X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=include%2Fvalidations.inc.php;h=7c87d4c2a0a6cb1280a211caea295bcbca3af849;hb=3d57237e2ce44f487ebef727aa957c63643f5c1c;hp=d5678bd4567e8b2f2ff8bfd4a3d815baa7196b5b;hpb=1c4a1d0a32c52851e9ffbbf585bb206c9a472dc9;p=platal.git

diff --git a/include/validations.inc.php b/include/validations.inc.php
index d5678bd..7c87d4c 100644
--- a/include/validations.inc.php
+++ b/include/validations.inc.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2010 Polytechnique.org                              *
+ *  Copyright (C) 2003-2011 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -42,6 +42,9 @@ abstract class Validate
     // Validations rules: comments for administrators.
     public $rules = 'Mieux vaut laisser une demande de validation Ã  un autre administrateur que de valider une requÃªte illÃ©gale ou que de refuser une demande lÃ©gitime.';
 
+    // Unless differently stated, a validation must be done by a site administrator.
+    public $requireAdmin = true;
+
     // }}}
     // {{{ constructor
 
@@ -50,7 +53,7 @@ abstract class Validate
      * @param $_unique: set to false if a profile can have multiple requests of this type.
      * @param $_type: request's type.
      */
-    public function __construct(User &$_user, $_unique, $_type)
+    public function __construct(User $_user, $_unique, $_type)
     {
         $this->user   = &$_user;
         $this->stamp  = date('YmdHis');
@@ -126,6 +129,11 @@ abstract class Validate
      */
     public function handle_formu()
     {
+        if ($this->requireAdmin && !S::admin()) {
+            $this->trigError('Vous n\'avez pas les permissions nÃ©cessaires pour valider cette demande.');
+            return false;
+        }
+
         if (Env::has('delete')) {
             $this->clean();
             $this->trigSuccess('RequÃªte supprimÃ©e.');
@@ -455,7 +463,7 @@ abstract class ProfileValidate extends Validate
      * @param $_unique: set to false if a profile can have multiple requests of this type.
      * @param $_type: request's type.
      */
-    public function __construct(User &$_user, Profile &$_profile, $_unique, $_type)
+    public function __construct(User $_user, Profile $_profile, $_unique, $_type)
     {
         parent::__construct($_user, $_unique, $_type);
         $this->profile = &$_profile;
@@ -598,7 +606,8 @@ abstract class ProfileValidate extends Validate
     {
         $res = XDB::iterRow('SELECT  data
                                FROM  requests
-                              WHERE  pid = {?} and type = {?}',
+                              WHERE  pid = {?} and type = {?}
+                           ORDER BY  stamp',
                             $pid, $type);
         $array = array();
         while (list($data) = $res->next()) {