-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathMarkupPluginUtilities.inc.php
419 lines (362 loc) · 15.3 KB
/
MarkupPluginUtilities.inc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
<?php
/**
* @file plugins/generic/markup/MarkupPluginUtilities.inc.php
*
* Copyright (c) 2003-2013 John Willinsky
* Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
*
* @class MarkupPluginUtilities
* @ingroup plugins_generic_markup
*
* @brief helper functions
*
*/
define('MARKUP_SUPP_FOLDER', '/markup/'); // Name of folder inside article's suppl folder for holding unarchived files.
class MarkupPluginUtilities {
/**
* Provide notification messages for Document Markup Server job status
* $message is already translated, i.e. caller takes responsibility for setting up the text correctly. $typeFlag
*
* @param $message string translated text to display
* @param $typeFlag bool optional for now signals just success or failure style of message.
* @param $userId int optional explicit user id
*/
function notificationService($message, $typeFlag, $userId) {
import('classes.notification.NotificationManager');
$notificationManager = new NotificationManager();
$notificationType = NOTIFICATION_TYPE_SUCCESS;
if ($typeFlag === false){
$notificationType = NOTIFICATION_TYPE_ERROR;
}
// If user not specified explicitly, then include current user if any.
if (!isset($userId)) {
$user =& Request::getUser();
$userId = $user->getId();
}
if (isset($userId)) {
$params= array('itemTitle' => $this->getDisplayName() );
$notificationManager->createTrivialNotification(
$userId,
$notificationType,
array('contents' => $message)
);
}
}
/**
* Return server's folder path that points to an article's supplementary file folder.
*
* @param $articleId int
* @param $markupFolderFlag bool flag indicates to include /markup/
*
* @return string supplementary file folder path.
*/
function getSuppPath($articleId , $markupFolderFlag = false) {
import('classes.file.ArticleFileManager');
$articleFileManager = new ArticleFileManager((int) $articleId);
return $articleFileManager->filesDir . $articleFileManager->fileStageToPath( ARTICLE_FILE_SUPP ) .
($markupFolderFlag == true ? MARKUP_SUPP_FOLDER : '/');
}
/**
* Return URL that provides file access for a given article within context of current journal. Uses gateway plugin access point.
* e.g. ... /index.php/praxis/gateway/plugin/markup/1/refresh
* or ... index.php?journal=praxis&page=gateway&op=plugin&path[]=markup&path[]=1&path[]=refresh
*
* @param $args Array [action, articleId, userId]
* or [folder, fileName]
* or [0, articleId, fileName]
*
* @return string URL
*
* @see MarkupPlugin _submitURL()
* @see MarkupGatewayPlugin fetch()
*/
function getMarkupURL($args) {
$path = array(MARKUP_GATEWAY_FOLDER);
$articleId = (int) $args['articleId'];
if ($args['action']) {
$user =& Request::getUser();
//Actions need a userId for notifications.
array_push($path, $args['action'], $articleId, $user->getId());
}
else if ($args['folder']) {
array_push($path, $args['folder'], $args['fileName']);
}
else {
array_push($path, 0, $articleId, $args['fileName']);
}
$params = null;
return Request::url(null, 'gateway', 'plugin', $path, $params);
}
/**
* Ensures no funny business with filenames usually coming in from Markup plugin-handled file requests
*
* @param $fileName string
*/
function cleanFileName($fileName) {
return preg_replace('/[^[:alnum:]\._-]/', '', $fileName);
}
/**
* Provide suffix for copy of uploaded file (sits in same folder as original upload).
* The uploaded temp file doesn't have a file suffix. We copy this file and add a suffix, in preperation for uploading it to document markup server. Uploaded file hasn't been processed by OJS yet.
