X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fsurvey.php;h=1057622ec09c6afe4cbdb4da691cde6815db8c6d;hb=9d2891168071e97f95b049ac1defae29eadbede7;hp=f74f222c6bfe535df308c221240e17a3d29d4024;hpb=1168306a9853ea80ab2c46b900120576e5204a0f;p=platal.git

diff --git a/modules/survey.php b/modules/survey.php
index f74f222..1057622 100644
--- a/modules/survey.php
+++ b/modules/survey.php
@@ -70,6 +70,10 @@ class SurveyModule extends PLModule
             return PL_DO_AUTH;
         }
         if (Post::has('survey_submit')) { // checks if the survey has already been filled in
+            // admins can see the survey but not vote
+            if (!$this->check_surveyPerms($page, $survey, false, false)) {
+                return PL_DO_AUTH;
+            }
             $uid = 0;
             if (!$survey->isMode(Survey::MODE_ALL)) { // if survey is restriced to alumni
                 $uid = S::v('uid');
@@ -110,6 +114,7 @@ class SurveyModule extends PLModule
         }
         if ($show == 'csv') {
             pl_content_headers("text/csv");
+            header('Content-Disposition: attachment; filename="'.addslashes($survey->getTitle()).'.csv"');
             echo $survey->toCSV();
             exit;
         } else {
@@ -396,31 +401,40 @@ class SurveyModule extends PLModule
     // }}}
 
     // {{{ function check_surveyPerms() : checks the particular surveys access permissions
-    function check_surveyPerms(&$page, $survey)
+    function check_surveyPerms(&$page, $survey, $silent = false, $admin_allowed = true)
     {
         $this->load('survey.inc.php');
-        if (!$survey->isMode(Survey::MODE_ALL)) { // if the survey is reserved to alumni
-            if (!S::logged()) {
-                return false;
-            }
-            $profile = S::user()->profile();
-            if (!$profile) {
-                return false;
-            }
-            // checks promotion
-            $allowed = false;
-            foreach ($profile->yearspromo() as $p) {
-                var_dump($p);
-                if ($survey->checkPromo($p)) {
-                    $allowed = true;
-                    break;
-                }
+        if ($survey->isMode(Survey::MODE_ALL)) { // if the survey is not reserved to alumni
+            return true;
+        }
+        if (!S::logged()) {
+            return false;
+        }
+        $profile = S::user()->profile();
+        if (!$profile) {
+            return false;
+        }
+        // checks promotion
+        $allowed = false;
+        foreach ($profile->yearspromo() as $p) {
+            if ($survey->checkPromo($p)) {
+                $allowed = true;
+                break;
             }
-            if (!$allowed) {
-                $page->kill("Tu n'as pas accès à ce sondage car il est réservé à d'autres promotions.");
+        }
+        if ($allowed) {
+            return true;
+        }
+        if (S::admin() && $admin_allowed) {
+            if (!$silent) {
+                $page->trigWarning('Tu as accès à ce sondage car tu es administrateur du site.');
             }
+            return true;
+        }
+        if (!$silent) {
+            $page->kill("Tu n'as pas accès à ce sondage car il est réservé à d'autres promotions.");
         }
-        return true;
+        return false;
     }
     // }}}