_request =& $request; } // // Implement template methods from AuthorizationPolicy // /** * @see AuthorizationPolicy::effect() */ function effect() { // Get the user $user =& $this->_request->getUser(); if (!is_a($user, 'PKPUser')) return AUTHORIZATION_DENY; // Get the section editor submission. $sectionEditorSubmission =& $this->getAuthorizedContextObject(ASSOC_TYPE_ARTICLE); if (!is_a($sectionEditorSubmission, 'SectionEditorSubmission')) return AUTHORIZATION_DENY; // Section editors can only access submissions in their series // that they have been explicitly assigned to. // 1) Retrieve the edit assignments $editAssignmentDao =& DAORegistry::getDAO('EditAssignmentDAO'); $editAssignments =& $editAssignmentDao->getEditAssignmentsByArticleId($sectionEditorSubmission->getId()); if (!is_a($editAssignments, 'DAOResultFactory')) return AUTHORIZATION_DENY; $editAssignmentsArray =& $editAssignments->toArray(); // 2) Check whether the user is the article's editor, // otherwise deny access. $foundAssignment = false; foreach ($editAssignmentsArray as $editAssignment) { if ($editAssignment->getEditorId() == $user->getId()) { if ($editAssignment->getCanEdit()) $foundAssignment = true; break; } } if ($foundAssignment) { return AUTHORIZATION_PERMIT; } else { return AUTHORIZATION_DENY; } } } ?>