本文整理汇总了PHP中PolicySet::addPolicy方法的典型用法代码示例。如果您正苦于以下问题:PHP PolicySet::addPolicy方法的具体用法?PHP PolicySet::addPolicy怎么用?PHP PolicySet::addPolicy使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类PolicySet
的用法示例。
在下文中一共展示了PolicySet::addPolicy方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: buildSubmissionAccessPolicy
/**
*
* @param PKPRequest $request
* @param array $args
* @param array $roleAssignments
* @param string $submissionParameterName
*/
function buildSubmissionAccessPolicy($request, $args, $roleAssignments, $submissionParameterName)
{
// We need a submission in the request.
import('lib.pkp.classes.security.authorization.internal.SubmissionRequiredPolicy');
$this->addPolicy(new SubmissionRequiredPolicy($request, $args, $submissionParameterName));
// Authors, managers and series editors potentially have
// access to submissions. We'll have to define differentiated
// policies for those roles in a policy set.
$submissionAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
//
// Managerial role
//
if (isset($roleAssignments[ROLE_ID_MANAGER])) {
// Managers have access to all submissions.
$submissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_MANAGER, $roleAssignments[ROLE_ID_MANAGER]));
}
//
// Author role
//
if (isset($roleAssignments[ROLE_ID_AUTHOR])) {
// 1) Author role user groups can access whitelisted operations ...
$authorSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$authorSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_AUTHOR, $roleAssignments[ROLE_ID_AUTHOR], 'user.authorization.authorRoleMissing'));
// 2) ... if they meet one of the following requirements:
$authorSubmissionAccessOptionsPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
// 2a) ...the requested submission is their own ...
import('lib.pkp.classes.security.authorization.internal.SubmissionAuthorPolicy');
$authorSubmissionAccessOptionsPolicy->addPolicy(new SubmissionAuthorPolicy($request));
// 2b) ...OR, at least one workflow stage has been assigned to them in the requested submission.
import('classes.security.authorization.internal.UserAccessibleWorkflowStageRequiredPolicy');
$authorSubmissionAccessOptionsPolicy->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request));
$authorSubmissionAccessPolicy->addPolicy($authorSubmissionAccessOptionsPolicy);
$submissionAccessPolicy->addPolicy($authorSubmissionAccessPolicy);
}
//
// Reviewer role
//
if (isset($roleAssignments[ROLE_ID_REVIEWER])) {
// 1) Reviewers can access whitelisted operations ...
$reviewerSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$reviewerSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_REVIEWER, $roleAssignments[ROLE_ID_REVIEWER]));
// 2) ... but only if they have been assigned to the submission as reviewers.
import('lib.pkp.classes.security.authorization.internal.ReviewAssignmentAccessPolicy');
$reviewerSubmissionAccessPolicy->addPolicy(new ReviewAssignmentAccessPolicy($request));
$submissionAccessPolicy->addPolicy($reviewerSubmissionAccessPolicy);
}
//
// Assistant role
//
if (isset($roleAssignments[ROLE_ID_ASSISTANT])) {
// 1) Assistants can access whitelisted operations ...
$contextSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$contextSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_ASSISTANT, $roleAssignments[ROLE_ID_ASSISTANT]));
// 2) ... but only if they have been assigned to the submission workflow.
import('classes.security.authorization.internal.UserAccessibleWorkflowStageRequiredPolicy');
$contextSubmissionAccessPolicy->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request));
$submissionAccessPolicy->addPolicy($contextSubmissionAccessPolicy);
}
return $submissionAccessPolicy;
}
示例2: addPolicy
/**
* Add a new policy to the Resource
*
* @param Policy $policy Policy instance
*
* @return \Xacmlphp\Resource instance
*/
public function addPolicy(Policy $policy)
{
if ($this->policySet === null) {
$this->policySet = new PolicySet();
}
$this->policySet->addPolicy($policy);
return $this;
}
示例3: buildSignoffAccessPolicy
/**
*
* @param PKPRequest $request
* @param array $args
* @param array $roleAssignments
* @param $mode int bitfield SIGNOFF_ACCESS_...
