projects / platal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge remote branch 'origin/platal-1.0.0'
[platal.git] / modules / carnet.php
diff --git a/modules/carnet.php b/modules/carnet.php
index 1d065af..2125cf9 100644 (file)
--- a/modules/carnet.php
+++ b/modules/carnet.php
@@ -24,18 +24,18 @@ class CarnetModule extends PLModule
     function handlers()
     {
         return array(
-            'carnet'                => $this->make_hook('index',    AUTH_COOKIE),
-            'carnet/panel'          => $this->make_hook('panel',    AUTH_COOKIE),
-            'carnet/notifs'         => $this->make_hook('notifs',   AUTH_COOKIE),
-
-            'carnet/contacts'       => $this->make_hook('contacts', AUTH_COOKIE),
-            'carnet/contacts/pdf'   => $this->make_hook('pdf',      AUTH_COOKIE),
-            'carnet/contacts/vcard' => $this->make_hook('vcard',    AUTH_COOKIE),
-            'carnet/contacts/ical'  => $this->make_hook('ical',     AUTH_PUBLIC, 'user', NO_HTTPS),
-            'carnet/contacts/csv'   => $this->make_hook('csv',     AUTH_PUBLIC, 'user', NO_HTTPS),
-            'carnet/contacts/csv/birthday'  => $this->make_hook('csv_birthday',     AUTH_PUBLIC, 'user', NO_HTTPS),
-
-            'carnet/rss'            => $this->make_hook('rss',      AUTH_PUBLIC, 'user', NO_HTTPS),
+            'carnet'                => $this->make_hook('index',    AUTH_COOKIE, 'directory_private'),
+            'carnet/panel'          => $this->make_hook('panel',    AUTH_COOKIE, 'directory_private'),
+            'carnet/notifs'         => $this->make_hook('notifs',   AUTH_COOKIE, 'directory_private'),
+
+            'carnet/contacts'       => $this->make_hook('contacts', AUTH_COOKIE, 'directory_private'),
+            'carnet/contacts/pdf'   => $this->make_hook('pdf',      AUTH_COOKIE, 'directory_private'),
+            'carnet/contacts/vcard' => $this->make_hook('vcard',    AUTH_COOKIE, 'directory_private'),
+            'carnet/contacts/ical'  => $this->make_hook('ical',     AUTH_PUBLIC, 'directory_private', NO_HTTPS),
+            'carnet/contacts/csv'   => $this->make_hook('csv',     AUTH_PUBLIC,  'directory_private', NO_HTTPS),
+            'carnet/contacts/csv/birthday'  => $this->make_hook('csv_birthday',     AUTH_PUBLIC, 'directory_private', NO_HTTPS),
+
+            'carnet/rss'            => $this->make_hook('rss',      AUTH_PUBLIC, 'directory_private', NO_HTTPS),
         );
     }
 
@@ -45,7 +45,7 @@ class CarnetModule extends PLModule
             return;
         }
         $page->setRssLink('Polytechnique.org :: Carnet',
-                          '/carnet/rss/'.S::v('hruid').'/'.S::v('token').'/rss.xml');
+                          '/carnet/rss/' . S::v('hruid') . '/' . S::user()->token . '/rss.xml');
     }
 
     function handler_index(&$page)
@@ -275,7 +275,7 @@ class CarnetModule extends PLModule
 
         // For XSRF protection, checks both the normal xsrf token, and the special RSS token.
         // It allows direct linking to contact adding in the RSS feed.
-        if (Env::v('action') && Env::v('token') !== S::v('token')) {
+        if (Env::v('action') && Env::v('token') !== S::user()->token) {
             S::assert_xsrf_token();
         }
         switch (Env::v('action')) {
plat/al