X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fsurvey.php;h=1057622ec09c6afe4cbdb4da691cde6815db8c6d;hb=cecdf74795e71ed038411915dad5e0dff6ea51fa;hp=b28aea73a066fd68030a1035a530d6c9ed81cf75;hpb=ecf2b474289f94932ff60ab18674610979d0e0db;p=platal.git diff --git a/modules/survey.php b/modules/survey.php index b28aea7..1057622 100644 --- a/modules/survey.php +++ b/modules/survey.php @@ -1,6 +1,6 @@ $this->make_hook('index', AUTH_PUBLIC), - 'survey/vote' => $this->make_hook('vote', AUTH_PUBLIC), - 'survey/result' => $this->make_hook('result', AUTH_PUBLIC), - 'survey/edit' => $this->make_hook('edit', AUTH_COOKIE), - 'survey/ajax' => $this->make_hook('ajax', AUTH_COOKIE), - 'survey/admin' => $this->make_hook('admin', AUTH_MDP, 'admin'), - 'survey/admin/edit' => $this->make_hook('adminEdit', AUTH_MDP, 'admin'), + 'survey' => $this->make_hook('index', AUTH_PUBLIC), + 'survey/vote' => $this->make_hook('vote', AUTH_PUBLIC), + 'survey/result' => $this->make_hook('result', AUTH_PUBLIC), + 'survey/edit' => $this->make_hook('edit', AUTH_COOKIE), + 'survey/ajax' => $this->make_hook('ajax', AUTH_COOKIE), + 'survey/admin' => $this->make_hook('admin', AUTH_MDP, 'admin'), + 'survey/admin/edit' => $this->make_hook('adminEdit', AUTH_MDP, 'admin'), 'survey/admin/valid' => $this->make_hook('adminValidate', AUTH_MDP, 'admin'), - 'survey/admin/del' => $this->make_hook('adminDelete', AUTH_MDP, 'admin'), + 'survey/admin/del' => $this->make_hook('adminDelete', AUTH_MDP, 'admin'), ); } // }}} @@ -70,6 +70,10 @@ class SurveyModule extends PLModule return PL_DO_AUTH; } if (Post::has('survey_submit')) { // checks if the survey has already been filled in + // admins can see the survey but not vote + if (!$this->check_surveyPerms($page, $survey, false, false)) { + return PL_DO_AUTH; + } $uid = 0; if (!$survey->isMode(Survey::MODE_ALL)) { // if survey is restriced to alumni $uid = S::v('uid'); @@ -109,7 +113,8 @@ class SurveyModule extends PLModule return PL_DO_AUTH; } if ($show == 'csv') { - header('Content-Type: text/csv; charset="UTF-8"'); + pl_content_headers("text/csv"); + header('Content-Disposition: attachment; filename="'.addslashes($survey->getTitle()).'.csv"'); echo $survey->toCSV(); exit; } else { @@ -364,7 +369,7 @@ class SurveyModule extends PLModule function handler_ajax(&$page, $type) { $this->load('survey.inc.php'); - header('Content-Type: text/html; charset="UTF-8"'); + pl_content_headers("text/html"); if (Survey::isType($type)) { // when type has been chosen, the form is updated to fit exactly the type of question chosen $page->changeTpl('survey/edit_new.tpl', NO_SKIN); $page->assign('survey_types', Survey::getTypes()); @@ -396,18 +401,40 @@ class SurveyModule extends PLModule // }}} // {{{ function check_surveyPerms() : checks the particular surveys access permissions - function check_surveyPerms(&$page, $survey) + function check_surveyPerms(&$page, $survey, $silent = false, $admin_allowed = true) { $this->load('survey.inc.php'); - if (!$survey->isMode(Survey::MODE_ALL)) { // if the survey is reserved to alumni - if (!S::logged()) { - return false; + if ($survey->isMode(Survey::MODE_ALL)) { // if the survey is not reserved to alumni + return true; + } + if (!S::logged()) { + return false; + } + $profile = S::user()->profile(); + if (!$profile) { + return false; + } + // checks promotion + $allowed = false; + foreach ($profile->yearspromo() as $p) { + if ($survey->checkPromo($p)) { + $allowed = true; + break; } - if (!$survey->checkPromo(S::v('promo'))) { // checks promotion - $page->kill("Tu n'as pas accès à ce sondage car il est réservé à d'autres promotions."); + } + if ($allowed) { + return true; + } + if (S::admin() && $admin_allowed) { + if (!$silent) { + $page->trigWarning('Tu as accès à ce sondage car tu es administrateur du site.'); } + return true; + } + if (!$silent) { + $page->kill("Tu n'as pas accès à ce sondage car il est réservé à d'autres promotions."); } - return true; + return false; } // }}}