X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fsurvey.php;h=8ce9d73669c50ad54d1b47188a8bcadd6e945973;hb=dd36cc0d7c791ef442c43eb90e4c52c748947dc3;hp=199d96d946844f1996eb739abc4ee7d9fda937a4;hpb=3cb500d5b2d9815049f82bc4bd35eb377fbd16d1;p=platal.git

diff --git a/modules/survey.php b/modules/survey.php
index 199d96d..8ce9d73 100644
--- a/modules/survey.php
+++ b/modules/survey.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2009 Polytechnique.org                              *
+ *  Copyright (C) 2003-2010 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -70,6 +70,10 @@ class SurveyModule extends PLModule
             return PL_DO_AUTH;
         }
         if (Post::has('survey_submit')) { // checks if the survey has already been filled in
+            // admins can see the survey but not vote
+            if (!$this->check_surveyPerms($page, $survey, false, false)) {
+                return PL_DO_AUTH;
+            }
             $uid = 0;
             if (!$survey->isMode(Survey::MODE_ALL)) { // if survey is restriced to alumni
                 $uid = S::v('uid');
@@ -102,7 +106,7 @@ class SurveyModule extends PLModule
         $survey = Survey::retrieveSurvey($id); // retrieves the survey object structure
         if ($survey == null || !$survey->isValid()) {
             return $this->show_error($page, "Sondage ".$id." introuvable.", 'survey');
-        } elseif (!$survey->isEnded()) {
+        } elseif (!$survey->isEnded() && !$survey->canSeeEarlyResults(S::user())) {
             return $this->show_error($page, "Le sondage ".$survey->getTitle()." n'est pas encore terminé.", 'survey');
         }
         if (!$this->check_surveyPerms($page, $survey)) {
@@ -110,6 +114,7 @@ class SurveyModule extends PLModule
         }
         if ($show == 'csv') {
             pl_content_headers("text/csv");
+            header('Content-Disposition: attachment; filename="'.addslashes($survey->getTitle()).'.csv"');
             echo $survey->toCSV();
             exit;
         } else {
@@ -396,18 +401,40 @@ class SurveyModule extends PLModule
     // }}}
 
     // {{{ function check_surveyPerms() : checks the particular surveys access permissions
-    function check_surveyPerms(&$page, $survey)
+    function check_surveyPerms(&$page, $survey, $silent = false, $admin_allowed = true)
     {
         $this->load('survey.inc.php');
-        if (!$survey->isMode(Survey::MODE_ALL)) { // if the survey is reserved to alumni
-            if (!S::logged()) {
-                return false;
+        if ($survey->isMode(Survey::MODE_ALL)) { // if the survey is not reserved to alumni
+            return true;
+        }
+        if (!S::logged()) {
+            return false;
+        }
+        $profile = S::user()->profile();
+        if (!$profile) {
+            return false;
+        }
+        // checks promotion
+        $allowed = false;
+        foreach ($profile->yearspromo() as $p) {
+            if ($survey->checkPromo($p)) {
+                $allowed = true;
+                break;
             }
-            if (!$survey->checkPromo(S::v('promo'))) { // checks promotion
-                $page->kill("Tu n'as pas accès à ce sondage car il est réservé à d'autres promotions.");
+        }
+        if ($allowed) {
+            return true;
+        }
+        if (S::admin() && $admin_allowed) {
+            if (!$silent) {
+                $page->trigWarning('Tu as accès à ce sondage car tu es administrateur du site.');
             }
+            return true;
+        }
+        if (!$silent) {
+            $page->kill("Tu n'as pas accès à ce sondage car il est réservé à d'autres promotions.");
         }
-        return true;
+        return false;
     }
     // }}}