CHIEFSOFT\ameye
103 lines
4.0 KiB
PHP
103 lines
4.0 KiB
PHP
<?php
|
|
/**
|
|
* @file classes/security/authorization/internal/SubmissionFileRequestedRevisionRequiredPolicy.php
|
|
*
|
|
* Copyright (c) 2014-2021 Simon Fraser University
|
|
* Copyright (c) 2000-2021 John Willinsky
|
|
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
|
|
*
|
|
* @class SubmissionFileRequestedRevisionRequiredPolicy
|
|
*
|
|
* @ingroup security_authorization_internal
|
|
*
|
|
* @brief Base Submission file policy to ensure we have a viewable file that is part of
|
|
* a review round with the requested revision decision.
|
|
*
|
|
*/
|
|
|
|
namespace PKP\security\authorization\internal;
|
|
|
|
use APP\core\Application;
|
|
use APP\decision\Decision;
|
|
use APP\facades\Repo;
|
|
use PKP\db\DAORegistry;
|
|
use PKP\security\authorization\AuthorizationPolicy;
|
|
use PKP\submission\reviewRound\ReviewRound;
|
|
use PKP\submission\reviewRound\ReviewRoundDAO;
|
|
use PKP\submissionFile\SubmissionFile;
|
|
|
|
class SubmissionFileRequestedRevisionRequiredPolicy extends SubmissionFileBaseAccessPolicy
|
|
{
|
|
//
|
|
// Implement template methods from AuthorizationPolicy
|
|
// Note: This class is subclassed in each Application, so that Policies have the opportunity to add
|
|
// constraints to the effect() method. See e.g. SubmissionFileRequestedRevisionRequiredPolicy.php in OMP.
|
|
//
|
|
/**
|
|
* @see AuthorizationPolicy::effect()
|
|
*/
|
|
public function effect()
|
|
{
|
|
$request = $this->getRequest();
|
|
$reviewRoundDao = DAORegistry::getDAO('ReviewRoundDAO'); /** @var ReviewRoundDAO $reviewRoundDao */
|
|
|
|
// Get the submission file.
|
|
$submissionFile = $this->getSubmissionFile($request);
|
|
if (!$submissionFile instanceof SubmissionFile) {
|
|
return AuthorizationPolicy::AUTHORIZATION_DENY;
|
|
}
|
|
|
|
// Make sure the file is part of a review round
|
|
// with a requested revision decision.
|
|
$reviewRound = $reviewRoundDao->getBySubmissionFileId($submissionFile->getId());
|
|
if (!$reviewRound instanceof ReviewRound) {
|
|
return AuthorizationPolicy::AUTHORIZATION_DENY;
|
|
}
|
|
$countRevisionDecisions = Repo::decision()->getCollector()
|
|
->filterBySubmissionIds([$submissionFile->getData('submissionId)')])
|
|
->filterByReviewRoundIds([$reviewRound->getId()])
|
|
->filterByDecisionTypes([Decision::PENDING_REVISIONS])
|
|
->getCount();
|
|
|
|
if (!$countRevisionDecisions) {
|
|
return AuthorizationPolicy::AUTHORIZATION_DENY;
|
|
}
|
|
|
|
// Make sure review round stage is the same of the current stage in request.
|
|
$stageId = $this->getAuthorizedContextObject(Application::ASSOC_TYPE_WORKFLOW_STAGE);
|
|
if ($reviewRound->getStageId() != $stageId) {
|
|
return AuthorizationPolicy::AUTHORIZATION_DENY;
|
|
}
|
|
|
|
// Make sure the file stage is SubmissionFile::SUBMISSION_FILE_REVIEW_REVISION.
|
|
if ($submissionFile->getData('fileStage') != SubmissionFile::SUBMISSION_FILE_REVIEW_REVISION) {
|
|
return AuthorizationPolicy::AUTHORIZATION_DENY;
|
|
}
|
|
|
|
$reviewRoundDao = DAORegistry::getDAO('ReviewRoundDAO'); /** @var ReviewRoundDAO $reviewRoundDao */
|
|
|
|
// Make sure that the last review round editor decision is request revisions.
|
|
$reviewRoundDecisions = Repo::decision()->getCollector()
|
|
->filterBySubmissionIds([$submissionFile->getData('submissionId')])
|
|
->filterByStageIds([$reviewRound->getStageId()])
|
|
->filterByReviewRoundIds([$reviewRound->getId()])
|
|
->getMany();
|
|
|
|
if ($reviewRoundDecisions->isEmpty()) {
|
|
return AuthorizationPolicy::AUTHORIZATION_DENY;
|
|
}
|
|
|
|
$lastEditorDecision = $reviewRoundDecisions->last();
|
|
if ($lastEditorDecision->getData('decision') != Decision::PENDING_REVISIONS) {
|
|
return AuthorizationPolicy::AUTHORIZATION_DENY;
|
|
}
|
|
|
|
// Made it through -- permit access.
|
|
return AuthorizationPolicy::AUTHORIZATION_PERMIT;
|
|
}
|
|
}
|
|
|
|
if (!PKP_STRICT_MODE) {
|
|
class_alias('\PKP\security\authorization\internal\SubmissionFileRequestedRevisionRequiredPolicy', '\SubmissionFileRequestedRevisionRequiredPolicy');
|
|
}
|