AutoMedSysAI/OSJ
1
0
Fork 0
Code Issues Pull Requests Releases Activity

first commit

Browse Source
This commit is contained in:
CHIEFSOFT\ameye
2024-06-08 17:09:23 -04:00
commit df3a033196
17887 changed files with 8637778 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/pkp/classes/security/authorization/internal/DecisionAllowedPolicy.php
+104
View File
@@ -0,0 +1,104 @@
<?php
/**
* @file classes/security/authorization/internal/DecisionAllowedPolicy.php
*
* Copyright (c) 2014-2022 Simon Fraser University
* Copyright (c) 2000-2022 John Willinsky
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
*
* @class DecisionAllowedPolicy
*
* @ingroup security_authorization_internal
*
* @brief Checks whether a user is allowed to take the authorized decision
* on the authorized submission. Also relies on authorized roles.
*/
namespace PKP\security\authorization\internal;
use APP\core\Application;
use APP\facades\Repo;
use PKP\db\DAORegistry;
use PKP\security\authorization\AuthorizationPolicy;
use PKP\security\Role;
use PKP\stageAssignment\StageAssignmentDAO;
use PKP\user\User;
class DecisionAllowedPolicy extends AuthorizationPolicy
{
protected ?User $user;
/**
* Constructor
*
*/
public function __construct(?User $user)
{
parent::__construct('editor.submission.workflowDecision.disallowedDecision');
$this->user = $user;
}
/**
* @see AuthorizationPolicy::effect()
*/
public function effect()
{
if (!$this->user) {
return AuthorizationPolicy::AUTHORIZATION_DENY;
}
$submission = $this->getAuthorizedContextObject(Application::ASSOC_TYPE_SUBMISSION);
$decisionType = $this->getAuthorizedContextObject(Application::ASSOC_TYPE_DECISION_TYPE);
$stageAssignmentDao = DAORegistry::getDAO('StageAssignmentDAO'); /** @var StageAssignmentDAO $stageAssignmentDao */
$result = $stageAssignmentDao->getBySubmissionAndUserIdAndStageId($submission->getId(), $this->user->getId(), $submission->getData('stageId'));
$stageAssignments = $result->toArray();
if (empty($stageAssignments)) {
$userRoles = $this->getAuthorizedContextObject(Application::ASSOC_TYPE_USER_ROLES);
$canAccessUnassignedSubmission = !empty(array_intersect([Role::ROLE_ID_SITE_ADMIN, Role::ROLE_ID_MANAGER], $userRoles));
if ($canAccessUnassignedSubmission) {
return AuthorizationPolicy::AUTHORIZATION_PERMIT;
} else {
$this->setAdvice(self::AUTHORIZATION_ADVICE_DENY_MESSAGE, 'editor.submission.workflowDecision.noUnassignedDecisions');
return AuthorizationPolicy::AUTHORIZATION_DENY;
}
} else {
$isAllowed = false;
foreach ($stageAssignments as $stageAssignment) {
$userGroup = Repo::userGroup()->get($stageAssignment->getUserGroupId());
if (!in_array($userGroup->getRoleId(), [Role::ROLE_ID_MANAGER, Role::ROLE_ID_SUB_EDITOR])) {
continue;
}
if (Repo::decision()->isRecommendation($decisionType->getDecision()) && $stageAssignment->getRecommendOnly()) {
$isAllowed = true;
} elseif (!$stageAssignment->getRecommendOnly()) {
$isAllowed = true;
}
// Check whether there is a decision that a recommending role can make on the stage the submission is in.
$recommendatorsAvailableDecisions = Repo::decision()
->getDecisionTypesMadeByRecommendingUsers($submission->getData('stageId'));
// if there is any decision that the recommending role is allowed to make, check if the current decision is within the allowed ones
if (!empty($recommendatorsAvailableDecisions)) {
$matches = array_filter($recommendatorsAvailableDecisions, function ($decisionInArray) use ($decisionType) {
return $decisionInArray->getDecision() === $decisionType->getDecision();
});
if (!empty($matches)) {
$isAllowed = true;
}
}
}
if ($isAllowed) {
return AuthorizationPolicy::AUTHORIZATION_PERMIT;
}
}
return AuthorizationPolicy::AUTHORIZATION_DENY;
}
}
if (!PKP_STRICT_MODE) {
class_alias('\PKP\security\authorization\internal\DecisionAllowedPolicy', '\DecisionAllowedPolicy');
}