CHIEFSOFT\ameye
96 lines
2.4 KiB
PHP
96 lines
2.4 KiB
PHP
<?php
|
|
/**
|
|
* @file classes/security/authorization/HandlerOperationPolicy.php
|
|
*
|
|
* Copyright (c) 2014-2021 Simon Fraser University
|
|
* Copyright (c) 2000-2021 John Willinsky
|
|
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
|
|
*
|
|
* @class HandlerOperationPolicy
|
|
*
|
|
* @ingroup security_authorization
|
|
*
|
|
* @brief Abstract base class that provides infrastructure
|
|
* to control access to handler operations.
|
|
*/
|
|
|
|
namespace PKP\security\authorization;
|
|
|
|
class HandlerOperationPolicy extends AuthorizationPolicy
|
|
{
|
|
/** @var \PKP\core\PKPRequest */
|
|
public $_request;
|
|
|
|
/** @var array the target operations */
|
|
public $_operations = [];
|
|
|
|
/**
|
|
* Constructor
|
|
*
|
|
* @param \PKP\core\PKPRequest $request
|
|
* @param array|string $operations either a single operation or a list of operations that
|
|
* this policy is targeting.
|
|
* @param string $message a message to be displayed if the authorization fails
|
|
*/
|
|
public function __construct($request, $operations, $message = null)
|
|
{
|
|
parent::__construct($message);
|
|
$this->_request = & $request;
|
|
|
|
// Make sure a single operation doesn't have to
|
|
// be passed in as an array.
|
|
assert(is_string($operations) || is_array($operations));
|
|
if (!is_array($operations)) {
|
|
$operations = [$operations];
|
|
}
|
|
$this->_operations = $operations;
|
|
}
|
|
|
|
|
|
//
|
|
// Setters and Getters
|
|
//
|
|
/**
|
|
* Return the request.
|
|
*
|
|
* @return \PKP\core\PKPRequest
|
|
*/
|
|
public function &getRequest()
|
|
{
|
|
return $this->_request;
|
|
}
|
|
|
|
/**
|
|
* Return the operations whitelist.
|
|
*
|
|
* @return array
|
|
*/
|
|
public function getOperations()
|
|
{
|
|
return $this->_operations;
|
|
}
|
|
|
|
|
|
//
|
|
// Private helper methods
|
|
//
|
|
/**
|
|
* Check whether the requested operation is on
|
|
* the list of permitted operations.
|
|
*
|
|
* @return bool
|
|
*/
|
|
public function _checkOperationWhitelist()
|
|
{
|
|
// Only permit if the requested operation has been whitelisted.
|
|
$router = $this->_request->getRouter();
|
|
$requestedOperation = $router->getRequestedOp($this->_request);
|
|
assert(!empty($requestedOperation));
|
|
return in_array($requestedOperation, $this->_operations);
|
|
}
|
|
}
|
|
|
|
if (!PKP_STRICT_MODE) {
|
|
class_alias('\PKP\security\authorization\HandlerOperationPolicy', '\HandlerOperationPolicy');
|
|
}
|