* @param $stageId int
*/
function buildSignoffAccessPolicy($request, $args, $roleAssignments, $mode, $stageId)
{
// We need a submission matching the file in the request.
import('lib.pkp.classes.security.authorization.internal.SignoffExistsAccessPolicy');
$this->addPolicy(new SignoffExistsAccessPolicy($request, $args));
// We need a valid workflow stage.
import('lib.pkp.classes.security.authorization.internal.WorkflowStageRequiredPolicy');
$this->addPolicy(new WorkflowStageRequiredPolicy($stageId));
// Authors, context managers and sub editors potentially have
// access to signoffs. We'll have to define
// differentiated policies for those roles in a policy set.
$signoffAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
//
// Managerial role
//
if (isset($roleAssignments[ROLE_ID_MANAGER])) {
// Managers have all access to all signoffs.
$signoffAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_MANAGER, $roleAssignments[ROLE_ID_MANAGER]));
}
//
// Assistants
//
if (isset($roleAssignments[ROLE_ID_ASSISTANT])) {
// 1) Assistants can access all operations on signoffs...
$assistantSignoffAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$assistantSignoffAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_ASSISTANT, $roleAssignments[ROLE_ID_ASSISTANT]));
// 2) ... but only if they have access to the workflow stage.
import('classes.security.authorization.WorkflowStageAccessPolicy');
// pulled from context-specific class path.
$assistantSignoffAccessPolicy->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId));
$signoffAccessPolicy->addPolicy($assistantSignoffAccessPolicy);
}
//
// Authors
//
if (isset($roleAssignments[ROLE_ID_AUTHOR])) {
if ($mode & SIGNOFF_ACCESS_READ) {
// 1) Authors can access read operations on signoffs...
$authorSignoffAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$authorSignoffAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_AUTHOR, $roleAssignments[ROLE_ID_AUTHOR]));
// 2) ... but only if they are assigned to the workflow stage as an stage participant.
import('classes.security.authorization.WorkflowStageAccessPolicy');
$authorSignoffAccessPolicy->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId));
$signoffAccessPolicy->addPolicy($authorSignoffAccessPolicy);
}
}
//
// User owns the signoff (all roles): permit
//
import('lib.pkp.classes.security.authorization.internal.SignoffAssignedToUserAccessPolicy');
$userOwnsSignoffPolicy = new SignoffAssignedToUserAccessPolicy($request);
$signoffAccessPolicy->addPolicy($userOwnsSignoffPolicy);
$this->addPolicy($signoffAccessPolicy);
return $signoffAccessPolicy;
}
示例4: OmpSubmissionAccessPolicy
/**
* Constructor
* @param $request PKPRequest
* @param $args array request parameters
* @param $roleAssignments array
* @param $submissionParameterName string the request parameter we expect
* the submission id in.
*/
function OmpSubmissionAccessPolicy(&$request, $args, $roleAssignments, $submissionParameterName = 'monographId')
{
parent::PressPolicy($request);
// We need a submission in the request.
import('classes.security.authorization.internal.MonographRequiredPolicy');
$this->addPolicy(new MonographRequiredPolicy($request, $args, $submissionParameterName));
// Authors, press managers and series editors potentially have access
// to submissions. We'll have to define differentiated policies for those
// roles in a policy set.
$submissionAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
//
// Managerial role
//
if (isset($roleAssignments[ROLE_ID_PRESS_MANAGER])) {
// Press managers have access to all submissions.
$submissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_PRESS_MANAGER, $roleAssignments[ROLE_ID_PRESS_MANAGER]));
}
//
// Series editor role
//
if (isset($roleAssignments[ROLE_ID_SERIES_EDITOR])) {
// 1) Series editors can access all operations on submissions ...
$seriesEditorSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$seriesEditorSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SERIES_EDITOR, $roleAssignments[ROLE_ID_SERIES_EDITOR]));
// 2) ... but only if the requested submission is part of their series.
import('classes.security.authorization.internal.SeriesAssignmentPolicy');
$seriesEditorSubmissionAccessPolicy->addPolicy(new SeriesAssignmentPolicy($request));
$submissionAccessPolicy->addPolicy($seriesEditorSubmissionAccessPolicy);
}
//
// Author role
//
if (isset($roleAssignments[ROLE_ID_AUTHOR])) {
// 1) Author role user groups can access whitelisted operations ...
$authorSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$authorSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_AUTHOR, $roleAssignments[ROLE_ID_AUTHOR]));
// 2) ... if the requested submission is their own ...
import('classes.security.authorization.internal.MonographAuthorPolicy');
$authorSubmissionAccessPolicy->addPolicy(new MonographAuthorPolicy($request));
$submissionAccessPolicy->addPolicy($authorSubmissionAccessPolicy);
}
//
// Reviewer role
//
if (isset($roleAssignments[ROLE_ID_REVIEWER])) {
// 1) Reviewers can access whitelisted operations ...
$reviewerSubmissionAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$reviewerSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_REVIEWER, $roleAssignments[ROLE_ID_REVIEWER]));
// 2) ... but only if they have been assigned to the submission as reviewers.
import('classes.security.authorization.internal.ReviewAssignmentAccessPolicy');
$reviewerSubmissionAccessPolicy->addPolicy(new ReviewAssignmentAccessPolicy($request));
$submissionAccessPolicy->addPolicy($reviewerSubmissionAccessPolicy);
}
$this->addPolicy($submissionAccessPolicy);
}
示例5: testRoleAuthorization
/**
* @covers RoleBasedHandlerOperationPolicy
*/
public function testRoleAuthorization()
{
// Construct the user roles array.
$userRoles = array(ROLE_ID_SITE_ADMIN, ROLE_ID_TEST);
// Test the user-group/role policy with a default
// authorized request.
$request = $this->getMockRequest('permittedOperation');
$rolePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$rolePolicy->addPolicy($this->getAuthorizationContextManipulationPolicy());
$rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, array(ROLE_ID_TEST), 'permittedOperation'));
$decisionManager = new AuthorizationDecisionManager();
$decisionManager->addPolicy($rolePolicy);
self::assertEquals(AUTHORIZATION_PERMIT, $decisionManager->decide());
// Test the user-group/role policy with a non-authorized role.
$rolePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$rolePolicy->addPolicy($this->getAuthorizationContextManipulationPolicy());
$rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_NON_AUTHORIZED, 'permittedOperation'));
$decisionManager = new AuthorizationDecisionManager();
$decisionManager->addPolicy($rolePolicy);
self::assertEquals(AUTHORIZATION_DENY, $decisionManager->decide());
// Test the policy with an authorized role but a non-authorized operation.
$request = $this->getMockRequest('privateOperation');
$rolePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$rolePolicy->addPolicy($this->getAuthorizationContextManipulationPolicy());
$rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SITE_ADMIN, 'permittedOperation'));
$decisionManager = new AuthorizationDecisionManager();
$decisionManager->addPolicy($rolePolicy);
self::assertEquals(AUTHORIZATION_DENY, $decisionManager->decide());
// Test the policy with an authorized role and a
// non-authorized operation but bypass the the operation check.
// FIXME: Remove the "bypass operation check" code once we've removed the
// HandlerValidatorRole compatibility class, see #5868.
$rolePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$rolePolicy->addPolicy($this->getAuthorizationContextManipulationPolicy());
$rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SITE_ADMIN, array(), 'some.message', false, true));
$decisionManager = new AuthorizationDecisionManager();
$decisionManager->addPolicy($rolePolicy);
self::assertEquals(AUTHORIZATION_PERMIT, $decisionManager->decide());
// Test the "all roles must match" feature.
$request = $this->getMockRequest('permittedOperation');
$rolePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$rolePolicy->addPolicy($this->getAuthorizationContextManipulationPolicy());
$rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, array(ROLE_ID_SITE_ADMIN, ROLE_ID_TEST), 'permittedOperation', 'some.message', true, false));
$decisionManager = new AuthorizationDecisionManager();
$decisionManager->addPolicy($rolePolicy);
self::assertEquals(AUTHORIZATION_PERMIT, $decisionManager->decide());
// Test again the "all roles must match" feature but this time
// with one role not matching.
$rolePolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$rolePolicy->addPolicy($this->getAuthorizationContextManipulationPolicy());
$rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, array(ROLE_ID_TEST, ROLE_ID_SITE_ADMIN, ROLE_ID_NON_AUTHORIZED), 'permittedOperation', 'some.message', true, false));
$decisionManager = new AuthorizationDecisionManager();
$decisionManager->addPolicy($rolePolicy);
self::assertEquals(AUTHORIZATION_DENY, $decisionManager->decide());
}
示例6: OjsAuthorDashboardAccessPolicy
/**
* Constructor
* @param $request PKPRequest
* @param $args array request arguments
* @param $roleAssignments array
*/
function OjsAuthorDashboardAccessPolicy($request, &$args, $roleAssignments)
{
parent::ContextPolicy($request);
$authorDashboardPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
// AuthorDashboard requires a valid monograph in request.
import('classes.security.authorization.SubmissionAccessPolicy');
$authorDashboardPolicy->addPolicy(new SubmissionAccessPolicy($request, $args, $roleAssignments), true);
// Check if the user has an stage assignment with the monograph in request.
// Any workflow stage assignment is suficient to access the author dashboard.
import('classes.security.authorization.internal.UserAccessibleWorkflowStageRequiredPolicy');
$authorDashboardPolicy->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request));
$this->addPolicy($authorDashboardPolicy);
}
示例7: PKPSiteAccessPolicy
/**
* Constructor
*
* @param $request PKPRequest
* @param $operations array|string either a single operation or a list of operations that
* this policy is targeting.
* @param $roleAssignments array|int Either an array of role -> operation assignments or the constant SITE_ACCESS_ALL_ROLES
* @param $message string a message to be displayed if the authorization fails
*/
function PKPSiteAccessPolicy(&$request, $operations, $roleAssignments, $message = 'user.authorization.loginRequired')
{
parent::PolicySet();
$siteRolePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
if (is_array($roleAssignments)) {
import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
foreach ($roleAssignments as $role => $operations) {
$siteRolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $role, $operations));
}
} elseif ($roleAssignments == SITE_ACCESS_ALL_ROLES) {
import('lib.pkp.classes.security.authorization.PKPPublicAccessPolicy');
$siteRolePolicy->addPolicy(new PKPPublicAccessPolicy($request, $operations));
}
$this->addPolicy($siteRolePolicy);
}
示例8: testPolicySet
/**
* @covers PolicySet
*/
public function testPolicySet()
{
// Test combining algorithm and default effect.
$policySet = new PolicySet();
self::assertEquals(COMBINING_DENY_OVERRIDES, $policySet->getCombiningAlgorithm());
self::assertEquals(AUTHORIZATION_DENY, $policySet->getEffectIfNoPolicyApplies());
$policySet = new PolicySet(COMBINING_PERMIT_OVERRIDES);
$policySet->setEffectIfNoPolicyApplies(AUTHORIZATION_PERMIT);
self::assertEquals(COMBINING_PERMIT_OVERRIDES, $policySet->getCombiningAlgorithm());
self::assertEquals(AUTHORIZATION_PERMIT, $policySet->getEffectIfNoPolicyApplies());
// Test adding policies.
$policySet->addPolicy($policy1 = new AuthorizationPolicy('policy1'));
$policySet->addPolicy($policy2 = new AuthorizationPolicy('policy2'));
$policySet->addPolicy($policy3 = new AuthorizationPolicy('policy3'), $addToTop = true);
self::assertEquals(array($policy3, $policy1, $policy2), $policySet->getPolicies());
}
示例9: authorize
function authorize($request, &$args, $roleAssignments)
{
$fileIds = $request->getUserVar('filesIdsAndRevisions');
$libraryFileId = $request->getUserVar('libraryFileId');
if (is_string($fileIds)) {
$fileIdsArray = explode(';', $fileIds);
// Remove empty entries (a trailing ";" will cause these)
$fileIdsArray = array_filter($fileIdsArray, create_function('$a', 'return !empty($a);'));
}
if (!empty($fileIdsArray)) {
$multipleSubmissionFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
foreach ($fileIdsArray as $fileIdAndRevision) {
$multipleSubmissionFileAccessPolicy->addPolicy($this->_getAccessPolicy($request, $args, $roleAssignments, $fileIdAndRevision));
}
$this->addPolicy($multipleSubmissionFileAccessPolicy);
} else {
if (is_numeric($libraryFileId)) {
import('lib.pkp.classes.security.authorization.ContextAccessPolicy');
$this->addPolicy(new ContextAccessPolicy($request, $roleAssignments));
} else {
// IDs will be specified using the default parameters.
