From d6289ae91d7e6433a5ade478b29725041b57e4f9 Mon Sep 17 00:00:00 2001
From: Dimitris Efstathiou <defstat@gmail.com>
Date: Wed, 20 Dec 2023 18:56:28 +0200
Subject: [PATCH] pkp/pkp-lib#7505 Fix publication access (#9581)

---
 api/v1/jats/PKPJatsController.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/api/v1/jats/PKPJatsController.php b/api/v1/jats/PKPJatsController.php
index d7fdf679bea..6f99918b925 100644
--- a/api/v1/jats/PKPJatsController.php
+++ b/api/v1/jats/PKPJatsController.php
@@ -28,6 +28,7 @@
 use PKP\db\DAORegistry;
 use PKP\security\authorization\ContextAccessPolicy;
 use PKP\security\authorization\internal\SubmissionFileStageAccessPolicy;
+use PKP\security\authorization\PublicationAccessPolicy;
 use PKP\security\authorization\PublicationWritePolicy;
 use PKP\security\authorization\SubmissionFileAccessPolicy;
 use PKP\security\authorization\UserRolesRequiredPolicy;
@@ -92,7 +93,11 @@ public function authorize(PKPRequest $request, array &$args, array $roleAssignme
 
         $this->addPolicy(new ContextAccessPolicy($request, $roleAssignments));
 
-        $this->addPolicy(new PublicationWritePolicy($request, $args, $roleAssignments));
+        if ($actionName === 'get') {
+            $this->addPolicy(new PublicationAccessPolicy($request, $args, $roleAssignments));
+        } else {
+            $this->addPolicy(new PublicationWritePolicy($request, $args, $roleAssignments));
+        }
 
         if ($actionName === 'add') {
             $params = $illuminateRequest->input();