pkp/pkp-lib#1660 Customizable Reviewer Recommendations #10583
Conversation
touhidurabir
force-pushed
the
i1660_main
branch
2 times, most recently
from
756d2a1 to
3f814e5
Compare
touhidurabir
force-pushed
the
i1660_main
branch
3 times, most recently
from
a1910e2 to
05100d8
Compare
touhidurabir
force-pushed
the
i1660_main
branch
from
cd81c1a to
9a6acac
Compare
touhidurabir
force-pushed
the
i1660_main
branch
2 times, most recently
from
0008656 to
37740ed
Compare
touhidurabir
force-pushed
the
i1660_main
branch
from
37740ed to
96c315b
Compare
touhidurabir
force-pushed
the
i1660_main
branch
from
b1a7042 to
3771c1a
Compare
touhidurabir
force-pushed
the
i1660_main
branch
2 times, most recently
from
5784e54 to
d081fbf
Compare
touhidurabir
force-pushed
the
i1660_main
branch
4 times, most recently
from
ad76900 to
17dfd5a
Compare
touhidurabir
force-pushed
the
i1660_main
branch
3 times, most recently
from
d481567 to
1196fdc
Compare
| <?php | ||
|
|
||
| /** | ||
| * @file api/v1/reviewers/recommendations/ReviewerRecommendationController.php |
There was a problem hiding this comment.
This handler doesn't appear to check that the recommendation being edited/deleted exists in the current context! The manage of one journal can edit and delete recommendations that belong to another.
There was a problem hiding this comment.
Isn't that handled by ContextAccessPolicy defined in authorize so that only those have access to context can access that api end point ? And we are restricting the roles to admin, manager and editor .
Or perhaps I am misunderstanding something ?
There was a problem hiding this comment.
Yes, but you're accepting any recommendation ID as user-supplied data -- and that recommendation might belong to another journal that the manager or editor doesn't manage.
| public function getDefaultRecommendations(): array | ||
| { | ||
| return [ | ||
| 1 => 'reviewer.article.decision.accept', // SUBMISSION_REVIEWER_RECOMMENDATION_ACCEPT |
There was a problem hiding this comment.
I think it should be possible to eliminate the value column and just rely on a database ID. It would reduce the use of magic numbers, and mean that the options that ship with OJS are treated just like user-created options. To do this, review_assignments.recommendation would also need to be converted to a recommendation_id foreign key to the reviewer_recommendations table.
There was a problem hiding this comment.
@asmecher This is something I have been pondering for some time . What you have mentioned is one way to do it that I also thought about. But then we have some complex upgrade process as default values 1-6 is not available anymore when adding to table as primary id will be sequential . So if have 2 contexts , context-1 will have 1-6 and context-2 will have 7-12, so we have to update every review assignments for context-2 . Now for a large installation with many context and many review assignment, upgrade is even more time consuming
- first need to create recommendations for context
- map to value
1-6with recommendations id - update all review assignments for that context .
Also need a way to mark the default ones so that on local change, we can add new translations for the default ones (that is not difficult)
The current implementation does not require all these complex process and allow minimum changes to introduce this feature . Thats why I went with this path . But you are right about magic numbers and that can be the major motivation to alter it the other way as you have described . Or maybe I am overthinking here ?
There was a problem hiding this comment.
If we were adding this as a brand new review feature, we would definitely use a foreign key rather than a value field. The only time we need to match a default is when we are adding a new language, and that's a boundary case (which I think is already matching on translation text, not value, right?) -- and that's a rare/boundary case already, so not justifying a different storage method.
The upgrade will be quick, even on large installs:
- Add a
recommendation_idcolumn toreview_assignments, default null, with a FK constraint - For each journal...
- Introduce default 6 options to
reviewer_recommendations, keeping a PHP-side map fromrecommendationconstant torecommendation_id - For each default recommendation option (count=6),
3. Update any review assignments to use the appropriate ID - Drop the
recommendationcolumn fromreview_assignments
That's a fixed number of queries per journal -- no need to e.g. execute anything e.g. per review assignment or per submission.
| @@ -171,7 +171,7 @@ public function getArrayIdByRoleId(int $roleId, ?int $contextId = null): array | |||
| * | |||
| * @return LazyCollection<int, UserGroup> | |||
| */ | |||
| public function getByRoleIds(array $roleIds, int $contextId, ?bool $default = null): LazyCollection | |||
| public function getByRoleIds(array $roleIds, ?int $contextId, ?bool $default = null): LazyCollection | |||
There was a problem hiding this comment.
Is this change intentional/necessary?
There was a problem hiding this comment.
Truthfully I don't actually remember . I will test and confirm .
…customizable review recommendation
for #1660