[ Mini Kiebo ]
Server: Windows NT DESKTOP-5B8S0D4 6.2 build 9200 (Windows 8 Professional Edition) i586
Path:
D:
/
Backup
/
05122024
/
htdocs
/
jurnal-kesmas
/
v1
/
lib
/
pkp
/
controllers
/
grid
/
queries
/
[
Home
]
File: QueriesAccessHelper.php
<?php /** * @file controllers/grid/queries/QueriesAccessHelper.php * * Copyright (c) 2016-2021 Simon Fraser University * Copyright (c) 2000-2021 John Willinsky * Distributed under the GNU GPL v3. For full terms see the file docs/COPYING. * * @class QueriesAccessHelper * * @ingroup controllers_grid_query * * @brief Implements access rules for queries. * Permissions are intended as follows (per UI/UX group, 2015-12-01) * Added permissions for Reviewers, 2017-11-05 * * ROLE * TASK MANAGER/ADMIN SUB EDITOR ASSISTANT AUTHOR REVIEWER * Create Q Yes Yes Yes Yes Yes * Edit Q All All If Creator If Creator if Creator * List/View All All Assigned Assigned Assigned * Open/close All All Assigned No No * Delete Q All All If Blank If Blank If Blank */ namespace PKP\controllers\grid\queries; use APP\core\Application; use PKP\db\DAORegistry; use PKP\query\Query; use PKP\query\QueryDAO; use PKP\security\Role; use PKP\user\User; class QueriesAccessHelper { /** @var array */ public $_authorizedContext; /** @var User */ public $_user; /** * Constructor * * @param array $authorizedContext * @param User $user */ public function __construct($authorizedContext, $user) { $this->_authorizedContext = $authorizedContext; $this->_user = $user; } /** * Retrieve authorized context objects from the authorized context. * * @param int $assocType any of the Application::ASSOC_TYPE_* constants */ public function getAuthorizedContextObject($assocType) { return $this->_authorizedContext[$assocType] ?? null; } /** * Determine whether the current user can open/close a query. * * @param Query $query * * @return bool True if the user is allowed to open/close the query. */ public function getCanOpenClose($query) { // Managers and sub editors are always allowed if ($this->hasStageRole($query->getStageId(), [Role::ROLE_ID_MANAGER, Role::ROLE_ID_SITE_ADMIN, Role::ROLE_ID_SUB_EDITOR])) { return true; } // Assigned assistants are allowed if ($this->hasStageRole($query->getStageId(), [Role::ROLE_ID_ASSISTANT]) && $this->isAssigned($this->_user->getId(), $query->getId())) { return true; } // Otherwise, not allowed. return false; } /** * Determine whether the user can re-order the queries. * * @param int $stageId * * @return bool */ public function getCanOrder($stageId) { return $this->hasStageRole($stageId, [Role::ROLE_ID_MANAGER, Role::ROLE_ID_SITE_ADMIN, Role::ROLE_ID_SUB_EDITOR]); } /** * Determine whether the user can create queries. * * @param int $stageId * * @return bool */ public function getCanCreate($stageId) { return $this->hasStageRole($stageId, [Role::ROLE_ID_MANAGER, Role::ROLE_ID_SITE_ADMIN, Role::ROLE_ID_SUB_EDITOR, Role::ROLE_ID_ASSISTANT, Role::ROLE_ID_AUTHOR, Role::ROLE_ID_REVIEWER]); } /** * Determine whether the current user can edit a query. * * @param int $queryId Query ID * * @return bool True iff the user is allowed to edit the query. */ public function getCanEdit($queryId) { $queryDao = DAORegistry::getDAO('QueryDAO'); /** @var QueryDAO $queryDao */ $query = $queryDao->getById($queryId); if (!$query) { return false; } // Assistants, authors and reviewers are allowed, if they created the query less than x seconds ago if ($this->hasStageRole($query->getStageId(), [Role::ROLE_ID_ASSISTANT, Role::ROLE_ID_AUTHOR, Role::ROLE_ID_REVIEWER])) { $headNote = $query->getHeadNote(); if ($headNote->getUserId() == $this->_user->getId() && (time() - strtotime($headNote->getDateCreated()) < 3600)) { return true; } } // Managers are always allowed if ($this->hasStageRole($query->getStageId(), [Role::ROLE_ID_MANAGER, Role::ROLE_ID_SITE_ADMIN, Role::ROLE_ID_SUB_EDITOR])) { return true; } // Otherwise, not allowed. return false; } /** * Determine whether the current user can delete a query. * * @param int $queryId Query ID * * @return bool True iff the user is allowed to delete the query. */ public function getCanDelete($queryId) { // Users can always delete their own placeholder queries. $queryDao = DAORegistry::getDAO('QueryDAO'); /** @var QueryDAO $queryDao */ $query = $queryDao->getById($queryId); if ($query) { $headNote = $query->getHeadNote(); if ($headNote?->getUserId() == $this->_user->getId() && $headNote?->getTitle() == '') { return true; } } // Managers and site admins are always allowed if ($this->hasStageRole($query->getStageId(), [Role::ROLE_ID_MANAGER, Role::ROLE_ID_SITE_ADMIN])) { return true; } // Otherwise, not allowed. return false; } /** * Determine whether the current user can list all queries on the submission * * @param int $stageId The stage ID to load discussions for * * @return bool */ public function getCanListAll($stageId) { return $this->hasStageRole($stageId, [Role::ROLE_ID_MANAGER, Role::ROLE_ID_SITE_ADMIN]); } /** * Determine whether the current user is assigned to the current query. * * @param int $userId User ID * @param int $queryId Query ID * * @return bool */ protected function isAssigned($userId, $queryId) { $queryDao = DAORegistry::getDAO('QueryDAO'); /** @var QueryDAO $queryDao */ return (bool) $queryDao->getParticipantIds($queryId, $userId); } /** * Determine whether the current user has role(s) in the current workflow * stage * * @param int $stageId * @param array $roles [ROLE_ID_...] * * @return bool */ protected function hasStageRole($stageId, $roles) { $stageRoles = $this->getAuthorizedContextObject(Application::ASSOC_TYPE_ACCESSIBLE_WORKFLOW_STAGES); return !empty(array_intersect($stageRoles[$stageId], $roles)); } }