$this->addPolicy($this->_getAccessPolicy($request, $args, $roleAssignments));
}
}
return parent::authorize($request, $args, $roleAssignments);
}
示例10: OjsSubmissionAccessPolicy
/**
* Constructor
* @param $request PKPRequest
* @param $args array
* @param $roleAssignments array
* @param $submissionParameterName string
*/
function OjsSubmissionAccessPolicy(&$request, &$args, $roleAssignments, $submissionParameterName = 'articleId')
{
parent::JournalPolicy($request);
// Create a "permit overrides" policy set that specifies
// editor and copyeditor access to submissions.
$submissionEditingPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
//
// Editor roles (Editor and Section Editor) policy
//
$editorsPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
// Editorial components can only be called if there's a
// valid section editor submission in the request.
// FIXME: We should find a way to check whether the user actually
// is a (section) editor before we execute this expensive policy.
import('classes.security.authorization.internal.SectionEditorSubmissionRequiredPolicy');
$editorsPolicy->addPolicy(new SectionEditorSubmissionRequiredPolicy($request, $args, $submissionParameterName));
$editorRolesPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
// Editors can access all operations.
$editorRolesPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_EDITOR, $roleAssignments[ROLE_ID_EDITOR]));
// Section editors
$sectionEditorPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
// 1) Section editors can access all remote operations ...
$sectionEditorPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SECTION_EDITOR, $roleAssignments[ROLE_ID_SECTION_EDITOR]));
// 2) ... but only if the requested submission has been explicitly assigned to them.
import('classes.security.authorization.internal.SectionSubmissionAssignmentPolicy');
$sectionEditorPolicy->addPolicy(new SectionSubmissionAssignmentPolicy($request));
$editorRolesPolicy->addPolicy($sectionEditorPolicy);
$editorsPolicy->addPolicy($editorRolesPolicy);
$submissionEditingPolicy->addPolicy($editorsPolicy);
//
// Copyeditor policy
//
$copyeditorPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
// 1) Copyeditors can only access editorial components when a valid
// copyeditor submission is in the request ...
import('classes.security.authorization.internal.CopyeditorSubmissionRequiredPolicy');
$copyeditorPolicy->addPolicy(new CopyeditorSubmissionRequiredPolicy($request, $args, $submissionParameterName));
// 2) ... If that's the case then copyeditors can access all remote operations ...
$copyeditorPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_COPYEDITOR, $roleAssignments[ROLE_ID_SECTION_EDITOR]));
// 3) ... but only if the requested submission has been explicitly assigned to them.
import('classes.security.authorization.internal.CopyeditorSubmissionAssignmentPolicy');
$copyeditorPolicy->addPolicy(new CopyeditorSubmissionAssignmentPolicy($request));
$submissionEditingPolicy->addPolicy($copyeditorPolicy);
// Add the submission editing policies to this policy set.
$this->addPolicy($submissionEditingPolicy);
}
示例11: SignoffAccessPolicy
/**
* Constructor
* @param $request PKPRequest
* @param $args array request parameters
* @param $roleAssignments array
* @param $mode int bitfield SIGNOFF_ACCESS_...
* @param $stageId int
*/
function SignoffAccessPolicy($request, $args, $roleAssignments, $mode, $stageId)
{
parent::PKPSignoffAccessPolicy($request, $args, $roleAssignments, $mode, $stageId);
$signoffAccessPolicy = $this->_baseSignoffAccessPolicy;
//
// Series editor role
//
if (isset($roleAssignments[ROLE_ID_SUB_EDITOR])) {
// 1) Section editors can access all operations on signoffs ...
$sectionEditorFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$sectionEditorFileAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SUB_EDITOR, $roleAssignments[ROLE_ID_SUB_EDITOR]));
// 2) ... but only if the requested signoff submission is part of their series.
import('classes.security.authorization.internal.SectionAssignmentPolicy');
$sectionEditorFileAccessPolicy->addPolicy(new SectionAssignmentPolicy($request));
$signoffAccessPolicy->addPolicy($sectionEditorFileAccessPolicy);
}
}
示例12: OmpPublishedMonographAccessPolicy
/**
* Constructor
* @param $request PKPRequest
* @param $args array request parameters
* @param $roleAssignments array
* @param $submissionParameterName string the request parameter we
* expect the submission id in.
