当前位置: 首页>>代码示例>>PHP>>正文


PHP PolicySet::addPolicy方法代码示例

本文整理汇总了PHP中PolicySet::addPolicy方法的典型用法代码示例。如果您正苦于以下问题:PHP PolicySet::addPolicy方法的具体用法?PHP PolicySet::addPolicy怎么用?PHP PolicySet::addPolicy使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在PolicySet的用法示例。


在下文中一共展示了PolicySet::addPolicy方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: buildSubmissionAccessPolicy

 /**
  *
  * @param PKPRequest $request
  * @param array $args
  * @param array $roleAssignments
  * @param string $submissionParameterName
  */
 function buildSubmissionAccessPolicy($request, $args, $roleAssignments, $submissionParameterName)
 {
     // We need a submission in the request.
     import('lib.pkp.classes.security.authorization.internal.SubmissionRequiredPolicy');
     $this->addPolicy(new SubmissionRequiredPolicy($request, $args, $submissionParameterName));
     // Authors, managers and series editors potentially have
     // access to submissions. We'll have to define differentiated
     // policies for those roles in a policy set.
     $submissionAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     //
     // Managerial role
     //
     if (isset($roleAssignments[ROLE_ID_MANAGER])) {
         // Managers have access to all submissions.
         $submissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_MANAGER, $roleAssignments[ROLE_ID_MANAGER]));
     }
     //
     // Author role
     //
     if (isset($roleAssignments[ROLE_ID_AUTHOR])) {
         // 1) Author role user groups can access whitelisted operations ...
         $authorSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
         $authorSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_AUTHOR, $roleAssignments[ROLE_ID_AUTHOR], 'user.authorization.authorRoleMissing'));
         // 2) ... if they meet one of the following requirements:
         $authorSubmissionAccessOptionsPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
         // 2a) ...the requested submission is their own ...
         import('lib.pkp.classes.security.authorization.internal.SubmissionAuthorPolicy');
         $authorSubmissionAccessOptionsPolicy->addPolicy(new SubmissionAuthorPolicy($request));
         // 2b) ...OR, at least one workflow stage has been assigned to them in the requested submission.
         import('classes.security.authorization.internal.UserAccessibleWorkflowStageRequiredPolicy');
         $authorSubmissionAccessOptionsPolicy->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request));
         $authorSubmissionAccessPolicy->addPolicy($authorSubmissionAccessOptionsPolicy);
         $submissionAccessPolicy->addPolicy($authorSubmissionAccessPolicy);
     }
     //
     // Reviewer role
     //
     if (isset($roleAssignments[ROLE_ID_REVIEWER])) {
         // 1) Reviewers can access whitelisted operations ...
         $reviewerSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
         $reviewerSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_REVIEWER, $roleAssignments[ROLE_ID_REVIEWER]));
         // 2) ... but only if they have been assigned to the submission as reviewers.
         import('lib.pkp.classes.security.authorization.internal.ReviewAssignmentAccessPolicy');
         $reviewerSubmissionAccessPolicy->addPolicy(new ReviewAssignmentAccessPolicy($request));
         $submissionAccessPolicy->addPolicy($reviewerSubmissionAccessPolicy);
     }
     //
     // Assistant role
     //
     if (isset($roleAssignments[ROLE_ID_ASSISTANT])) {
         // 1) Assistants can access whitelisted operations ...
         $contextSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
         $contextSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_ASSISTANT, $roleAssignments[ROLE_ID_ASSISTANT]));
         // 2) ... but only if they have been assigned to the submission workflow.
         import('classes.security.authorization.internal.UserAccessibleWorkflowStageRequiredPolicy');
         $contextSubmissionAccessPolicy->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request));
         $submissionAccessPolicy->addPolicy($contextSubmissionAccessPolicy);
     }
     return $submissionAccessPolicy;
 }
开发者ID:energylevels,项目名称:pkp-lib,代码行数:67,代码来源:PKPSubmissionAccessPolicy.inc.php