*
* @param: $articleFileManager object primed with article
* @param: $fieldName string upload form field name
*
* @return false if no suffix; otherwise path to copied file
*/
function copyTempFilePlusExt($articleId, $fieldName) {
import('classes.file.ArticleFileManager');
$articleFileManager = new ArticleFileManager($articleId);
$articleFilePath = $articleFileManager->getUploadedFilePath($fieldName);
$fileName = $articleFileManager->getUploadedFileName($fieldName);
if (!strpos($fileName,".")) return false; // Exit if no suffix.
$suffix = $articleFileManager->getExtension($fileName);
$newFilePath = $articleFilePath.".".$suffix;
$articleFileManager->copyFile($articleFilePath, $newFilePath);
return $newFilePath;
}
/**
* Return requested markup file to user's browser.
* Eg. /var/www_uploads/journals/1/articles/2/supp/markup/document.html : text/html
*
* @param $folder string Server file path
* @param $fileName string (must already be validated)
*
* @see DocumentMarkupFetch
*/
function downloadFile($folder, $fileName) {
$filePath = $folder.$fileName;
$fileManager = new FileManager();
if (!$fileManager->fileExists($filePath,'file')) {
return $this->_exitFetch( __('plugins.generic.markup.archive.no_file'));
}
$mimeType = String::mime_content_type($fileName);
// Some servers don't recognize 'text/css' for .css suffixes:
if ($fileManager->getExtension($fileName) == 'css')
$mimeType = 'text/css';
$fileManager->downloadFile($folder. $fileName, $mimeType, true);
return true;
}
/**
* Delete markup plugin media files related to an Article if NO XML or HTML galley links are left (that would need media).
* The idea is that if a user has disallowed viewing of a particular kind of content, then the plugin should not offer that through its gateway. Some extra complexity because this has to anticipate $type will be deleted, though it isn't yet since hook fires before action is completed.
*
* @param $articleId int
*
* @see _refresh()
*/
function checkGalleyMedia($articleId, $type) {
$galleyDao =& DAORegistry::getDAO('ArticleGalleyDAO');
$gals =& $galleyDao->getGalleysByArticle($articleId);
$keepers = new StdClass();
$keepers->XML = $keepers->HTML = $keepers->PDF = false;
foreach ($gals as $galley) {
$label = $galley->getLabel();
if ($label == 'XML' && $type != 'XML') $keepers->XML = true;
if ($label == 'HTML' && $type != 'HTML') $keepers->HTML = true;
if ($label == 'PDF' && $type != 'PDF') $keepers->PDF = true;
};
$suppFolder = MarkupPluginUtilities::getSuppPath($articleId, true);
// No markup galley files found so delete all markup media.
if ($keepers->XML || $keepers->HTML || $keepers->PDF) {
if (!$keepers->XML) {
unlink($suppFolder.'document.xml');
}
if (!$keepers->HTML) {
unlink($suppFolder.'document.html');
}
if (!$keepers->PDF) {
unlink($suppFolder.'document-new.pdf');
unlink($suppFolder.'document-review.pdf');
}
}
else { // Remove all media
$glob = glob($suppFolder.'*');
foreach ($glob as $g) {unlink($g);}
}
return true;
}
/**
* Do all necessary checks to see if user is allowed to download this file if it has been published.
* A variation on /ojs/pages/article/ArticleManager.inc.php validate()
*
* @param $user object
* @param $articleId int
* @param $journal object
* @param $fileName string , in case requested file type (pdf or other) affects viewing rights
*
* @return boolean true iff user allowed to see given file
* @see fetch()
*/
function getUserPermViewPublished($user, $articleId, &$journal, $fileName) {
$journalId = $journal->getId();
import('classes.issue.IssueAction');
$article = $publishedArticle = $issue = null;
$userId = $user?$user->getId():0;
$publishedArticleDao =& DAORegistry::getDAO('PublishedArticleDAO');
if ($journal->getSetting('enablePublicArticleId')) {
$publishedArticle =& $publishedArticleDao->getPublishedArticleByBestArticleId((int) $journalId, $articleId, true);
} else {
$publishedArticle =& $publishedArticleDao->getPublishedArticleByArticleId((int) $articleId, (int) $journalId, true);
}
$issueDao =& DAORegistry::getDAO('IssueDAO');
if (isset($publishedArticle)) {
$issue =& $issueDao->getIssueById($publishedArticle->getIssueId(), $publishedArticle->getJournalId(), true);
} else {
$articleDao =& DAORegistry::getDAO('ArticleDAO');
$article =& $articleDao->getArticle((int) $articleId, $journalId, true);
}
// If this is an editorial user who can view unpublished/unscheduled
// articles, bypass further validation. Likewise for its author.
