X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fsurvey.php;h=1057622ec09c6afe4cbdb4da691cde6815db8c6d;hb=7a12b2ca5eae8fbbdf0b32e43a2d8c2c6bd705ab;hp=3ce85412c0b70a3310b961e150b6fe2c5d24ce80;hpb=eb5a266d6a3e98800b2542b1fe4786cb73788797;p=platal.git

diff --git a/modules/survey.php b/modules/survey.php
index 3ce8541..1057622 100644
--- a/modules/survey.php
+++ b/modules/survey.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2009 Polytechnique.org                              *
+ *  Copyright (C) 2003-2010 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -70,6 +70,10 @@ class SurveyModule extends PLModule
             return PL_DO_AUTH;
         }
         if (Post::has('survey_submit')) { // checks if the survey has already been filled in
+            // admins can see the survey but not vote
+            if (!$this->check_surveyPerms($page, $survey, false, false)) {
+                return PL_DO_AUTH;
+            }
             $uid = 0;
             if (!$survey->isMode(Survey::MODE_ALL)) { // if survey is restriced to alumni
                 $uid = S::v('uid');
@@ -109,7 +113,8 @@ class SurveyModule extends PLModule
             return PL_DO_AUTH;
         }
         if ($show == 'csv') {
-            header('Content-Type: text/csv; charset="UTF-8"');
+            pl_content_headers("text/csv");
+            header('Content-Disposition: attachment; filename="'.addslashes($survey->getTitle()).'.csv"');
             echo $survey->toCSV();
             exit;
         } else {
@@ -364,7 +369,7 @@ class SurveyModule extends PLModule
     function handler_ajax(&$page, $type)
     {
         $this->load('survey.inc.php');
-        header('Content-Type: text/html; charset="UTF-8"');
+        pl_content_headers("text/html");
         if (Survey::isType($type)) { // when type has been chosen, the form is updated to fit exactly the type of question chosen
             $page->changeTpl('survey/edit_new.tpl', NO_SKIN);
             $page->assign('survey_types', Survey::getTypes());
@@ -396,18 +401,40 @@ class SurveyModule extends PLModule
     // }}}
 
     // {{{ function check_surveyPerms() : checks the particular surveys access permissions
-    function check_surveyPerms(&$page, $survey)
+    function check_surveyPerms(&$page, $survey, $silent = false, $admin_allowed = true)
     {
         $this->load('survey.inc.php');
-        if (!$survey->isMode(Survey::MODE_ALL)) { // if the survey is reserved to alumni
-            if (!S::logged()) {
-                return false;
+        if ($survey->isMode(Survey::MODE_ALL)) { // if the survey is not reserved to alumni
+            return true;
+        }
+        if (!S::logged()) {
+            return false;
+        }
+        $profile = S::user()->profile();
+        if (!$profile) {
+            return false;
+        }
+        // checks promotion
+        $allowed = false;
+        foreach ($profile->yearspromo() as $p) {
+            if ($survey->checkPromo($p)) {
+                $allowed = true;
+                break;
             }
-            if (!$survey->checkPromo(S::v('promo'))) { // checks promotion
-                $page->kill("Tu n'as pas accès à ce sondage car il est réservé à d'autres promotions.");
+        }
+        if ($allowed) {
+            return true;
+        }
+        if (S::admin() && $admin_allowed) {
+            if (!$silent) {
+                $page->trigWarning('Tu as accès à ce sondage car tu es administrateur du site.');
             }
+            return true;
+        }
+        if (!$silent) {
+            $page->kill("Tu n'as pas accès à ce sondage car il est réservé à d'autres promotions.");
         }
-        return true;
+        return false;
     }
     // }}}