Merge pull request #2875 from NateWr/i6257_upload_policies

 pkp/pkp-lib#6257 Move file upload policies into pkp-lib

controllers/wizard/fileUpload/FileUploadWizardHandler.inc.php

@@ -23,57 +23,6 @@
 import('lib.pkp.controllers.wizard.fileUpload.PKPFileUploadWizardHandler');
 
 class FileUploadWizardHandler extends PKPFileUploadWizardHandler {
-	//
-	// Implement template methods from PKPHandler
-	//
-	function authorize($request, &$args, $roleAssignments) {
-		// We validate file stage outside a policy because
-		// we don't need to validate in another places.
-		$fileStage = $request->getUserVar('fileStage');
-		if ($fileStage) {
-			$submissionFileDao = DAORegistry::getDAO('SubmissionFileDAO'); /* @var $submissionFileDao SubmissionFileDAO */
-			$fileStages = $submissionFileDao->getAllFileStages();
-			if (!in_array($fileStage, $fileStages)) {
-				return false;
-			}
-		}
-
-		// Validate file ids. We have two cases where we might have a file id.
-		// CASE 1: user is uploading a revision to a file, the revised file id
-		// will need validation.
-		$revisedFileId = (int)$request->getUserVar('revisedFileId');
-		// CASE 2: user already have uploaded a file (and it's editing the metadata),
-		// we will need to validate the uploaded file id.
-		$fileId = (int)$request->getUserVar('fileId');
-		// Get the right one to validate.
-		$fileIdToValidate = null;
-		if ($revisedFileId && !$fileId) {
-			$fileIdToValidate = $revisedFileId;
-		} else if ($fileId && !$revisedFileId) {
-			$fileIdToValidate = $fileId;
-		} else if ($revisedFileId && $fileId) {
-			// Those two cases will not happen at the same time.
-			return false;
-		}
-		if ($fileIdToValidate) {
-			import('lib.pkp.classes.security.authorization.SubmissionFileAccessPolicy');
-			$this->addPolicy(new SubmissionFileAccessPolicy($request, $args, $roleAssignments, SUBMISSION_FILE_ACCESS_MODIFY, $fileIdToValidate));
-		}
-
-		// Allow both reviewers (if in review) and context roles.
-		$stageId = (int)$request->getUserVar('stageId');
-		import('lib.pkp.classes.security.authorization.ReviewStageAccessPolicy');
-		$this->addPolicy(new ReviewStageAccessPolicy($request, $args, $roleAssignments, 'submissionId', $stageId));
-
-		// Authorize review round id when this handler is used in review stages.
-		import('lib.pkp.classes.submission.SubmissionFile'); // Constants
-		if ($stageId == WORKFLOW_STAGE_ID_EXTERNAL_REVIEW && !in_array($request->getUserVar('fileStage'), array(SUBMISSION_FILE_QUERY, SUBMISSION_FILE_DEPENDENT))) {
-			import('lib.pkp.classes.security.authorization.internal.ReviewRoundRequiredPolicy');
-			$this->addPolicy(new ReviewRoundRequiredPolicy($request, $args));
-		}
-
-		return parent::authorize($request, $args, $roleAssignments);
-	}
 
 	/**
 	 * @copydoc PKPFileUploadWizardHandler::_attachEntities