示例2: addPolicy

 /**
  * Add a new policy to the Resource
  *
  * @param Policy $policy Policy instance
  *
  * @return \Xacmlphp\Resource instance
  */
 public function addPolicy(Policy $policy)
 {
     if ($this->policySet === null) {
         $this->policySet = new PolicySet();
     }
     $this->policySet->addPolicy($policy);
     return $this;
 }
开发者ID:sdvincent,项目名称:xacmlAuthProject,代码行数:15,代码来源:Resource.php

示例3: buildSignoffAccessPolicy

 /**
  *
  * @param PKPRequest $request
  * @param array $args
  * @param array $roleAssignments
  * @param $mode int bitfield SIGNOFF_ACCESS_...
  * @param $stageId int
  */
 function buildSignoffAccessPolicy($request, $args, $roleAssignments, $mode, $stageId)
 {
     // We need a submission matching the file in the request.
     import('lib.pkp.classes.security.authorization.internal.SignoffExistsAccessPolicy');
     $this->addPolicy(new SignoffExistsAccessPolicy($request, $args));
     // We need a valid workflow stage.
     import('lib.pkp.classes.security.authorization.internal.WorkflowStageRequiredPolicy');
     $this->addPolicy(new WorkflowStageRequiredPolicy($stageId));
     // Authors, context managers and sub editors potentially have
     // access to signoffs. We'll have to define
     // differentiated policies for those roles in a policy set.
     $signoffAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     //
     // Managerial role
     //
     if (isset($roleAssignments[ROLE_ID_MANAGER])) {
         // Managers have all access to all signoffs.
         $signoffAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_MANAGER, $roleAssignments[ROLE_ID_MANAGER]));
     }
     //
     // Assistants
     //
     if (isset($roleAssignments[ROLE_ID_ASSISTANT])) {
         // 1) Assistants can access all operations on signoffs...
         $assistantSignoffAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
         $assistantSignoffAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_ASSISTANT, $roleAssignments[ROLE_ID_ASSISTANT]));
         // 2) ... but only if they have access to the workflow stage.
         import('classes.security.authorization.WorkflowStageAccessPolicy');
         // pulled from context-specific class path.
         $assistantSignoffAccessPolicy->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId));
         $signoffAccessPolicy->addPolicy($assistantSignoffAccessPolicy);
     }
     //
     // Authors
     //
     if (isset($roleAssignments[ROLE_ID_AUTHOR])) {
         if ($mode & SIGNOFF_ACCESS_READ) {
             // 1) Authors can access read operations on signoffs...
             $authorSignoffAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
             $authorSignoffAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_AUTHOR, $roleAssignments[ROLE_ID_AUTHOR]));
             // 2) ... but only if they are assigned to the workflow stage as an stage participant.
             import('classes.security.authorization.WorkflowStageAccessPolicy');
             $authorSignoffAccessPolicy->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId));
             $signoffAccessPolicy->addPolicy($authorSignoffAccessPolicy);
         }
     }
     //
     // User owns the signoff (all roles): permit
     //
     import('lib.pkp.classes.security.authorization.internal.SignoffAssignedToUserAccessPolicy');
     $userOwnsSignoffPolicy = new SignoffAssignedToUserAccessPolicy($request);
     $signoffAccessPolicy->addPolicy($userOwnsSignoffPolicy);
     $this->addPolicy($signoffAccessPolicy);
     return $signoffAccessPolicy;
 }
开发者ID:doana,项目名称:pkp-lib,代码行数:63,代码来源:PKPSignoffAccessPolicy.inc.php

