X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=include%2Fvalidations.inc.php;h=7c87d4c2a0a6cb1280a211caea295bcbca3af849;hb=3d57237e2ce44f487ebef727aa957c63643f5c1c;hp=3698105d329ac9d9b1871219af980139bac7aa6c;hpb=34c0246248ed6e3c6a372c89b359ce038bb95bc8;p=platal.git

diff --git a/include/validations.inc.php b/include/validations.inc.php
index 3698105..7c87d4c 100644
--- a/include/validations.inc.php
+++ b/include/validations.inc.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2010 Polytechnique.org                              *
+ *  Copyright (C) 2003-2011 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -42,6 +42,9 @@ abstract class Validate
     // Validations rules: comments for administrators.
     public $rules = 'Mieux vaut laisser une demande de validation Ã  un autre administrateur que de valider une requÃªte illÃ©gale ou que de refuser une demande lÃ©gitime.';
 
+    // Unless differently stated, a validation must be done by a site administrator.
+    public $requireAdmin = true;
+
     // }}}
     // {{{ constructor
 
@@ -50,7 +53,7 @@ abstract class Validate
      * @param $_unique: set to false if a profile can have multiple requests of this type.
      * @param $_type: request's type.
      */
-    public function __construct(User &$_user, $_unique, $_type)
+    public function __construct(User $_user, $_unique, $_type)
     {
         $this->user   = &$_user;
         $this->stamp  = date('YmdHis');
@@ -126,6 +129,11 @@ abstract class Validate
      */
     public function handle_formu()
     {
+        if ($this->requireAdmin && !S::admin()) {
+            $this->trigError('Vous n\'avez pas les permissions nÃ©cessaires pour valider cette demande.');
+            return false;
+        }
+
         if (Env::has('delete')) {
             $this->clean();
             $this->trigSuccess('RequÃªte supprimÃ©e.');
@@ -455,7 +463,7 @@ abstract class ProfileValidate extends Validate
      * @param $_unique: set to false if a profile can have multiple requests of this type.
      * @param $_type: request's type.
      */
-    public function __construct(User &$_user, Profile &$_profile, $_unique, $_type)
+    public function __construct(User $_user, Profile $_profile, $_unique, $_type)
     {
         parent::__construct($_user, $_unique, $_type);
         $this->profile = &$_profile;