*/
function OmpPublishedMonographAccessPolicy($request, $args, $roleAssignments, $submissionParameterName = 'submissionId')
{
parent::ContextPolicy($request);
// Access may be made either as a member of the public, or
// via pre-publication access to editorial users.
$monographAccessPolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
// Published monograph access for the public
$publishedMonographAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
import('lib.pkp.classes.security.authorization.internal.SubmissionRequiredPolicy');
$publishedMonographAccessPolicy->addPolicy(new SubmissionRequiredPolicy($request, $args, $submissionParameterName));
import('classes.security.authorization.internal.MonographPublishedPolicy');
$publishedMonographAccessPolicy->addPolicy(new MonographPublishedPolicy($request));
$monographAccessPolicy->addPolicy($publishedMonographAccessPolicy);
// Pre-publication access for editorial roles
import('classes.security.authorization.SubmissionAccessPolicy');
$monographAccessPolicy->addPolicy(new SubmissionAccessPolicy($request, $args, array_intersect_key($roleAssignments, array(ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR)), $submissionParameterName));
$this->addPolicy($monographAccessPolicy);
}
示例13: SubmissionFileAccessPolicy
/**
* Constructor
* @param $request PKPRequest
* @param $args array request parameters
* @param $roleAssignments array
* @param $mode int bitfield SUBMISSION_FILE_ACCESS_...
* @param $fileIdAndRevision string
* @param $submissionParameterName string the request parameter we expect
* the submission id in.
*/
function SubmissionFileAccessPolicy($request, $args, $roleAssignments, $mode, $fileIdAndRevision = null, $submissionParameterName = 'submissionId')
{
parent::PKPSubmissionFileAccessPolicy($request, $args, $roleAssignments, $mode, $fileIdAndRevision, $submissionParameterName);
$fileAccessPolicy = $this->_baseFileAccessPolicy;
//
// Series editor role
//
if (isset($roleAssignments[ROLE_ID_SUB_EDITOR])) {
// 1) Series editors can access all operations on submissions ...
$seriesEditorFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
$seriesEditorFileAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, ROLE_ID_SUB_EDITOR, $roleAssignments[ROLE_ID_SUB_EDITOR]));
// 2) ... but only if the requested submission is part of their series.
import('classes.security.authorization.internal.SeriesAssignmentPolicy');
$seriesEditorFileAccessPolicy->addPolicy(new SeriesAssignmentPolicy($request));
$fileAccessPolicy->addPolicy($seriesEditorFileAccessPolicy);
}
$this->addPolicy($fileAccessPolicy);
}
示例14: ReviewStageAccessPolicy
/**
* Constructor
* @param $request PKPRequest
* @param $args array request arguments
* @param $roleAssignments array
* @param $submissionParameterName string
* @param $stageId integer One of the WORKFLOW_STAGE_ID_* constants.
*/
function ReviewStageAccessPolicy($request, &$args, $roleAssignments, $submissionParameterName = 'submissionId', $stageId)
{
parent::ContextPolicy($request);
// Create a "permit overrides" policy set that specifies
// role-specific access to submission stage operations.
$workflowStagePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
// Add the workflow policy, for editorial / press roles
import('lib.pkp.classes.security.authorization.WorkflowStageAccessPolicy');
$workflowStagePolicy->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, $submissionParameterName, $stageId));
if ($stageId == WORKFLOW_STAGE_ID_INTERNAL_REVIEW || $stageId == WORKFLOW_STAGE_ID_EXTERNAL_REVIEW) {
// Add the submission policy, for reviewer roles
import('lib.pkp.classes.security.authorization.SubmissionAccessPolicy');
$submissionPolicy = new SubmissionAccessPolicy($request, $args, $roleAssignments, $submissionParameterName);
$submissionPolicy->addPolicy(new WorkflowStageRequiredPolicy($stageId));
$workflowStagePolicy->addPolicy($submissionPolicy);
}
// Add the role-specific policies to this policy set.
$this->addPolicy($workflowStagePolicy);
}
示例15: authorize
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
import('lib.pkp.classes.security.authorization.PolicySet');
$rolePolicy = new PolicySet(COMBINING_PERMIT_OVERRIDES);
import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');
foreach ($roleAssignments as $role => $operations) {
$rolePolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, $role, $operations));
}
$this->addPolicy($rolePolicy);
return parent::authorize($request, $args, $roleAssignments);
}