X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fprofile%2Fdecos.inc.php;h=1749972729b0ef3bf69b9c96aaa67b08f6893568;hb=c0d4dad8b8e2112e8e7bcf3353ee6a39beef08c5;hp=dcdffe5407b244026a6ab4d45c94ffb0f2cd7a29;hpb=673e56aa757fce4ea57c27ab2c0d5ce87d713e51;p=platal.git

diff --git a/modules/profile/decos.inc.php b/modules/profile/decos.inc.php
index dcdffe5..1749972 100644
--- a/modules/profile/decos.inc.php
+++ b/modules/profile/decos.inc.php
@@ -35,7 +35,8 @@ class ProfileSettingDeco implements ProfileSetting
     public function value(ProfilePage $page, $field, $value, &$success)
     {
         $success = true;
-        if (is_null($value)) {
+        if (is_null($value) || !S::user()->isMyProfile($profile) &&
+            $page->values['medals_pub'] == 'private' && !S::user()->checkPerms(User::PERM_DIRECTORY_PRIVATE)) {
             // Fetch already attributed medals
             $value = XDB::fetchAllAssoc("SELECT  m.mid AS id, m.gid AS grade, 1 AS valid, FIND_IN_SET('has_levels', e.flags) AS has_levels, m.level
                                            FROM  profile_medals     AS m
@@ -69,6 +70,11 @@ class ProfileSettingDeco implements ProfileSetting
         $total_original = count($original);
         $total_value = count($value);
 
+        if ($total_original && !S::user()->isMyProfile($profile) &&
+            $page->values['medals_pub'] == 'private' && !S::user()->checkPerms(User::PERM_DIRECTORY_PRIVATE)) {
+            return;
+        }
+
         while ($i < $total_original || $j < $total_value) {
             if (isset($value[$j]) && (!isset($original[$i]) || self::compareMedals($original[$i], $value[$j]))) {
                 $req = new MedalReq(S::user(), $page->profile, $value[$j]['id'], $value[$j]['grade'], $value[$j]['level'], $value[$j]['has_levels']);
@@ -111,8 +117,8 @@ class ProfilePageDecos extends ProfilePage
     public function __construct(PlWizard $wiz)
     {
         parent::__construct($wiz);
-        $this->settings['medals'] = new ProfileSettingDeco();
         $this->settings['medals_pub'] = new ProfileSettingPub();
+        $this->settings['medals'] = new ProfileSettingDeco();
         $this->watched['medals'] = true;
     }
 
@@ -127,7 +133,7 @@ class ProfilePageDecos extends ProfilePage
 
     protected function _saveData()
     {
-        if ($this->changed['medals_pub']) {
+        if ($this->changed['medals_pub'] && (S::user()->isMyProfile($profile) || S::user()->checkPerms(User::PERM_DIRECTORY_PRIVATE))) {
             XDB::execute("UPDATE  profiles
                              SET  medals_pub = {?}
                            WHERE  pid = {?}",