_request = $request; $this->_permitDeclined = $permitDeclined; } // // Implement template methods from AuthorizationPolicy // /** * @see AuthorizationPolicy::effect() */ public function effect() { // Get the user $user = $this->_request->getUser(); if (!$user instanceof User) { return AuthorizationPolicy::AUTHORIZATION_DENY; } // Get the submission $submission = $this->getAuthorizedContextObject(Application::ASSOC_TYPE_SUBMISSION); if (!$submission instanceof Submission) { return AuthorizationPolicy::AUTHORIZATION_DENY; } // Check if a review assignment exists between the submission and the user $reviewAssignmentDao = DAORegistry::getDAO('ReviewAssignmentDAO'); /** @var ReviewAssignmentDAO $reviewAssignmentDao */ $reviewAssignment = $reviewAssignmentDao->getLastReviewRoundReviewAssignmentByReviewer($submission->getId(), $user->getId()); // Ensure a valid review assignment was fetched from the database if (!($reviewAssignment instanceof \PKP\submission\reviewAssignment\ReviewAssignment)) { return AuthorizationPolicy::AUTHORIZATION_DENY; } // If the assignment has been cancelled, deny access. if ($reviewAssignment->getCancelled()) { return AuthorizationPolicy::AUTHORIZATION_DENY; } // Ensure that the assignment isn't declined, unless that's permitted if (!$this->_permitDeclined && $reviewAssignment->getDeclined()) { return AuthorizationPolicy::AUTHORIZATION_DENY; } // Save the review assignment to the authorization context. $this->addAuthorizedContextObject(Application::ASSOC_TYPE_REVIEW_ASSIGNMENT, $reviewAssignment); return AuthorizationPolicy::AUTHORIZATION_PERMIT; } } if (!PKP_STRICT_MODE) { class_alias('\PKP\security\authorization\internal\ReviewAssignmentAccessPolicy', '\ReviewAssignmentAccessPolicy'); }