diff --git a/api/v1/orcid/OrcidController.php b/api/v1/orcid/OrcidController.php new file mode 100644 index 00000000000..40e5d272e7f --- /dev/null +++ b/api/v1/orcid/OrcidController.php @@ -0,0 +1,177 @@ +requestAuthorVerification(...)) + ->name('orcid.requestAuthorVerification'); + Route::post('deleteForAuthor/{authorId}', $this->deleteForAuthor(...)) + ->name('orcid.delete'); + } + + /** + * Send email request for author to link their ORCID to the submission in OJS + * + */ + public function requestAuthorVerification(Request $illuminateRequest): JsonResponse + { + $context = $this->getRequest()->getContext(); + if (!OrcidManager::isEnabled($context)) { + return response()->json([ + 'error' => __('api.orcid.403.orcidNotEnabled'), + ], Response::HTTP_FORBIDDEN); + } + + $authorId = (int) $illuminateRequest->route('authorId'); + $author = Repo::author()->get($authorId); + + if (empty($author)) { + return response()->json([ + 'error' => __('api.orcid.404.authorNotFound'), + ], Response::HTTP_NOT_FOUND); + } + + $user = $this->getRequest()->getUser(); + $currentRoles = array_map( + function (Role $role) { + return $role->getId(); + }, + $user->getRoles($context->getId()) + ); + + if (!array_intersect([Role::ROLE_ID_SITE_ADMIN, Role::ROLE_ID_MANAGER], $currentRoles)) { + $publicationId = $author->getData('publicationId'); + $submissionId = Repo::publication()->get($publicationId)->getData('submissionId'); + + $editorAssignment = StageAssignment::withSubmissionIds([$submissionId]) + ->withRoleIds([Role::ROLE_ID_SUB_EDITOR]) + ->withUserId($user->getId()) + ->first(); + + if ($editorAssignment === null) { + return response()->json([ + 'error' => __('api.orcid.403.editWithoutPermission'), + ], Response::HTTP_FORBIDDEN); + } + } + + try { + (new SendAuthorMail($author, $context, true))->execute(); + } catch (\Exception $exception) { + return response()->json([ + 'error' => __('api.orcid.404.contextRequired'), + ], Response::HTTP_NOT_FOUND); + } + + return response()->json([], Response::HTTP_OK); + } + + /** + * Remove ORCID and access token data from submission author + * + */ + public function deleteForAuthor(Request $illuminateRequest): JsonResponse + { + $context = $this->getRequest()->getContext(); + if (!OrcidManager::isEnabled($context)) { + return response()->json([ + 'error' => __('api.orcid.403.orcidNotEnabled'), + ], Response::HTTP_FORBIDDEN); + } + + $authorId = (int) $illuminateRequest->route('authorId'); + $author = Repo::author()->get($authorId); + + if (empty($author)) { + return response()->json([ + 'error' => __('api.orcid.404.authorNotFound'), + ], Response::HTTP_NOT_FOUND); + } + + $user = $this->getRequest()->getUser(); + $currentRoles = array_map( + function (Role $role) { + return $role->getId(); + }, + $user->getRoles($context->getId()) + ); + + if (!array_intersect([Role::ROLE_ID_SITE_ADMIN, Role::ROLE_ID_MANAGER], $currentRoles)) { + $publicationId = $author->getData('publicationId'); + $submissionId = Repo::publication()->get($publicationId)->getData('submissionId'); + + $editorAssignment = StageAssignment::withSubmissionIds([$submissionId]) + ->withRoleIds([Role::ROLE_ID_SUB_EDITOR]) + ->withUserId($user->getId()) + ->first(); + + if ($editorAssignment === null) { + return response()->json([ + 'error' => __('api.orcid.403.editWithoutPermission'), + ], Response::HTTP_FORBIDDEN); + } + } + + $author->setOrcid(null); + OrcidManager::removeOrcidAccessToken($author); + Repo::author()->edit($author, []); + + return response()->json([], Response::HTTP_OK); + } +} diff --git a/api/v1/orcid/index.php b/api/v1/orcid/index.php new file mode 100644 index 00000000000..16787ff53dd --- /dev/null +++ b/api/v1/orcid/index.php @@ -0,0 +1,20 @@ +getRequest()->getSite(); - return $site->getData(self::ENABLED); + return (bool) $site->getData(self::ENABLED); } /**