示例4: OmpSubmissionAccessPolicy

 /**
  * Constructor
  * @param $request PKPRequest
  * @param $args array request parameters
  * @param $roleAssignments array
  * @param $submissionParameterName string the request parameter we expect
  *  the submission id in.
  */
 function OmpSubmissionAccessPolicy(&$request, $args, $roleAssignments, $submissionParameterName = 'monographId')
 {
     parent::PressPolicy($request);
     // We need a submission in the request.
     import('classes.security.authorization.internal.MonographRequiredPolicy');
     $this->addPolicy(new MonographRequiredPolicy($request, $args, $submissionParameterName));
     // Authors, press managers and series editors potentially have access
     // to submissions. We'll have to define differentiated policies for those
     // roles in a policy set.
     $submissionAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     //
     // Managerial role
     //
     if (isset($roleAssignments[ROLE_ID_PRESS_MANAGER])) {
         // Press managers have access to all submissions.
         $submissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_PRESS_MANAGER, $roleAssignments[ROLE_ID_PRESS_MANAGER]));
     }
     //
     // Series editor role
     //
     if (isset($roleAssignments[ROLE_ID_SERIES_EDITOR])) {
         // 1) Series editors can access all operations on submissions ...
         $seriesEditorSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
         $seriesEditorSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SERIES_EDITOR, $roleAssignments[ROLE_ID_SERIES_EDITOR]));
         // 2) ... but only if the requested submission is part of their series.
         import('classes.security.authorization.internal.SeriesAssignmentPolicy');
         $seriesEditorSubmissionAccessPolicy->addPolicy(new SeriesAssignmentPolicy($request));
         $submissionAccessPolicy->addPolicy($seriesEditorSubmissionAccessPolicy);
     }
     //
     // Author role
     //
     if (isset($roleAssignments[ROLE_ID_AUTHOR])) {
         // 1) Author role user groups can access whitelisted operations ...
         $authorSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
         $authorSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_AUTHOR, $roleAssignments[ROLE_ID_AUTHOR]));
         // 2) ... if the requested submission is their own ...
         import('classes.security.authorization.internal.MonographAuthorPolicy');
         $authorSubmissionAccessPolicy->addPolicy(new MonographAuthorPolicy($request));
         $submissionAccessPolicy->addPolicy($authorSubmissionAccessPolicy);
     }
     //
     // Reviewer role
     //
     if (isset($roleAssignments[ROLE_ID_REVIEWER])) {
         // 1) Reviewers can access whitelisted operations ...
         $reviewerSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
         $reviewerSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_REVIEWER, $roleAssignments[ROLE_ID_REVIEWER]));
         // 2) ... but only if they have been assigned to the submission as reviewers.
         import('classes.security.authorization.internal.ReviewAssignmentAccessPolicy');
         $reviewerSubmissionAccessPolicy->addPolicy(new ReviewAssignmentAccessPolicy($request));
         $submissionAccessPolicy->addPolicy($reviewerSubmissionAccessPolicy);
     }
     $this->addPolicy($submissionAccessPolicy);
 }
开发者ID:jerico-dev,项目名称:omp,代码行数:63,代码来源:OmpSubmissionAccessPolicy.inc.php