if (($article || $publishedArticle) && (($article && IssueAction::allowedPrePublicationAccess($journal, $article) || ($publishedArticle && IssueAction::allowedPrePublicationAccess($journal, $publishedArticle))))) {
return true;
}
// Make sure the reader has rights to view the article/issue.
if ($issue && $issue->getPublished() && $publishedArticle->getStatus() == STATUS_PUBLISHED) {
$subscriptionRequired = IssueAction::subscriptionRequired($issue);
$isSubscribedDomain = IssueAction::subscribedDomain($journal, $issue->getId(), $publishedArticle->getId());
// Check if login is required for viewing.
if (!$isSubscribedDomain && !Validation::isLoggedIn() && $journal->getSetting('restrictArticleAccess') && isset($galleyId) && $galleyId) {
return false;
}
// bypass all validation if subscription based on domain or ip is valid
// or if the user is just requesting the abstract
if ( (!$isSubscribedDomain && $subscriptionRequired) &&
(isset($galleyId) && $galleyId) ) {
// Subscription Access
$subscribedUser = IssueAction::subscribedUser($journal, $issue->getId(), $publishedArticle->getId());
if (!(!$subscriptionRequired || $publishedArticle->getAccessStatus() == ARTICLE_ACCESS_OPEN || $subscribedUser)) {
// if payment information is enabled,
import('classes.payment.ojs.OJSPaymentManager');
$paymentManager = new OJSPaymentManager($request);
if ( $paymentManager->purchaseArticleEnabled() || $paymentManager->membershipEnabled() ) {
/* if only pdf files are being restricted, then approve all non-pdf galleys
* and continue checking if it is a pdf galley */
if ( $paymentManager->onlyPdfEnabled() ) {
$fileManager = new FileManager();
if('PDF' == strtoupper($fileManager->parseFileExtension( $fileName))) return true;
}
if (!Validation::isLoggedIn()) {
return false;
}
/* if the article has been paid for then forget about everything else
* and just let them access the article */
$completedPaymentDao =& DAORegistry::getDAO('OJSCompletedPaymentDAO');
$dateEndMembership = $user->getSetting('dateEndMembership', 0);
if ($completedPaymentDao->hasPaidPurchaseArticle($userId, $publishedArticle->getId())
|| $completedPaymentDao->hasPaidPurchaseIssue($userId, $issue->getId())
|| (!is_null($dateEndMembership) && $dateEndMembership > time())) {
return true;
} else {
return false;
}
}
if (!isset($galleyId) || $galleyId) {
return false;
}
}
}
} else {
return false;
}
return true;
}
/**
* Calculate current user's read permission with respect to given article.
* Handles case where article isn't published yet.
*
* Give access if:
* - user is SITE_ADMIN or JOURNAL_MANAGER
* - user is Editor / Section Editor of given journal
* - user is author / reader / reviewer of given article
*
* USERS TO CONSIDER: See ojs/classes/security/Validation.inc.php
*
* ROLE_ID_SITE_ADMIN isSiteAdmin()
*
* All isXYZ() functions below can take a journalId.
