AutoMedSysAI/OSJ
1
0
Fork 0
Code Issues Pull Requests Releases Activity

first commit

Browse Source
This commit is contained in:
CHIEFSOFT\ameye
2024-06-08 17:09:23 -04:00
commit df3a033196
17887 changed files with 8637778 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
classes/security/authorization/OjsIssueGalleyRequiredPolicy.php
+69
View File
@@ -0,0 +1,69 @@
<?php
/**
* @file classes/security/authorization/OjsIssueGalleyRequiredPolicy.php
*
* Copyright (c) 2014-2021 Simon Fraser University
* Copyright (c) 2000-2021 John Willinsky
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
*
* @class OjsIssueGalleyRequiredPolicy
*
* @ingroup security_authorization_internal
*
* @brief Policy that ensures that the request contains a valid issue galley.
*/
namespace APP\security\authorization;
use APP\core\Application;
use APP\core\Request;
use APP\issue\IssueGalley;
use APP\issue\IssueGalleyDAO;
use PKP\db\DAORegistry;
use PKP\security\authorization\AuthorizationPolicy;
use PKP\security\authorization\DataObjectRequiredPolicy;
class OjsIssueGalleyRequiredPolicy extends DataObjectRequiredPolicy
{
/**
* Constructor
*
* @param Request $request
* @param array $args request parameters
* @param array $operations
*/
public function __construct($request, &$args, $operations = null)
{
parent::__construct($request, $args, 'issueGalleyId', 'user.authorization.invalidIssueGalley', $operations);
}
//
// Implement template methods from AuthorizationPolicy
//
/**
* @see DataObjectRequiredPolicy::dataObjectEffect()
*/
public function dataObjectEffect()
{
$issueGalleyId = (int)$this->getDataObjectId();
if (!$issueGalleyId) {
return AuthorizationPolicy::AUTHORIZATION_DENY;
}
// Make sure the issue galley belongs to the journal.
$issue = $this->getAuthorizedContextObject(Application::ASSOC_TYPE_ISSUE);
$issueGalleyDao = DAORegistry::getDAO('IssueGalleyDAO'); /** @var IssueGalleyDAO $issueGalleyDao */
$issueGalley = $issueGalleyDao->getById($issueGalleyId, $issue->getId());
if (!$issueGalley instanceof IssueGalley) {
return AuthorizationPolicy::AUTHORIZATION_DENY;
}
// Save the publication format to the authorization context.
$this->addAuthorizedContextObject(Application::ASSOC_TYPE_ISSUE_GALLEY, $issueGalley);
return AuthorizationPolicy::AUTHORIZATION_PERMIT;
}
}
if (!PKP_STRICT_MODE) {
class_alias('\APP\security\authorization\OjsIssueGalleyRequiredPolicy', '\OjsIssueGalleyRequiredPolicy');
}
classes/security/authorization/OjsIssueRequiredPolicy.php
+118
View File
@@ -0,0 +1,118 @@
<?php
/**
* @file classes/security/authorization/OjsIssueRequiredPolicy.php
*
* Copyright (c) 2014-2021 Simon Fraser University
* Copyright (c) 2000-2021 John Willinsky
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
*
* @class OjsIssueRequiredPolicy
*
* @ingroup security_authorization_internal
*
* @brief Policy that ensures that the request contains a valid issue.
*/
namespace APP\security\authorization;
use APP\core\Application;
use APP\core\Request;
use APP\facades\Repo;
use APP\issue\Issue;
use APP\journal\Journal;
use Exception;
use PKP\security\authorization\AuthorizationPolicy;
use PKP\security\authorization\DataObjectRequiredPolicy;
use PKP\security\Role;
class OjsIssueRequiredPolicy extends DataObjectRequiredPolicy
{
/** @var Journal */
public $journal;
/**
* Constructor
*
* @param Request $request
* @param array $args request parameters
* @param array $operations
*/
public function __construct($request, &$args, $operations = null)
{
parent::__construct($request, $args, 'issueId', 'user.authorization.invalidIssue', $operations);
$this->journal = $request->getJournal();
}
//
// Implement template methods from AuthorizationPolicy
//
/**
* @see DataObjectRequiredPolicy::dataObjectEffect()
*/
public function dataObjectEffect()
{
$issueId = $this->getDataObjectId();
if (!$issueId) {
return AuthorizationPolicy::AUTHORIZATION_DENY;
}
// Make sure the issue belongs to the journal.