示例5: testRoleAuthorization

 /**
  * @covers RoleBasedHandlerOperationPolicy
  */
 public function testRoleAuthorization()
 {
     // Construct the user roles array.
     $userRoles = array(ROLE_ID_SITE_ADMIN, ROLE_ID_TEST);
     // Test the user-group/role policy with a default
     // authorized request.
     $request = $this->getMockRequest('permittedOperation');
     $rolePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     $rolePolicy->addPolicy($this->getAuthorizationContextManipulationPolicy());
     $rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, array(ROLE_ID_TEST), 'permittedOperation'));
     $decisionManager = new AuthorizationDecisionManager();
     $decisionManager->addPolicy($rolePolicy);
     self::assertEquals(AUTHORIZATION_PERMIT, $decisionManager->decide());
     // Test the user-group/role policy with a non-authorized role.
     $rolePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     $rolePolicy->addPolicy($this->getAuthorizationContextManipulationPolicy());
     $rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_NON_AUTHORIZED, 'permittedOperation'));
     $decisionManager = new AuthorizationDecisionManager();
     $decisionManager->addPolicy($rolePolicy);
     self::assertEquals(AUTHORIZATION_DENY, $decisionManager->decide());
     // Test the policy with an authorized role but a non-authorized operation.
     $request = $this->getMockRequest('privateOperation');
     $rolePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     $rolePolicy->addPolicy($this->getAuthorizationContextManipulationPolicy());
     $rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SITE_ADMIN, 'permittedOperation'));
     $decisionManager = new AuthorizationDecisionManager();
     $decisionManager->addPolicy($rolePolicy);
     self::assertEquals(AUTHORIZATION_DENY, $decisionManager->decide());
     // Test the policy with an authorized role and a
     // non-authorized operation but bypass the the operation check.
     // FIXME: Remove the "bypass operation check" code once we've removed the
     // HandlerValidatorRole compatibility class, see #5868.
     $rolePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     $rolePolicy->addPolicy($this->getAuthorizationContextManipulationPolicy());
     $rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SITE_ADMIN, array(), 'some.message', false, true));
     $decisionManager = new AuthorizationDecisionManager();
     $decisionManager->addPolicy($rolePolicy);
     self::assertEquals(AUTHORIZATION_PERMIT, $decisionManager->decide());
     // Test the "all roles must match" feature.
     $request = $this->getMockRequest('permittedOperation');
     $rolePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     $rolePolicy->addPolicy($this->getAuthorizationContextManipulationPolicy());
     $rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, array(ROLE_ID_SITE_ADMIN, ROLE_ID_TEST), 'permittedOperation', 'some.message', true, false));
     $decisionManager = new AuthorizationDecisionManager();
     $decisionManager->addPolicy($rolePolicy);
     self::assertEquals(AUTHORIZATION_PERMIT, $decisionManager->decide());
     // Test again the "all roles must match" feature but this time
     // with one role not matching.
     $rolePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     $rolePolicy->addPolicy($this->getAuthorizationContextManipulationPolicy());
     $rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, array(ROLE_ID_TEST, ROLE_ID_SITE_ADMIN, ROLE_ID_NON_AUTHORIZED), 'permittedOperation', 'some.message', true, false));
     $decisionManager = new AuthorizationDecisionManager();
     $decisionManager->addPolicy($rolePolicy);
     self::assertEquals(AUTHORIZATION_DENY, $decisionManager->decide());
 }
开发者ID:doana,项目名称:pkp-lib,代码行数:58,代码来源:RoleBasedHandlerOperationPolicyTest.php

示例6: OjsAuthorDashboardAccessPolicy

 /**
  * Constructor
  * @param $request PKPRequest
  * @param $args array request arguments
  * @param $roleAssignments array
  */
 function OjsAuthorDashboardAccessPolicy($request, &$args, $roleAssignments)
 {
     parent::ContextPolicy($request);
     $authorDashboardPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     // AuthorDashboard requires a valid monograph in request.
     import('classes.security.authorization.SubmissionAccessPolicy');
     $authorDashboardPolicy->addPolicy(new SubmissionAccessPolicy($request, $args, $roleAssignments), true);
     // Check if the user has an stage assignment with the monograph in request.
     // Any workflow stage assignment is suficient to access the author dashboard.
     import('classes.security.authorization.internal.UserAccessibleWorkflowStageRequiredPolicy');
     $authorDashboardPolicy->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request));
     $this->addPolicy($authorDashboardPolicy);
 }
开发者ID:laelnasan,项目名称:UTFPR-ojs,代码行数:19,代码来源:OjsAuthorDashboardAccessPolicy.inc.php

示例7: PKPSiteAccessPolicy

 /**
  * Constructor
  *
  * @param $request PKPRequest
  * @param $operations array|string either a single operation or a list of operations that
  *  this policy is targeting.
  * @param $roleAssignments array|int Either an array of role -> operation assignments or the constant SITE_ACCESS_ALL_ROLES
  * @param $message string a message to be displayed if the authorization fails
  */
 function PKPSiteAccessPolicy(&$request, $operations, $roleAssignments, $message = 'user.authorization.loginRequired')
 {
     parent::PolicySet();
     $siteRolePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     if (is_array($roleAssignments)) {
         import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
         foreach ($roleAssignments as $role => $operations) {
             $siteRolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $role, $operations));
         }
     } elseif ($roleAssignments == SITE_ACCESS_ALL_ROLES) {
         import('lib.pkp.classes.security.authorization.PKPPublicAccessPolicy');
         $siteRolePolicy->addPolicy(new PKPPublicAccessPolicy($request, $operations));
     }
     $this->addPolicy($siteRolePolicy);
 }
开发者ID:ramonsodoma,项目名称:pkp-lib,代码行数:24,代码来源:PKPSiteAccessPolicy.inc.php

