From 7fdf0fa5e3d9fa4f817b68e3cad58621c7c6f51f Mon Sep 17 00:00:00 2001
From: Alec Smecher <alec@smecher.bc.ca>
Date: Wed, 18 Jul 2018 15:48:05 -0700
Subject: [PATCH] Add check in SubmissionFile for dependent files capability

---
 controllers/wizard/fileUpload/FileUploadWizardHandler.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controllers/wizard/fileUpload/FileUploadWizardHandler.inc.php b/controllers/wizard/fileUpload/FileUploadWizardHandler.inc.php
index d3892b4693b..11e2d76ff1b 100644
--- a/controllers/wizard/fileUpload/FileUploadWizardHandler.inc.php
+++ b/controllers/wizard/fileUpload/FileUploadWizardHandler.inc.php
@@ -41,7 +41,7 @@ function authorize($request, &$args, $roleAssignments) {
 		// Authorize review round id when this handler is used in review stages -- except
 		// for query files, which belong to the stage rather than the review round.
 		import('lib.pkp.classes.submission.SubmissionFile');
-		if (($stageId == WORKFLOW_STAGE_ID_INTERNAL_REVIEW || $stageId == WORKFLOW_STAGE_ID_EXTERNAL_REVIEW) && $request->getUserVar('fileStage') != SUBMISSION_FILE_QUERY) {
+		if (($stageId == WORKFLOW_STAGE_ID_INTERNAL_REVIEW || $stageId == WORKFLOW_STAGE_ID_EXTERNAL_REVIEW) && !in_array($request->getUserVar('fileStage'), array(SUBMISSION_FILE_QUERY, SUBMISSION_FILE_DEPENDENT))) {
 			import('lib.pkp.classes.security.authorization.internal.ReviewRoundRequiredPolicy');
 			$this->addPolicy(new ReviewRoundRequiredPolicy($request, $args));
 		}