SubscriptionSSO plugin prevents viewing open access articles within issues marked as subscription required

[jnugent]

Hi Alec,

I've verified this in 3.3.0.8 and in 3.2.1-4.

If you publish an issue and mark it as "subscription" and then add articles to it that are checked as "open access", users are also redirected to the SubscriptionSSO login url rather than being granted access.

The problem seems to be:

1. When a galley is downloaded, the download method in ArticleHandler is invoked.
2. That method calls userCanViewGalley where IssueAction is imported here:

https://github.com/pkp/ojs/blob/stable-3_3_0/pages/article/ArticleHandler.inc.php#L454

3. And then IssueAction::subscribedUser is called here:

https://github.com/pkp/ojs/blob/stable-3_3_0/pages/article/ArticleHandler.inc.php#L485

which is what the plugin hooks against. Unfortunately, the plugin handler method does not check to see if the Submission itself is open access, and when the plugin hooks against it right before it returns, it redirects to the portal login. This means that the open access test in the ArticleHandler here:

https://github.com/pkp/ojs/blob/stable-3_3_0/pages/article/ArticleHandler.inc.php#L496

never gets a chance to run.

Suggest adding a test in the SubscriptionSSO call back to quickly look at the open access status for the Submission object, since it is present there, and just returning to allow the rest of the OJS subscription code to run as normal.

[jnugent]

@asmecher I coded a fix for this that solves this problem for one of our clients. Feel free to use if you think it solves the problem!

[asmecher]

@jnugent, does this existing commit (potentially not included in your installation of that plugin) already resolve it? https://github.com/asmecher/subscriptionSSO/commit/bad995c0bb722f36f3b219d0f962ea3432c58e23

[jnugent]

@asmecher no it does not.

[jnugent]

The issue here is that the issue is marked as subscription required, but the articles within that issue are open access. The IssueAction::subscribedUser test is doing its job, but there is a test further down to grant access to open access articles specifically that never gets called because the SSO plugin redirects before then.

[sarang-apps]

I experience the same problem, I have marked the issue as subscription required but put the front pages and foreword as open access, but the SSO plugin redirects those even trying to access the open content.

[sarang-apps]

I have figured out how to fix this. Update the subscribedUserCallback function (in SubscriptionSSOPlugin.inc.php) to:

    function subscribedUserCallback($hookName, $args) {
        // Exclude the index and issue pages.
        $request = Application::get()->getRequest();
        if (in_array($request->getRequestedPage(), ['', 'index', 'search'])) return false;
        // Capture issue galley requests, but not e.g. issue archive
        if ($request->getRequestedPage() == 'issue' && count($request->getRequestedArgs()) != 2) return false;

        // Permit an abstract view.
        if ($request->getRequestedPage() == 'article' && $request->getRequestedOp() == 'view' && count($request->getRequestedArgs())==1) return false;
+
+       // Permit Open Access articles
+       $submission = Services::get('submission')->getByUrlPath($request->getRequestedArgs()[0], $request->getContext()->getId());
+       if ($submission->getCurrentPublication()->getData('accessStatus') == ARTICLE_ACCESS_OPEN) return false;
+
        $journal = $args[1];

        $result =& $args[4]; // Reference required
        if ($result) return false; // If a subscription has already been established, respect that

        $result = isset($_SESSION['subscriptionSSOTimestamp']) && $_SESSION['subscriptionSSOTimestamp'] + ($this->getSetting($journal->getId(), 'hoursValid') * 3600) > time();
        if (!$result) {
            // If we're not subscribed, redirect.
            $request->redirectUrl($this->getSetting($journal->getId(), 'redirectUrl') . '?redirectUrl=' . urlencode($request->getRequestUrl()));
        }
    }

[asmecher]

@sarang-apps, thanks, that's basically a port forward of https://github.com/jnugent/subscriptionSSO/commit/686366f876a4d8a2ec481212f54d8cf585b3d871 I think? What version of OJS are you using it with?

[sarangtc]

OJS 3.3.0.14

[sarangtc]

@sarang-apps, thanks, that's basically a port forward of jnugent@686366f I think? What version of OJS are you using it with?

This fix also works.

[asmecher]

PR: https://github.com/asmecher/subscriptionSSO/pull/13