$issue = Repo::issue()->getByBestId($issueId, $this->journal->getId());
if (!$issue instanceof Issue) {
return AuthorizationPolicy::AUTHORIZATION_DENY;
}
// The issue must be published, or we must have pre-publication
// access to it.
$userRoles = $this->getAuthorizedContextObject(Application::ASSOC_TYPE_USER_ROLES);
if (!$issue->getPublished() && count(array_intersect(
(array) $userRoles,
[
Role::ROLE_ID_SITE_ADMIN,
Role::ROLE_ID_MANAGER,
Role::ROLE_ID_SUB_EDITOR,
Role::ROLE_ID_ASSISTANT,
]
)) == 0) {
return AuthorizationPolicy::AUTHORIZATION_DENY;
}
// Save the issue to the authorization context.
$this->addAuthorizedContextObject(Application::ASSOC_TYPE_ISSUE, $issue);
return AuthorizationPolicy::AUTHORIZATION_PERMIT;
}
/**
* @copydoc DataObjectRequiredPolicy::getDataObjectId()
* Considers a not numeric public URL identifier
*/
public function getDataObjectId($lookOnlyByParameterName = false)
{
if ($lookOnlyByParameterName) {
throw new Exception('lookOnlyByParameterName not supported for issues.');
}
// Identify the data object id.
$router = $this->_request->getRouter();
switch (true) {
case $router instanceof \PKP\core\PKPPageRouter:
if ($this->_parameterName !== null && ctype_digit((string) $this->_request->getUserVar($this->_parameterName))) {
// We may expect a object id in the user vars
return (int) $this->_request->getUserVar($this->_parameterName);
} elseif (isset($this->_args[0])) {
// Or the object id can be expected as the first path in the argument list
return $this->_args[0];
}
break;
default:
return parent::getDataObjectId();
}
return false;
}
}
if (!PKP_STRICT_MODE) {
class_alias('\APP\security\authorization\OjsIssueRequiredPolicy', '\OjsIssueRequiredPolicy');
}
classes/security/authorization/OjsJournalMustPublishPolicy.php
+72
View File
@@ -0,0 +1,72 @@
<?php
/**
* @file classes/security/authorization/OjsJournalMustPublishPolicy.php
*
* Copyright (c) 2014-2021 Simon Fraser University
* Copyright (c) 2000-2021 John Willinsky
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
*
* @class OjsJournalMustPublishPolicy
*
* @ingroup security_authorization
*
* @brief Access policy to limit access to journals that do not publish online.
*/
namespace APP\security\authorization;
use APP\core\Application;
use APP\core\Request;
use PKP\security\authorization\AuthorizationPolicy;
use PKP\security\Role;
class OjsJournalMustPublishPolicy extends AuthorizationPolicy
{
public $_context;
/**
* Constructor
*
* @param Request $request
*/
public function __construct($request)
{
parent::__construct('user.authorization.journalDoesNotPublish');
$this->_context = $request->getContext();
}
//
// Implement template methods from AuthorizationPolicy
//
public function effect()
{
if (!$this->_context) {
return AuthorizationPolicy::AUTHORIZATION_DENY;
}
// Certain roles are allowed to see unpublished content.
$userRoles = (array) $this->getAuthorizedContextObject(Application::ASSOC_TYPE_USER_ROLES);
if (count(array_intersect(
$userRoles,
[
Role::ROLE_ID_MANAGER,
Role::ROLE_ID_SITE_ADMIN,
Role::ROLE_ID_ASSISTANT,
Role::ROLE_ID_SUB_EDITOR,
Role::ROLE_ID_SUBSCRIPTION_MANAGER,
]
)) > 0) {
return AuthorizationPolicy::AUTHORIZATION_PERMIT;
}
if ($this->_context->getData('publishingMode') == \APP\journal\Journal::PUBLISHING_MODE_NONE) {
return AuthorizationPolicy::AUTHORIZATION_DENY;
}
return AuthorizationPolicy::AUTHORIZATION_PERMIT;
}
}
if (!PKP_STRICT_MODE) {
class_alias('\APP\security\authorization\OjsJournalMustPublishPolicy', '\OjsJournalMustPublishPolicy');
}