From 3af21f99b63b468a5327c36d7ed3a13303c7a06f Mon Sep 17 00:00:00 2001
From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Mon, 5 Jan 2009 23:47:36 +0100
Subject: [PATCH] Prototype of the future path to profile edition page.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---
 classes/user.php    | 12 ++++++++++++
 core                |  2 +-
 modules/profile.php | 20 ++++++++++++++++++--
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/classes/user.php b/classes/user.php
index 2e23ff0..7461573 100644
--- a/classes/user.php
+++ b/classes/user.php
@@ -245,6 +245,18 @@ class User extends PlUser
         return !is_null($this->profile());
     }
 
+    /** Check if the user can edit to given profile.
+     */
+    public function canEdit(Profile $profile)
+    {
+        // XXX: Check permissions (e.g. secretary permission)
+        //      and flags from the profile
+        return XDB::fetchOneCell('SELECT  pid
+                                    FROM  account_profiles
+                                   WHERE  uid = {?} AND pid = {?}',
+                                 $this->id(), $profile->id());
+    }
+
     /** Get the email alias of the user.
      */
     public function emailAlias()
diff --git a/core b/core
index fed2b6d..179658e 160000
--- a/core
+++ b/core
@@ -1 +1 @@
-Subproject commit fed2b6d36f59c4542bd8d6fc0a137342c785d06b
+Subproject commit 179658ec4de09ec088235d91977013f64eed49db
diff --git a/modules/profile.php b/modules/profile.php
index 562ebc4..7c27046 100644
--- a/modules/profile.php
+++ b/modules/profile.php
@@ -331,10 +331,26 @@ class ProfileModule extends PLModule
         http_redirect("http://www.polytechniciens.com/?page=AX_FICHE_ANCIEN&anc_id=$mat");
     }
 
-    function handler_p_edit(&$page, $opened_tab = null, $mode = null)
+    function handler_p_edit(&$page, $user = null, $opened_tab = null, $mode = null)
     {
         global $globals;
 
+        if (is_null($user)) {
+            $user = S::user();
+            if (!$user->hasProfile()) {
+                return PL_NOT_FOUND;
+            } else {
+                pl_redirect('profile/edit/' . $user->profile()->hrid());
+            }
+        } else {
+            $user = Profile::get($user);
+            if (!$user) {
+                return PL_NOT_FOUND;
+            } else if (!S::user()->canEdit($user) && Platal::notAllowed()) {
+                return PL_FORBIDDEN;
+            }
+        }
+
         // AX Synchronization
         require_once 'synchro_ax.inc.php';
         if (is_ax_key_missing()) {
@@ -360,7 +376,7 @@ class ProfileModule extends PLModule
         $wiz->addPage('ProfileJobs', 'Informations professionnelles', 'emploi');
         $wiz->addPage('ProfileSkills', 'CompÃ©tences diverses', 'skill');
         $wiz->addPage('ProfileMentor', 'Mentoring', 'mentor');
-        $wiz->apply($page, 'profile/edit', $opened_tab, $mode);
+        $wiz->apply($page, 'profile/edit/' . $user->hrid(), $opened_tab, $mode);
 
          // Misc checks
         $res = XDB::query("SELECT  user_id
-- 
2.1.4