From bd5121b5581a825b3b65de5144d73978e5847a07 Mon Sep 17 00:00:00 2001 From: Dimitris Efstathiou Date: Wed, 20 Dec 2023 09:16:55 +0200 Subject: [PATCH] pkp/pkp-lib#7505 Fix publication access --- api/v1/jats/PKPJatsController.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/api/v1/jats/PKPJatsController.php b/api/v1/jats/PKPJatsController.php index d7fdf679bea..6f99918b925 100644 --- a/api/v1/jats/PKPJatsController.php +++ b/api/v1/jats/PKPJatsController.php @@ -28,6 +28,7 @@ use PKP\db\DAORegistry; use PKP\security\authorization\ContextAccessPolicy; use PKP\security\authorization\internal\SubmissionFileStageAccessPolicy; +use PKP\security\authorization\PublicationAccessPolicy; use PKP\security\authorization\PublicationWritePolicy; use PKP\security\authorization\SubmissionFileAccessPolicy; use PKP\security\authorization\UserRolesRequiredPolicy; @@ -92,7 +93,11 @@ public function authorize(PKPRequest $request, array &$args, array $roleAssignme $this->addPolicy(new ContextAccessPolicy($request, $roleAssignments)); - $this->addPolicy(new PublicationWritePolicy($request, $args, $roleAssignments)); + if ($actionName === 'get') { + $this->addPolicy(new PublicationAccessPolicy($request, $args, $roleAssignments)); + } else { + $this->addPolicy(new PublicationWritePolicy($request, $args, $roleAssignments)); + } if ($actionName === 'add') { $params = $illuminateRequest->input();