Skip to content

Commit

Permalink
Merge pull request #9869 from touhidurabir/i9837_stable_3_3_0
Browse files Browse the repository at this point in the history 
#9837 Policy to restrict incomplete submission to access workflow
  • Loading branch information
@touhidurabir
touhidurabir authored Jun 4, 2024
2 parents 0b5a48e + 6758e13 commit 6e39541
Show file tree
Hide file tree
Showing 3 changed files with 66 additions and 0 deletions.
60 changes: 60 additions & 0 deletions classes/security/authorization/internal/SubmissionCompletePolicy.inc.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
<?php
/**
* @file classes/security/authorization/internal/SubmissionCompletePolicy.inc.php
*
* Copyright (c) 2014-2024 Simon Fraser University
* Copyright (c) 2000-2024 John Willinsky
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
*
* @class SubmissionCompletePolicy
* @ingroup security_authorization_internal
*
* @brief Class to control access to workflow only for complete submissions
*
*/

import('lib.pkp.classes.security.authorization.DataObjectRequiredPolicy');

class SubmissionCompletePolicy extends DataObjectRequiredPolicy {

/**
* Constructor
*
* @param PKPRequest $request The PKP core request object
* @param array $args Request parameters
* @param string $submissionParameterName The request parameter we expect the submission id in.
* @param string $operation Optional list of operations for which this check takes effect. If specified,
* operations outside this set will not be checked against this policy
*/
function __construct($request, &$args, $submissionParameterName = 'submissionId', $operations = null) {
parent::__construct(
$request,
$args,
$submissionParameterName,
'user.authorization.submission.incomplete.workflowAccessRestrict',
$operations
);

AppLocale::requireComponents(LOCALE_COMPONENT_PKP_USER);
}


//
// Implement template methods from AuthorizationPolicy
//
/**
* @see DataObjectRequiredPolicy::dataObjectEffect()
*/
public function dataObjectEffect() {
$submissionId = $this->getDataObjectId();

$submissionDao = DAORegistry::getDAO("SubmissionDAO"); /** @var SubmissionDAO $submissionDao */
$submission = $submissionDao->getById($submissionId);

if ($submission->getData('submissionProgress') > 0) {
return AUTHORIZATION_DENY;
}

return AUTHORIZATION_PERMIT;
}
}
3 changes: 3 additions & 0 deletions locale/en_US/user.po
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,9 @@ msgstr "You don't currently have access to that stage of the workflow."
msgid "user.authorization.workflowStageRequired"
msgstr "A workflow stage was not specified."

msgid "user.authorization.submission.incomplete.workflowAccessRestrict"
msgstr "Workflow access for incomplete submission is restricted."

msgid "user.authorization.pluginRequired"
msgstr "A plugin was not specified and is required."

Expand Down
3 changes: 3 additions & 0 deletions pages/workflow/PKPWorkflowHandler.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,9 @@ function authorize($request, &$args, $roleAssignments) {

$this->markRoleAssignmentsChecked();
} else {
import('lib.pkp.classes.security.authorization.internal.SubmissionCompletePolicy');
$this->addPolicy(new SubmissionCompletePolicy($request, $args, 'submissionId'));

import('lib.pkp.classes.security.authorization.WorkflowStageAccessPolicy');
$this->addPolicy(new WorkflowStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $this->identifyStageId($request, $args), WORKFLOW_TYPE_EDITORIAL));
}
Expand Down

0 comments on commit 6e39541

Please sign in to comment.