Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
*8148* introduce workflow stage access policy
- Loading branch information
Showing
1 changed file
with
50 additions
and
0 deletions.
There are no files selected for viewing
50 changes: 50 additions & 0 deletions
50
classes/security/authorization/WorkflowStageAccessPolicy.inc.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
<?php | ||
/** | ||
* @file classes/security/authorization/WorkflowStageAccessPolicy.inc.php | ||
* | ||
* Copyright (c) 2000-2013 John Willinsky | ||
* Distributed under the GNU GPL v2. For full terms see the file docs/COPYING. | ||
* | ||
* @class WorkflowStageAccessPolicy | ||
* @ingroup security_authorization | ||
* | ||
* @brief Class to control access to OMP's submission workflow stage components | ||
*/ | ||
|
||
import('lib.pkp.classes.security.authorization.internal.PKPWorkflowStageAccessPolicy'); | ||
|
||
class WorkflowStageAccessPolicy extends PKPWorkflowStageAccessPolicy { | ||
/** | ||
* Constructor | ||
* @param $request PKPRequest | ||
* @param $args array request arguments | ||
* @param $roleAssignments array | ||
* @param $submissionParameterName string | ||
* @param $stageId integer One of the WORKFLOW_STAGE_ID_* constants. | ||
*/ | ||
function WorkflowStageAccessPolicy(&$request, &$args, $roleAssignments, $submissionParameterName = 'submissionId', $stageId) { | ||
parent::PKPWorkflowStageAccessPolicy($request, $args, $roleAssignments, $submissionParameterName, $stageId); | ||
|
||
// A workflow stage component can only be called if there's a | ||
// valid section editor submission in the request. | ||
import('classes.security.authorization.internal.SectionEditorSubmissionRequiredPolicy'); | ||
$this->addPolicy(new SectionEditorSubmissionRequiredPolicy($request, $args, $submissionParameterName)); | ||
|
||
// Add the user accessible workflow stages object to the authorized context. | ||
import('classes.security.authorization.internal.UserAccessibleWorkflowStageRequiredPolicy'); | ||
$this->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request)); | ||
|
||
// Users can access all whitelisted operations for submissions and workflow stages... | ||
$roleBasedPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES); | ||
foreach ($roleAssignments as $roleId => $operations) { | ||
$roleBasedPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $roleId, $operations)); | ||
} | ||
$this->addPolicy($roleBasedPolicy); | ||
|
||
// ... if they can access the requested workflow stage. | ||
import('lib.pkp.classes.security.authorization.internal.UserAccessibleWorkflowStagePolicy'); | ||
$this->addPolicy(new UserAccessibleWorkflowStagePolicy($stageId)); | ||
} | ||
} | ||
|
||
?> |