* ROLE_ID_JOURNAL_MANAGER isJournalManager()
* ROLE_ID_EDITOR isEditor()
* ROLE_ID_SECTION_EDITOR isSectionEditor()
*
* ROLE_ID_COPYEDITOR isCopyeditor()
* ROLE_ID_LAYOUT_EDITOR isLayoutEditor()
* ROLE_ID_PROOFREADER isProofreader()
*
* ROLE_ID_AUTHOR isAuthor()
* ROLE_ID_READER isReader()
* ROLE_ID_REVIEWER isReviewer()
*
* @return first userType that matches user to article for viewing.
**/
function getUserPermViewDraft($userId, $articleId, &$journal, $fileName) {
$journalId = $journal->getId();
$roleDao = &DAORegistry::getDAO('RoleDAO');
$roles =& $roleDao->getRolesByUserId($userId);
foreach ($roles as $role) {
$roleType = $role->getRoleId();
if ($roleType == ROLE_ID_SITE_ADMIN) return ROLE_ID_SITE_ADMIN;
if ($role->getJournalId() == $journalId) {
switch ($roleType) {
// These users get global access
case ROLE_ID_JOURNAL_MANAGER :
case ROLE_ID_EDITOR :
return $roleType;
break;
case ROLE_ID_SECTION_EDITOR :
$sectionEditorSubmissionDao =& DAORegistry::getDAO('SectionEditorSubmissionDAO');
$sectionEditorSubmission =& $sectionEditorSubmissionDao->getSectionEditorSubmission($articleId);
if ($sectionEditorSubmission != null && $sectionEditorSubmission->getJournalId() == $journalId && $sectionEditorSubmission->getDateSubmitted() != null) {
// If this user isn't the submission's editor, they don't have access.
$editAssignments =& $sectionEditorSubmission->getEditAssignments();
foreach ($editAssignments as $editAssignment) {
if ($editAssignment->getEditorId() == $userId) {
return $roleType;
}
}
};
break;
case ROLE_ID_LAYOUT_EDITOR :
$signoffDao =& DAORegistry::getDAO('SignoffDAO');
if ($signoffDao->signoffExists('SIGNOFF_LAYOUT', ASSOC_TYPE_ARTICLE, $articleId, $userId)) {
return $roleType;
}
break;
case ROLE_ID_PROOFREADER :
$signoffDao =& DAORegistry::getDAO('SignoffDAO');
if ($signoffDao->signoffExists('SIGNOFF_PROOFING', ASSOC_TYPE_ARTICLE, $articleId, $userId)) {
return $roleType;
}
break;
case ROLE_ID_COPYEDITOR : //'SIGNOFF_COPYEDITING'
$SESDao =& DAORegistry::getDAO('SectionEditorSubmissionDAO');
if ($SESDao->copyeditorExists($articleId, $userId) )
return $roleType;
break;
case ROLE_ID_AUTHOR : //Find out if article has this submitter.
$articleDao =& DAORegistry::getDAO('ArticleDAO');
$article =& $articleDao->getArticle($articleId, $journalId);
if ($article && $article->getUserId() == $userId && ($article->getStatus() == STATUS_QUEUED || $article->getStatus() == STATUS_PUBLISHED)) {
return $roleType;
}
break;
case ROLE_ID_REVIEWER :
// Find out if article currently has this reviewer.
$reviewAssignmentDao = DAORegistry::getDAO('ReviewAssignmentDAO');
$reviewAssignments = $reviewAssignmentDao->getBySubmissionId($articleId);
foreach ($reviewAssignments as $assignment) {
if ($assignment->getReviewerId() == $userId) {
// REVIEWER ACCESS: If reviewers are not supposed to see list of authors, REVIEWER ONLY GETS TO SEE document-review.pdf version, which has all author information stripped.
if ($this->getSetting($journalId, 'reviewVersion') != true || $fileName == 'document-review.pdf')
return $roleType;
break; // We've matched to user so no more tries.
}
}
break;
}
}
}
return false;
}
}
?>