X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fsurvey.php;h=26af2d4ed9a4d3c7445d8e116d15f642e150efb7;hb=cfceef1ef8148bef4f7d1319ceabe43096110332;hp=ff3bb05ed21f64007b1e00432ac31829a1aa05e8;hpb=ebd515f95f03f8a87f9b846d65e179b39a535222;p=platal.git diff --git a/modules/survey.php b/modules/survey.php index ff3bb05..26af2d4 100644 --- a/modules/survey.php +++ b/modules/survey.php @@ -1,6 +1,6 @@ $this->make_hook('index', AUTH_PUBLIC), - 'survey/vote' => $this->make_hook('vote', AUTH_PUBLIC), - 'survey/result' => $this->make_hook('result', AUTH_PUBLIC), - 'survey/edit' => $this->make_hook('edit', AUTH_COOKIE), - 'survey/ajax' => $this->make_hook('ajax', AUTH_COOKIE), - 'survey/admin' => $this->make_hook('admin', AUTH_MDP, 'admin'), - 'survey/admin/edit' => $this->make_hook('adminEdit', AUTH_MDP, 'admin'), - 'survey/admin/valid' => $this->make_hook('adminValidate', AUTH_MDP, 'admin'), - 'survey/admin/del' => $this->make_hook('adminDelete', AUTH_MDP, 'admin'), + 'survey' => $this->make_hook('index', AUTH_PUBLIC), + 'survey/vote' => $this->make_hook('vote', AUTH_PUBLIC), + 'survey/result' => $this->make_hook('result', AUTH_PUBLIC), + 'survey/edit' => $this->make_hook('edit', AUTH_COOKIE, 'user'), + 'survey/ajax' => $this->make_hook('ajax', AUTH_COOKIE, 'user'), + 'survey/admin' => $this->make_hook('admin', AUTH_PASSWD, 'admin'), + 'survey/admin/edit' => $this->make_hook('adminEdit', AUTH_PASSWD, 'admin'), + 'survey/admin/valid' => $this->make_hook('adminValidate', AUTH_PASSWD, 'admin'), + 'survey/admin/del' => $this->make_hook('adminDelete', AUTH_PASSWD, 'admin'), ); } // }}} // {{{ function handler_index() : lists all available surveys - function handler_index(&$page, $action = null) + function handler_index($page, $action = null) { - require_once dirname(__FILE__).'/survey/survey.inc.php'; + $this->load('survey.inc.php'); $page->changeTpl('survey/index.tpl'); $page->assign('survey_current', Survey::retrieveList('c')); $page->assign('survey_old', Survey::retrieveList('o')); @@ -50,16 +50,16 @@ class SurveyModule extends PLModule // }}} // {{{ function handler_vote() : handles the vote to a survey - function handler_vote(&$page, $id = -1) + function handler_vote($page, $id = -1) { if (Post::has('survey_cancel')) { // if the user cancels, returns to index - return $this->handler_index(&$page); + return $this->handler_index($page); } $id = intval($id); if ($id == -1) { return $this->show_error($page, "Un identifiant de sondage doit être précisé.", 'survey'); } - require_once dirname(__FILE__).'/survey/survey.inc.php'; + $this->load('survey.inc.php'); $survey = Survey::retrieveSurvey($id); // retrieves the survey object structure if ($survey == null || !$survey->isValid()) { return $this->show_error($page, "Sondage ".$id." introuvable.", 'survey'); @@ -67,9 +67,13 @@ class SurveyModule extends PLModule return $this->show_error($page, "Le sondage ".$survey->getTitle()." est terminé.", 'survey'); } if (!$this->check_surveyPerms($page, $survey)) { - return; + return PL_DO_AUTH; } if (Post::has('survey_submit')) { // checks if the survey has already been filled in + // admins can see the survey but not vote + if (!$this->check_surveyPerms($page, $survey, false, false)) { + return PL_DO_AUTH; + } $uid = 0; if (!$survey->isMode(Survey::MODE_ALL)) { // if survey is restriced to alumni $uid = S::v('uid'); @@ -98,18 +102,19 @@ class SurveyModule extends PLModule if ($id == -1) { return $this->show_error($page, "Un identifiant de sondage doit être précisé.", 'survey'); } - require_once dirname(__FILE__).'/survey/survey.inc.php'; + $this->load('survey.inc.php'); $survey = Survey::retrieveSurvey($id); // retrieves the survey object structure if ($survey == null || !$survey->isValid()) { return $this->show_error($page, "Sondage ".$id." introuvable.", 'survey'); - } elseif (!$survey->isEnded()) { + } elseif (!$survey->isEnded() && !$survey->canSeeEarlyResults(S::user())) { return $this->show_error($page, "Le sondage ".$survey->getTitle()." n'est pas encore terminé.", 'survey'); } - if (!$this->check_surveyPerms($page, $survey)) { - return; + if (!$survey->canSeeEarlyResults(S::user()) && !