X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fsurvey.php;h=6fadc20e2044de10d98b39f54d79975d534ee5df;hb=9b947ed0b79a856d8702a054f374da0c897c5226;hp=f493b4ecd15300fcdf8be683cc7e6c6c1037e8d3;hpb=dbbfabe9138005367547465c13e50b98f121bc36;p=platal.git diff --git a/modules/survey.php b/modules/survey.php index f493b4e..6fadc20 100644 --- a/modules/survey.php +++ b/modules/survey.php @@ -1,6 +1,6 @@ $this->make_hook('index', AUTH_PUBLIC), - 'survey/vote' => $this->make_hook('vote', AUTH_PUBLIC), - 'survey/result' => $this->make_hook('result', AUTH_PUBLIC), - 'survey/edit' => $this->make_hook('edit', AUTH_COOKIE), - 'survey/ajax' => $this->make_hook('ajax', AUTH_COOKIE), - 'survey/admin' => $this->make_hook('admin', AUTH_MDP, 'admin'), - 'survey/admin/edit' => $this->make_hook('adminEdit', AUTH_MDP, 'admin'), + 'survey' => $this->make_hook('index', AUTH_PUBLIC), + 'survey/vote' => $this->make_hook('vote', AUTH_PUBLIC), + 'survey/result' => $this->make_hook('result', AUTH_PUBLIC), + 'survey/edit' => $this->make_hook('edit', AUTH_COOKIE), + 'survey/ajax' => $this->make_hook('ajax', AUTH_COOKIE), + 'survey/admin' => $this->make_hook('admin', AUTH_MDP, 'admin'), + 'survey/admin/edit' => $this->make_hook('adminEdit', AUTH_MDP, 'admin'), 'survey/admin/valid' => $this->make_hook('adminValidate', AUTH_MDP, 'admin'), - 'survey/admin/del' => $this->make_hook('adminDelete', AUTH_MDP, 'admin'), + 'survey/admin/del' => $this->make_hook('adminDelete', AUTH_MDP, 'admin'), ); } // }}} @@ -67,7 +67,7 @@ class SurveyModule extends PLModule return $this->show_error($page, "Le sondage ".$survey->getTitle()." est terminé.", 'survey'); } if (!$this->check_surveyPerms($page, $survey)) { - return; + return PL_DO_AUTH; } if (Post::has('survey_submit')) { // checks if the survey has already been filled in $uid = 0; @@ -106,10 +106,10 @@ class SurveyModule extends PLModule return $this->show_error($page, "Le sondage ".$survey->getTitle()." n'est pas encore terminé.", 'survey'); } if (!$this->check_surveyPerms($page, $survey)) { - return; + return PL_DO_AUTH; } if ($show == 'csv') { - header('Content-Type: text/csv; charset="UTF-8"'); + pl_content_headers("text/csv"); echo $survey->toCSV(); exit; } else { @@ -364,7 +364,7 @@ class SurveyModule extends PLModule function handler_ajax(&$page, $type) { $this->load('survey.inc.php'); - header('Content-Type: text/html; charset="UTF-8"'); + pl_content_headers("text/html"); if (Survey::isType($type)) { // when type has been chosen, the form is updated to fit exactly the type of question chosen $page->changeTpl('survey/edit_new.tpl', NO_SKIN); $page->assign('survey_types', Survey::getTypes()); @@ -400,15 +400,24 @@ class SurveyModule extends PLModule { $this->load('survey.inc.php'); if (!$survey->isMode(Survey::MODE_ALL)) { // if the survey is reserved to alumni - global $globals; - if (!call_user_func(array($globals->session, 'doAuth'))) { // checks authentification - global $platal; - $platal->force_login($page); + if (!S::logged()) { + return false; } - if (!$survey->checkPromo(S::v('promo'))) { // checks promotion - $this->show_error($page, "Tu n'as pas accès à ce sondage car il est réservé à d'autres promotions.", 'survey'); + $profile = S::user()->profile(); + if (!$profile) { return false; } + // checks promotion + $allowed = false; + foreach ($profile->yearspromo() as $p) { + if ($survey->checkPromo($p)) { + $allowed = true; + break; + } + } + if (!$allowed) { + $page->kill("Tu n'as pas accès à ce sondage car il est réservé à d'autres promotions."); + } } return true; } @@ -462,6 +471,7 @@ class SurveyModule extends PLModule if (!is_null($errArray)) { $page->assign('survey_errors', $errArray); } + } // }}}