Skip to content

Commit

Permalink
Merge pull request #6792 from NateWr/i6762_attachments
Browse files Browse the repository at this point in the history 
#6762 Fix auth error when uploading files when requesting …
  • Loading branch information
@NateWr
NateWr committed Mar 1, 2021
2 parents 13a19a3 + 0bf33ca commit 7c9b1c7
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 2 additions & 0 deletions classes/submission/SubmissionFileDAO.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -762,6 +762,7 @@ public function getWorkflowStageId($submissionFile) {
case SUBMISSION_FILE_REVIEW_FILE:
case SUBMISSION_FILE_REVIEW_ATTACHMENT:
case SUBMISSION_FILE_REVIEW_REVISION:
case SUBMISSION_FILE_ATTACHMENT:
$reviewRoundDao = DAORegistry::getDAO('ReviewRoundDAO'); /* @var $reviewRoundDao ReviewRoundDAO */
$reviewRound = $reviewRoundDao->getBySubmissionFileId($submissionFile->getFileId());
return $reviewRound->getStageId();
Expand Down Expand Up @@ -854,6 +855,7 @@ public function getAssignedFileStageIds($stageAssignments, $action) {
// Authors can only write revision files under specific conditions
if ($action === SUBMISSION_FILE_ACCESS_READ || $hasEditorialAssignment) {
$allowedFileStageIds[] = SUBMISSION_FILE_REVIEW_REVISION;
$allowedFileStageIds[] = SUBMISSION_FILE_ATTACHMENT;
}
// Authors can never access review files
if ($hasEditorialAssignment) {
Expand Down
2 changes: 1 addition & 1 deletion controllers/wizard/fileUpload/PKPFileUploadWizardHandler.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ function authorize($request, &$args, $roleAssignments) {
$this->addPolicy(new SubmissionFileStageAccessPolicy($fileStage, SUBMISSION_FILE_ACCESS_MODIFY, 'user.authorization.accessDenied'));

// Additional checks before uploading to a review file stage
if (in_array($fileStage, [SUBMISSION_FILE_REVIEW_REVISION, SUBMISSION_FILE_REVIEW_FILE])
if (in_array($fileStage, [SUBMISSION_FILE_REVIEW_REVISION, SUBMISSION_FILE_REVIEW_FILE, SUBMISSION_FILE_ATTACHMENT])
|| $assocType === ASSOC_TYPE_REVIEW_ROUND) {
import('lib.pkp.classes.security.authorization.internal.ReviewRoundRequiredPolicy');
$this->addPolicy(new ReviewRoundRequiredPolicy($request, $args));
Expand Down

0 comments on commit 7c9b1c7

Please sign in to comment.