ensure that we have a journal in the context
+		// Ensure that we have a journal in the context.
 		import('lib.pkp.classes.security.authorization.ContextRequiredPolicy');
 		$this->addPolicy(new ContextRequiredPolicy($request, 'No journal in context!'));
 	}

classes/security/authorization/SectionEditorSubmissionRequiredPolicy.inc.php → classes/security/authorization/internal/SectionEditorSubmissionRequiredPolicy.inc.php

@@ -1,12 +1,12 @@
 <?php
 /**
- * @file classes/security/authorization/SectionEditorSubmissionRequiredPolicy.inc.php
+ * @file classes/security/authorization/internal/SectionEditorSubmissionRequiredPolicy.inc.php
  *
  * Copyright (c) 2000-2010 John Willinsky
  * Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
  *
  * @class SectionEditorSubmissionRequiredPolicy
- * @ingroup security_authorization
+ * @ingroup security_authorization_internal
  *
  * @brief Policy that ensures that the request contains a valid section
  *  editor submission.
@@ -20,7 +20,7 @@ class SectionEditorSubmissionRequiredPolicy extends SubmissionRequiredPolicy {
 	 * @param $request PKPRequest
 	 */
 	function SectionEditorSubmissionRequiredPolicy(&$request, &$args, $submissionParameterName = 'articleId') {
-		parent::SubmissionRequiredPolicy($request, $args, $submissionParameterName, 'Invalid section editor submission or no section editor submission requested!');
+		parent::SubmissionRequiredPolicy($request, $args, $submissionParameterName, 'user.authorization.invalidSectionEditorSubmission');
 	}
 
 	//

classes/security/authorization/SectionSubmissionAssignmentPolicy.inc.php → classes/security/authorization/internal/SectionSubmissionAssignmentPolicy.inc.php

@@ -1,12 +1,12 @@
 <?php
 /**
- * @file classes/security/authorization/SectionSubmissionAssignmentPolicy.inc.php
+ * @file classes/security/authorization/internal/SectionSubmissionAssignmentPolicy.inc.php
  *
  * Copyright (c) 2000-2010 John Willinsky
  * Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
  *
  * @class SectionSubmissionAssignmentPolicy
- * @ingroup security_authorization
+ * @ingroup security_authorization_internal
  *
  * @brief Class to control access to journal sections.
  *

controllers/grid/citation/CitationGridHandler.inc.php

@@ -40,8 +40,8 @@ function CitationGridHandler() {
 	 */
 	function authorize(&$request, &$args, $roleAssignments) {
 		// Make sure the user can edit the submission in the request.
-		import('classes.security.authorization.OjsSubmissionEditingPolicy');
-		$this->addPolicy(new OjsSubmissionEditingPolicy($request, $args, $roleAssignments, 'assocId'));
+		import('classes.security.authorization.OjsSubmissionAccessPolicy');
+		$this->addPolicy(new OjsSubmissionAccessPolicy($request, $args, $roleAssignments, 'assocId'));
 		return parent::authorize($request, $args, $roleAssignments);
 	}