$this->check_surveyPerms($page, $survey)) { + return PL_DO_AUTH; } if ($show == 'csv') { - header('Content-Type: text/csv; charset="UTF-8"'); + pl_content_headers("text/csv"); + header('Content-Disposition: attachment; filename="'.addslashes($survey->getTitle()).'.csv"'); echo $survey->toCSV(); exit; } else { @@ -120,9 +125,9 @@ class SurveyModule extends PLModule // }}} // {{{ function handler_admin() : index of admin mode - function handler_admin(&$page, $id = -1) + function handler_admin($page, $id = -1) { - require_once dirname(__FILE__).'/survey/survey.inc.php'; + $this->load('survey.inc.php'); $this->clear_session(); if ($id == -1) { $page->changeTpl('survey/admin.tpl'); @@ -143,12 +148,12 @@ class SurveyModule extends PLModule // }}} // {{{ function handler_adminEdit() : edits a survey in admin mode - function handler_adminEdit(&$page, $id = -1, $req = -1) + function handler_adminEdit($page, $id = -1, $req = -1) { if ($id == -1 || ($id == 'req' && $req == -1)) { return $this->show_error($page, "Un identifiant de sondage doit être précisé.", 'survey/admin'); } - require_once dirname(__FILE__).'/survey/survey.inc.php'; + $this->load('survey.inc.php'); $this->clear_session(); // cleans session (in case there would have been a problem before) if ($id == 'req') { $survey = Survey::retrieveSurveyReq($req); @@ -169,18 +174,18 @@ class SurveyModule extends PLModule // }}} // {{{ function handler_adminValidate() : validates a survey (admin mode) - function handler_adminValidate(&$page, $id = -1) + function handler_adminValidate($page, $id = -1) { $id = Post::i('survey_id', $id); if (Post::has('survey_cancel')) { // if the admin cancels the validation, returns to the admin index $this->clear_session(); - return $this->handler_admin(&$page, $id); + return $this->handler_admin($page, $id); } if ($id == -1) { return $this->show_error($page, "Un identifiant de sondage doit être précisé.", 'survey/admin'); } $id = intval($id); - require_once dirname(__FILE__).'/survey/survey.inc.php'; + $this->load('survey.inc.php'); $surveyInfo = Survey::retrieveSurveyInfo($id); // retrieves information about the survey (does not retrieve and unserialize the object structure) if ($surveyInfo == null) { return $this->show_error($page, "Sondage ".$id." introuvable.", 'survey/admin'); @@ -199,17 +204,17 @@ class SurveyModule extends PLModule // }}} // {{{ function handler_adminDelete() : deletes a survey (admin mode) - function handler_adminDelete(&$page, $id = -1) + function handler_adminDelete($page, $id = -1) { $id = Post::i('survey_id', $id); if (Post::has('survey_cancel')) { // if the admin cancels the suppression, returns to the admin index - return $this->handler_admin(&$page, $id); + return $this->handler_admin($page, $id); } if ($id == -1) { return $this->show_error($page, "Un identifiant de sondage doit être précisé.", 'survey/admin'); } $id = intval($id); - require_once dirname(__FILE__).'/survey/survey.inc.php'; + $this->load('survey.inc.php'); $surveyInfo = Survey::retrieveSurveyInfo($id); // retrieves information about the survey (does not retrieve and unserialize the object structure) if ($surveyInfo == null) { return $this->show_error($page, "Sondage ".$id." introuvable.", 'survey/admin'); @@ -227,9 +232,9 @@ class SurveyModule extends PLModule // }}} // {{{ function handler_edit() : edits a survey (in normal mode unless called by handler_adminEdit() ) - function handler_edit(&$page, $action = 'show', $qid = 'root') + function handler_edit($page, $action = 'show', $qid = 'root') { - require_once dirname(__FILE__).'/survey/survey.inc.php'; + $this->load('survey.inc.php'); $action = Post::v('survey_action', $action); $qid = Post::v('survey_qid', $qid); if (Post::has('survey_cancel')) { // after cancelling changes, shows the survey @@ -352,7 +357,7 @@ class SurveyModule extends PLModule return $this->handler_index($page); // else shows the 'normal' index } } else { // asks for a confirmation if it has not been sent - $this->show_confirm(&$page, "Êtes-vous certain de vouloir annuler totalement l'édition de ce sondage ? Attention, " + $this->show_confirm($page, "Êtes-vous certain de vouloir annuler totalement l'édition de ce sondage ? Attention, " ."toutes les données éditées jusque là seront définitivement perdues.", 'edit', array('action' => $action)); } @@ -361,10 +366,10 @@ class SurveyModule extends PLModule // }}} // {{{ function handler_ajax() : some ajax in editing a new question (for now, there may be a little more later) - function handler_ajax(&$page, $type) + function handler_ajax($page, $type) { - require_once dirname(__FILE__).'