X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=include%2Fvalidations.inc.php;h=1600a1bb2acee772b4ddf282cbb4e8309e8d0d81;hb=c442573a4e872aed5392ef0a0a4047833666031a;hp=d5678bd4567e8b2f2ff8bfd4a3d815baa7196b5b;hpb=cecdf74795e71ed038411915dad5e0dff6ea51fa;p=platal.git

diff --git a/include/validations.inc.php b/include/validations.inc.php
index d5678bd..1600a1b 100644
--- a/include/validations.inc.php
+++ b/include/validations.inc.php
@@ -42,6 +42,9 @@ abstract class Validate
     // Validations rules: comments for administrators.
     public $rules = 'Mieux vaut laisser une demande de validation à un autre administrateur que de valider une requête illégale ou que de refuser une demande légitime.';
 
+    // Unless differently stated, a validation must be done by a site administrator.
+    public $requireAdmin = true;
+
     // }}}
     // {{{ constructor
 
@@ -126,6 +129,11 @@ abstract class Validate
      */
     public function handle_formu()
     {
+        if ($this->requireAdmin && !S::admin()) {
+            $this->trigError('Vous n\'avez pas les permissions nécessaires pour valider cette demande.');
+            return false;
+        }
+
         if (Env::has('delete')) {
             $this->clean();
             $this->trigSuccess('Requête supprimée.');
@@ -598,7 +606,8 @@ abstract class ProfileValidate extends Validate
     {
         $res = XDB::iterRow('SELECT  data
                                FROM  requests
-                              WHERE  pid = {?} and type = {?}',
+                              WHERE  pid = {?} and type = {?}
+                           ORDER BY  stamp',
                             $pid, $type);
         $array = array();
         while (list($data) = $res->next()) {