From 12b95cc170d8e59d9a5bcaa77bb027d99c31a61d Mon Sep 17 00:00:00 2001 From: Salman Murad Date: Fri, 23 Jan 2026 00:47:07 +0000 Subject: [PATCH 1/2] pkp#12035 Fix issue where recommend-only users cannot add a new review round --- .../internal/DecisionAllowedPolicy.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/classes/security/authorization/internal/DecisionAllowedPolicy.php b/classes/security/authorization/internal/DecisionAllowedPolicy.php index fe03133acbd..b50b82992be 100644 --- a/classes/security/authorization/internal/DecisionAllowedPolicy.php +++ b/classes/security/authorization/internal/DecisionAllowedPolicy.php @@ -1,4 +1,5 @@ getRoleId(), [Role::ROLE_ID_MANAGER, Role::ROLE_ID_SUB_EDITOR])) { continue; } - if (Repo::decision()->isRecommendation($decisionType->getDecision()) && $stageAssignment->getRecommendOnly()) { - $isAllowed = true; - } elseif (!$stageAssignment->getRecommendOnly()) { + + $decision = $decisionType->getDecision(); + if ( + !$stageAssignment->getRecommendOnly() || + $decision === Decision::NEW_EXTERNAL_ROUND || + Repo::decision()->isRecommendation($decision) + ) { $isAllowed = true; + break; } // Check whether there is a decision that a recommending role can make on the stage the submission is in. $recommendatorsAvailableDecisions = Repo::decision() ->getDecisionTypesMadeByRecommendingUsers($submission->getData('stageId')); - + // if there is any decision that the recommending role is allowed to make, check if the current decision is within the allowed ones if (!empty($recommendatorsAvailableDecisions)) { $matches = array_filter($recommendatorsAvailableDecisions, function ($decisionInArray) use ($decisionType) { From 297e2a9456bb89bdd54160af0ddc28a042ea8de2 Mon Sep 17 00:00:00 2001 From: Salman Murad Date: Fri, 17 Apr 2026 13:54:30 +0100 Subject: [PATCH 2/2] pkp#12035 Fix issue where recommend-only users cannot add a new internal review round --- .../authorization/internal/DecisionAllowedPolicy.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/classes/security/authorization/internal/DecisionAllowedPolicy.php b/classes/security/authorization/internal/DecisionAllowedPolicy.php index b50b82992be..0737c56e115 100644 --- a/classes/security/authorization/internal/DecisionAllowedPolicy.php +++ b/classes/security/authorization/internal/DecisionAllowedPolicy.php @@ -17,8 +17,8 @@ namespace PKP\security\authorization\internal; -use APP\decision\Decision; use APP\core\Application; +use APP\decision\Decision; use APP\facades\Repo; use PKP\db\DAORegistry; use PKP\security\authorization\AuthorizationPolicy; @@ -76,6 +76,7 @@ public function effect() if ( !$stageAssignment->getRecommendOnly() || $decision === Decision::NEW_EXTERNAL_ROUND || + $decision === Decision::NEW_INTERNAL_ROUND || Repo::decision()->isRecommendation($decision) ) { $isAllowed = true; @@ -86,7 +87,7 @@ public function effect() $recommendatorsAvailableDecisions = Repo::decision() ->getDecisionTypesMadeByRecommendingUsers($submission->getData('stageId')); - // if there is any decision that the recommending role is allowed to make, check if the current decision is within the allowed ones + // if there is any decision that the recommending role is allowed to make, check if the current decision is within the allowed ones if (!empty($recommendatorsAvailableDecisions)) { $matches = array_filter($recommendatorsAvailableDecisions, function ($decisionInArray) use ($decisionType) { return $decisionInArray->getDecision() === $decisionType->getDecision();