示例8: testPolicySet

 /**
  * @covers PolicySet
  */
 public function testPolicySet()
 {
     // Test combining algorithm and default effect.
     $policySet = new PolicySet();
     self::assertEquals(COMBINING_DENY_OVERRIDES, $policySet->getCombiningAlgorithm());
     self::assertEquals(AUTHORIZATION_DENY, $policySet->getEffectIfNoPolicyApplies());
     $policySet = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     $policySet->setEffectIfNoPolicyApplies(AUTHORIZATION_PERMIT);
     self::assertEquals(COMBINING_PERMIT_OVERRIDES, $policySet->getCombiningAlgorithm());
     self::assertEquals(AUTHORIZATION_PERMIT, $policySet->getEffectIfNoPolicyApplies());
     // Test adding policies.
     $policySet->addPolicy($policy1 = new AuthorizationPolicy('policy1'));
     $policySet->addPolicy($policy2 = new AuthorizationPolicy('policy2'));
     $policySet->addPolicy($policy3 = new AuthorizationPolicy('policy3'), $addToTop = true);
     self::assertEquals(array($policy3, $policy1, $policy2), $policySet->getPolicies());
 }
开发者ID:mczirfusz,项目名称:pkp-lib,代码行数:19,代码来源:PolicySetTest.php

示例9: authorize

 function authorize($request, &$args, $roleAssignments)
 {
     $fileIds = $request->getUserVar('filesIdsAndRevisions');
     $libraryFileId = $request->getUserVar('libraryFileId');
     if (is_string($fileIds)) {
         $fileIdsArray = explode(';', $fileIds);
         // Remove empty entries (a trailing ";" will cause these)
         $fileIdsArray = array_filter($fileIdsArray, create_function('$a', 'return !empty($a);'));
     }
     if (!empty($fileIdsArray)) {
         $multipleSubmissionFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
         foreach ($fileIdsArray as $fileIdAndRevision) {
             $multipleSubmissionFileAccessPolicy->addPolicy($this->_getAccessPolicy($request, $args, $roleAssignments, $fileIdAndRevision));
         }
         $this->addPolicy($multipleSubmissionFileAccessPolicy);
     } else {
         if (is_numeric($libraryFileId)) {
             import('lib.pkp.classes.security.authorization.ContextAccessPolicy');
             $this->addPolicy(new ContextAccessPolicy($request, $roleAssignments));
         } else {
             // IDs will be specified using the default parameters.
             $this->addPolicy($this->_getAccessPolicy($request, $args, $roleAssignments));
         }
     }
     return parent::authorize($request, $args, $roleAssignments);
 }
开发者ID:selwyntcy,项目名称:pkp-lib,代码行数:26,代码来源:FileApiHandler.inc.php

