<?php
/**
* @file pages/reviewer/ReviewerHandler.php
*
* Copyright (c) 2014-2021 Simon Fraser University
* Copyright (c) 2003-2021 John Willinsky
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
*
* @class ReviewerHandler
*
* @ingroup pages_reviewer
*
* @brief Handle requests for reviewer functions.
*/
namespace APP\pages\reviewer;
use APP\core\Request;
use APP\facades\Repo;
use APP\submission\reviewer\form\ReviewerReviewStep3Form;
use APP\submission\Submission;
use PKP\core\PKPRequest;
use PKP\db\DAORegistry;
use PKP\pages\reviewer\PKPReviewerHandler;
use PKP\security\AccessKeyManager;
use PKP\security\authorization\SubmissionAccessPolicy;
use PKP\security\Role;
use PKP\security\Validation;
use PKP\session\SessionManager;
use PKP\submission\reviewAssignment\ReviewAssignment;
use PKP\submission\reviewAssignment\ReviewAssignmentDAO;
use PKP\submission\reviewer\form\ReviewerReviewForm;
use PKP\user\User;
class ReviewerHandler extends PKPReviewerHandler
{
/** @var Submission */
public $submission;
/** @var User */
public $user;
/**
* Constructor
*/
public function __construct()
{
parent::__construct();
$this->addRoleAssignment(
Role::ROLE_ID_REVIEWER,
[
'submission', 'step', 'saveStep',
'showDeclineReview', 'saveDeclineReview', 'downloadFile'
]
);
}
/**
* @copydoc PKPHandler::authorize()
*/
public function authorize($request, &$args, $roleAssignments)
{
$context = $request->getContext();
if ($context->getData('reviewerAccessKeysEnabled')) {
$this->_validateAccessKey($request);
}
$router = $request->getRouter();
$this->addPolicy(new SubmissionAccessPolicy(
$request,
$args,
$roleAssignments
));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* Tests if the request contains a valid access token. If this is the case
* the regular login process will be skipped
*
* @param Request $request
*/
protected function _validateAccessKey($request)
{
$accessKeyCode = $request->getUserVar('key');
$reviewId = $request->getUserVar('reviewId');
if (!($accessKeyCode && $reviewId)) {
return;
}
// Check if the user is already logged in
$sessionManager = SessionManager::getManager();
$session = $sessionManager->getUserSession();
if ($session->getUserId()) {
return;
}
$reviewAssignmentDao = DAORegistry::getDAO('ReviewAssignmentDAO'); /** @var ReviewAssignmentDAO $reviewAssignmentDao */
$reviewAssignment = $reviewAssignmentDao->getById($reviewId);
if (!$reviewAssignment) {
return;
} // e.g. deleted review assignment
$reviewSubmission = Repo::submission()->get($reviewAssignment->getSubmissionId());
if (!$reviewSubmission || ($reviewSubmission->getId() != $reviewAssignment->getSubmissionId())) {
return;
} // e.g. deleted review assignment
// Validate the access key
$context = $request->getContext();
$accessKeyManager = new AccessKeyManager();
$accessKeyHash = $accessKeyManager->generateKeyHash($accessKeyCode);
$accessKey = $accessKeyManager->validateKey(
$context->getId(),
$reviewAssignment->getReviewerId(),
$accessKeyHash
);
if (!$accessKey) {
return;
}
// Get the reviewer user object
$user = Repo::user()->get($accessKey->getUserId());
if (!$user) {
return;
}
// Register the user object in the session
$reason = null;
if (Validation::registerUserSession($user, $reason)) {
$this->submission = $reviewSubmission;
$this->user = $user;
}
}
/**
* @copydoc PKPReviewerHandler::getReviewForm()
*/
public function getReviewForm(
int $step,
PKPRequest $request,
Submission $reviewSubmission,
ReviewAssignment $reviewAssignment
): ReviewerReviewForm {
switch ($step) {
case 3:
return new ReviewerReviewStep3Form($request, $reviewSubmission, $reviewAssignment);
}
return parent::getReviewForm($step, $request, $reviewSubmission, $reviewAssignment);
}
}
|