/survey/survey.inc.php'; - header('Content-Type: text/html; charset="UTF-8"'); + $this->load('survey.inc.php'); + pl_content_headers("text/html"); if (Survey::isType($type)) { // when type has been chosen, the form is updated to fit exactly the type of question chosen $page->changeTpl('survey/edit_new.tpl', NO_SKIN); $page->assign('survey_types', Survey::getTypes()); @@ -396,26 +401,45 @@ class SurveyModule extends PLModule // }}} // {{{ function check_surveyPerms() : checks the particular surveys access permissions - function check_surveyPerms(&$page, $survey) + function check_surveyPerms($page, $survey, $silent = false, $admin_allowed = true) { - require_once dirname(__FILE__).'/survey/survey.inc.php'; - if (!$survey->isMode(Survey::MODE_ALL)) { // if the survey is reserved to alumni - global $globals; - if (!call_user_func(array($globals->session, 'doAuth'))) { // checks authentification - global $platal; - $platal->force_login($page); + $this->load('survey.inc.php'); + if ($survey->isMode(Survey::MODE_ALL)) { // if the survey is not reserved to alumni + return true; + } + if (!S::logged()) { + return false; + } + $profile = S::user()->profile(); + if (!$profile) { + return false; + } + // checks promotion + $allowed = false; + foreach ($profile->yearspromo() as $p) { + if ($survey->checkPromo($p)) { + $allowed = true; + break; } - if (!$survey->checkPromo(S::v('promo'))) { // checks promotion - $this->show_error($page, "Tu n'as pas accès à ce sondage car il est réservé à d'autres promotions.", 'survey'); - return false; + } + if ($allowed) { + return true; + } + if (S::admin() && $admin_allowed) { + if (!$silent) { + $page->trigWarning('Tu as accès à ce sondage car tu es administrateur du site.'); } + return true; } - return true; + if (!$silent) { + $page->kill("Tu n'as pas accès à ce sondage car il est réservé à d'autres promotions."); + } + return false; } // }}} // {{{ function show_survey() : calls the template to display a survey, for editing, voting, or consulting the results - function show_survey(&$page, $survey) + function show_survey($page, $survey) { $page->changeTpl('survey/show_root.tpl'); $page->assign('survey', $survey->toArray()); @@ -424,7 +448,7 @@ class SurveyModule extends PLModule // }}} // {{{ function show_form() : calls the template to display the editing form - function show_form(&$page, $action, $qid, $type = 'new', $current = null) + function show_form($page, $action, $qid, $type = 'new', $current = null) { $page->changeTpl('survey/edit_survey.tpl'); $page->assign('survey_action', $action); @@ -444,7 +468,7 @@ class SurveyModule extends PLModule // }}} // {{{ function show_confirm() : calls the template to display a confirm form - function show_confirm(&$page, $message, $formaction, $formhidden = null) + function show_confirm($page, $message, $formaction, $formhidden = null) { $page->changeTpl('survey/confirm.tpl'); $page->assign('survey_message', $message); @@ -454,7 +478,7 @@ class SurveyModule extends PLModule // }}} // {{{ function show_error() : calls the template to display an error message - function show_error(&$page, $message, $link = "", $errArray = null) + function show_error($page, $message, $link = "", $errArray = null) { $page->changeTpl('survey/error.tpl'); $page->assign('survey_message', $message); @@ -462,11 +486,12 @@ class SurveyModule extends PLModule if (!is_null($errArray)) { $page->assign('survey_errors', $errArray); } + } // }}} // {{{ function show_success() : calls the template to display a success message - function show_success(&$page, $message = "", $link = "") + function show_success($page, $message = "", $link = "") { $page->changeTpl('survey/success.tpl'); $page->assign('survey_message', $message);