示例10: OjsSubmissionAccessPolicy

 /**
  * Constructor
  * @param $request PKPRequest
  * @param $args array
  * @param $roleAssignments array
  * @param $submissionParameterName string
  */
 function OjsSubmissionAccessPolicy(&$request, &$args, $roleAssignments, $submissionParameterName = 'articleId')
 {
     parent::JournalPolicy($request);
     // Create a "permit overrides" policy set that specifies
     // editor and copyeditor access to submissions.
     $submissionEditingPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     //
     // Editor roles (Editor and Section Editor) policy
     //
     $editorsPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     // Editorial components can only be called if there's a
     // valid section editor submission in the request.
     // FIXME: We should find a way to check whether the user actually
     // is a (section) editor before we execute this expensive policy.
     import('classes.security.authorization.internal.SectionEditorSubmissionRequiredPolicy');
     $editorsPolicy->addPolicy(new SectionEditorSubmissionRequiredPolicy($request, $args, $submissionParameterName));
     $editorRolesPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     // Editors can access all operations.
     $editorRolesPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_EDITOR, $roleAssignments[ROLE_ID_EDITOR]));
     // Section editors
     $sectionEditorPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     // 1) Section editors can access all remote operations ...
     $sectionEditorPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SECTION_EDITOR, $roleAssignments[ROLE_ID_SECTION_EDITOR]));
     // 2) ... but only if the requested submission has been explicitly assigned to them.
     import('classes.security.authorization.internal.SectionSubmissionAssignmentPolicy');
     $sectionEditorPolicy->addPolicy(new SectionSubmissionAssignmentPolicy($request));
     $editorRolesPolicy->addPolicy($sectionEditorPolicy);
     $editorsPolicy->addPolicy($editorRolesPolicy);
     $submissionEditingPolicy->addPolicy($editorsPolicy);
     //
     // Copyeditor policy
     //
     $copyeditorPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     // 1) Copyeditors can only access editorial components when a valid
     //    copyeditor submission is in the request ...
     import('classes.security.authorization.internal.CopyeditorSubmissionRequiredPolicy');
     $copyeditorPolicy->addPolicy(new CopyeditorSubmissionRequiredPolicy($request, $args, $submissionParameterName));
     // 2) ... If that's the case then copyeditors can access all remote operations ...
     $copyeditorPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_COPYEDITOR, $roleAssignments[ROLE_ID_SECTION_EDITOR]));
     // 3) ... but only if the requested submission has been explicitly assigned to them.
     import('classes.security.authorization.internal.CopyeditorSubmissionAssignmentPolicy');
     $copyeditorPolicy->addPolicy(new CopyeditorSubmissionAssignmentPolicy($request));
     $submissionEditingPolicy->addPolicy($copyeditorPolicy);
     // Add the submission editing policies to this policy set.
     $this->addPolicy($submissionEditingPolicy);
 }
开发者ID:yuricampos,项目名称:ojs,代码行数:53,代码来源:OjsSubmissionAccessPolicy.inc.php

示例11: SignoffAccessPolicy

 /**
  * Constructor
  * @param $request PKPRequest
  * @param $args array request parameters
  * @param $roleAssignments array
  * @param $mode int bitfield SIGNOFF_ACCESS_...
  * @param $stageId int
  */
 function SignoffAccessPolicy($request, $args, $roleAssignments, $mode, $stageId)
 {
     parent::PKPSignoffAccessPolicy($request, $args, $roleAssignments, $mode, $stageId);
     $signoffAccessPolicy = $this->_baseSignoffAccessPolicy;
     //
     // Series editor role
     //
     if (isset($roleAssignments[ROLE_ID_SUB_EDITOR])) {
         // 1) Section editors can access all operations on signoffs ...
         $sectionEditorFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
         $sectionEditorFileAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SUB_EDITOR, $roleAssignments[ROLE_ID_SUB_EDITOR]));
         // 2) ... but only if the requested signoff submission is part of their series.
         import('classes.security.authorization.internal.SectionAssignmentPolicy');
         $sectionEditorFileAccessPolicy->addPolicy(new SectionAssignmentPolicy($request));
         $signoffAccessPolicy->addPolicy($sectionEditorFileAccessPolicy);
     }
 }
开发者ID:jalperin,项目名称:ojs,代码行数:25,代码来源:SignoffAccessPolicy.inc.php

示例12: OmpPublishedMonographAccessPolicy

 /**
  * Constructor
  * @param $request PKPRequest
  * @param $args array request parameters
  * @param $roleAssignments array
  * @param $submissionParameterName string the request parameter we
  *  expect the submission id in.
  */
 function OmpPublishedMonographAccessPolicy($request, $args, $roleAssignments, $submissionParameterName = 'submissionId')
 {
     parent::ContextPolicy($request);
     // Access may be made either as a member of the public, or
     // via pre-publication access to editorial users.
     $monographAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     // Published monograph access for the public
     $publishedMonographAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
     import('lib.pkp.classes.security.authorization.internal.SubmissionRequiredPolicy');
     $publishedMonographAccessPolicy->addPolicy(new SubmissionRequiredPolicy($request, $args, $submissionParameterName));
     import('classes.security.authorization.internal.MonographPublishedPolicy');
     $publishedMonographAccessPolicy->addPolicy(new MonographPublishedPolicy($request));
     $monographAccessPolicy->addPolicy($publishedMonographAccessPolicy);
     // Pre-publication access for editorial roles
     import('classes.security.authorization.SubmissionAccessPolicy');
     $monographAccessPolicy->addPolicy(new SubmissionAccessPolicy($request, $args, array_intersect_key($roleAssignments, array(ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR)), $submissionParameterName));
     $this->addPolicy($monographAccessPolicy);
 }
开发者ID:austinvernsonger,项目名称:omp,代码行数:26,代码来源:OmpPublishedMonographAccessPolicy.inc.php

