#10263 block authors from editing any version if a submission has a published or scheduled publication

Author: Hafsa-Naeem

classes/submission/Repository.php

@@ -515,36 +515,31 @@ public function canCurrentUserDelete(Submission $submission): bool
     public function canEditPublication(int $submissionId, int $userId): bool
     {
         // block authors can never edit a published publication even if an editor granted them canChangeMetadata
-        $submission = $this->get($submissionId);
-        if ($submission) {
-            $currentPub = $submission->getCurrentPublication();
-            if (
-                $currentPub
-                && $currentPub->getData('status') === Submission::STATUS_PUBLISHED
-            ) {
-                // fetch this user’s stage assignments
-                $assignments = StageAssignment::withSubmissionIds([$submissionId])->withUserId($userId)->get();
-
-                // if all of their assignments are to an author group then block them
-                $hasNonAuthor = $assignments->contains(fn($sa) => $sa->userGroup && $sa->userGroup->roleId !== Role::ROLE_ID_AUTHOR);
-                if (!$hasNonAuthor) {
-                    return false;
-                }
-            }
-        }
-        
-        // Replaces StageAssignmentDAO::getBySubmissionAndUserIdAndStageId
-        $stageAssignments = StageAssignment::withSubmissionIds([$submissionId])
+        $assignments = StageAssignment::withSubmissionIds([$submissionId])
             ->withUserId($userId)
             ->get();
 
-        // Check for permission from stage assignments
-        if ($stageAssignments->contains(fn ($stageAssignment) => $stageAssignment->canChangeMetadata)) {
+        $submission = $this->get($submissionId);
+        // any published or scheduled then probe
+        $hasLockedPublication = $submission
+            && $submission->getData('publications')
+                ->contains(fn($p) =>
+                    in_array(
+                        $p->getData('status'),
+                        [Submission::STATUS_PUBLISHED, Submission::STATUS_SCHEDULED]
+                    )
+                );
+
+        if ($hasLockedPublication && !$assignments->contains(fn($sa) => $sa->userGroup && $sa->userGroup->roleId !== Role::ROLE_ID_AUTHOR)) {
+            return false;
+        }
+
+        if ($assignments->contains(fn($sa) => $sa->canChangeMetadata)) {
             return true;
         }
         // If user has no stage assigments, check if user can edit anyway ie. is manager
         $context = Application::get()->getRequest()->getContext();
-        if ($stageAssignments->isEmpty() && $this->_canUserAccessUnassignedSubmissions($context->getId(), $userId)) {
+        if ($assignments->isEmpty() && $this->_canUserAccessUnassignedSubmissions($context->getId(), $userId)) {
             return true;
         }
         // Else deny access

classes/task/PublishSubmissions.php

@@ -52,9 +52,8 @@ public function executeActions(): bool
                 $datePublished = $submission->getCurrentPublication()->getData('datePublished');
                 if ($datePublished && strtotime($datePublished) <= strtotime(Core::getCurrentDate())) {
                     Repo::publication()->publish($submission->getCurrentPublication());
-                    
-                // dispatch the MetadataChanged event after publishing
-                event(new MetadataChanged($submission));
+                    // dispatch the MetadataChanged event after publishing
+                    event(new MetadataChanged($submission));
                 }
             }
         }