示例13: SubmissionFileAccessPolicy

 /**
  * Constructor
  * @param $request PKPRequest
  * @param $args array request parameters
  * @param $roleAssignments array
  * @param $mode int bitfield SUBMISSION_FILE_ACCESS_...
  * @param $fileIdAndRevision string
  * @param $submissionParameterName string the request parameter we expect
  *  the submission id in.
  */
 function SubmissionFileAccessPolicy($request, $args, $roleAssignments, $mode, $fileIdAndRevision = null, $submissionParameterName = 'submissionId')
 {
     parent::PKPSubmissionFileAccessPolicy($request, $args, $roleAssignments, $mode, $fileIdAndRevision, $submissionParameterName);
     $fileAccessPolicy = $this->_baseFileAccessPolicy;
     //
     // Series editor role
     //
     if (isset($roleAssignments[ROLE_ID_SUB_EDITOR])) {
         // 1) Series editors can access all operations on submissions ...
         $seriesEditorFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
         $seriesEditorFileAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SUB_EDITOR, $roleAssignments[ROLE_ID_SUB_EDITOR]));
         // 2) ... but only if the requested submission is part of their series.
         import('classes.security.authorization.internal.SeriesAssignmentPolicy');
         $seriesEditorFileAccessPolicy->addPolicy(new SeriesAssignmentPolicy($request));
         $fileAccessPolicy->addPolicy($seriesEditorFileAccessPolicy);
     }
     $this->addPolicy($fileAccessPolicy);
 }
开发者ID:austinvernsonger,项目名称:omp,代码行数:28,代码来源:SubmissionFileAccessPolicy.inc.php

示例14: ReviewStageAccessPolicy

 /**
  * Constructor
  * @param $request PKPRequest
  * @param $args array request arguments
  * @param $roleAssignments array
  * @param $submissionParameterName string
  * @param $stageId integer One of the WORKFLOW_STAGE_ID_* constants.
  */
 function ReviewStageAccessPolicy($request, &$args, $roleAssignments, $submissionParameterName = 'submissionId', $stageId)
 {
     parent::ContextPolicy($request);
     // Create a "permit overrides" policy set that specifies
     // role-specific access to submission stage operations.
     $workflowStagePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     // Add the workflow policy, for editorial / press roles
     import('lib.pkp.classes.security.authorization.WorkflowStageAccessPolicy');
     $workflowStagePolicy->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, $submissionParameterName, $stageId));
     if ($stageId == WORKFLOW_STAGE_ID_INTERNAL_REVIEW || $stageId == WORKFLOW_STAGE_ID_EXTERNAL_REVIEW) {
         // Add the submission policy, for reviewer roles
         import('lib.pkp.classes.security.authorization.SubmissionAccessPolicy');
         $submissionPolicy = new SubmissionAccessPolicy($request, $args, $roleAssignments, $submissionParameterName);
         $submissionPolicy->addPolicy(new WorkflowStageRequiredPolicy($stageId));
         $workflowStagePolicy->addPolicy($submissionPolicy);
     }
     // Add the role-specific policies to this policy set.
     $this->addPolicy($workflowStagePolicy);
 }
开发者ID:josekarvalho,项目名称:omp,代码行数:27,代码来源:ReviewStageAccessPolicy.inc.php

示例15: authorize

 /**
  * @copydoc PKPHandler::authorize()
  */
 function authorize($request, &$args, $roleAssignments)
 {
     import('lib.pkp.classes.security.authorization.PolicySet');
     $rolePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
     import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
     foreach ($roleAssignments as $role => $operations) {
         $rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $role, $operations));
     }
     $this->addPolicy($rolePolicy);
     return parent::authorize($request, $args, $roleAssignments);
 }
开发者ID:jprk,项目名称:pkp-lib,代码行数:14,代码来源:SystemInfoGridHandler.inc.php


注:本文中的PolicySet::addPolicy方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。