Merge branch 'feature/Disable_when_results_are_hidden' into 'release'

Disable when results are hidden

Fix #196

See merge request !154

app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php

@@ -72,7 +72,7 @@ CREATE TABLE IF NOT EXISTS `sondage` (
   `titre` text,
   `id_sondage_admin` char(24) DEFAULT NULL,
   `date_creation` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `date_fin` timestamp NOT NULL DEFAULT \'0000-00-00 00:00:00\',
+  `date_fin` timestamp NOT NULL,
   `format` varchar(2) DEFAULT NULL,
   `mailsonde` tinyint(1) DEFAULT \'0\',
   `statut` int(11) NOT NULL DEFAULT \'1\' COMMENT \'1 = actif ; 0 = inactif ; \',

app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php

@@ -90,7 +90,7 @@ CREATE TABLE IF NOT EXISTS `' . Utils::table('poll') . '` (
   `admin_name`      VARCHAR(64) DEFAULT NULL,
   `admin_mail`      VARCHAR(128) DEFAULT NULL,
   `creation_date`   TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `end_date`        TIMESTAMP NOT NULL DEFAULT \'0000-00-00 00:00:00\',
+  `end_date`        TIMESTAMP NOT NULL,
   `format`          VARCHAR(1) DEFAULT NULL,
   `editable`        TINYINT(1) DEFAULT \'0\',
   `receiveNewVotes` TINYINT(1) DEFAULT \'0\',

app/classes/Framadate/Repositories/PollRepository.php

@@ -16,7 +16,7 @@ class PollRepository extends AbstractRepository {
           (id, admin_id, title, description, admin_name, admin_mail, end_date, format, editable, receiveNewVotes, receiveNewComments, hidden, password_hash, results_publicly_visible)
           VALUES (?,?,?,?,?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?)';
         $prepared = $this->prepare($sql);
-        $prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable, $form->receiveNewVotes, $form->receiveNewComments, $form->hidden, $form->password_hash, $form->results_publicly_visible));
+        $prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable ? 1 : 0, $form->receiveNewVotes ? 1 : 0, $form->receiveNewComments ? 1 : 0, $form->hidden ? 1 : 0, $form->password_hash, $form->results_publicly_visible ? 1 : 0));
     }
 
     function findById($poll_id) {
@@ -58,7 +58,7 @@ class PollRepository extends AbstractRepository {
     function update($poll) {
         $prepared = $this->prepare('UPDATE `' . Utils::table('poll') . '` SET title=?, admin_name=?, admin_mail=?, description=?, end_date=?, active=?, editable=?, hidden=?, password_hash=?, results_publicly_visible=? WHERE id = ?');
 
-        return $prepared->execute([$poll->title, $poll->admin_name, $poll->admin_mail, $poll->description, $poll->end_date, $poll->active, $poll->editable, $poll->hidden, $poll->password_hash, $poll->results_publicly_visible, $poll->id]);
+        return $prepared->execute([$poll->title, $poll->admin_name, $poll->admin_mail, $poll->description, $poll->end_date, $poll->active, $poll->editable ? 1 : 0, $poll->hidden ? 1 : 0, $poll->password_hash, $poll->results_publicly_visible ? 1 : 0, $poll->id]);
     }
 
     function deleteById($poll_id) {

exportcsv.php

@@ -18,6 +18,7 @@
  */
 use Framadate\Services\LogService;
 use Framadate\Services\PollService;
+use Framadate\Services\SecurityService;
 use Framadate\Utils;
 
 include_once __DIR__ . '/app/inc/init.php';
@@ -35,6 +36,7 @@ $poll = null;
 
 $logService = new LogService();
 $pollService = new PollService($connect, $logService);
+$securityService = new SecurityService();
 
 /* PAGE */
 /* ---- */
@@ -42,6 +44,12 @@ $pollService = new PollService($connect, $logService);
 if (!empty($_GET['poll'])) {
     $poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
     $poll = $pollService->findById($poll_id);
+} else if (!empty($_GET['admin'])) {
+    $admin_id = filter_input(INPUT_GET, 'admin', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => ADMIN_POLL_REGEX]]);
+    $poll = $pollService->findByAdminId($admin_id);
+    if ($poll) {
+        $poll_id = $poll->id;
+    }
 }
 
 if (!$poll) {
@@ -50,6 +58,16 @@ if (!$poll) {
     exit;
 }
 
+if (empty($admin_id)) {
+    $forbiddenBecauseOfPassword = !$poll->results_publicly_visible && !$securityService->canAccessPoll($poll);
+    $resultsAreHidden = $poll->hidden;
+
+    if ($resultsAreHidden || $forbiddenBecauseOfPassword) {
+        $smarty->assign('error', __('Error', 'Forbidden!'));
+        $smarty->display('error.tpl');
+        exit;
+    }
+}
 
 $slots = $pollService->allSlotsByPoll($poll);
 $votes = $pollService->allVotesByPollId($poll_id);

locale/br.json

@@ -369,6 +369,7 @@
   },
   "Error": {
     "Error!": "Fazi!",
+    "Forbidden!": "BR_Interdit !",
     "Enter a title": "Ret eo enankañ un titl!",
     "Something is going wrong...": "Un dra bennak a-dreuz a zo...",
     "Something is wrong with the format": "Un dra bennak a-dreuz a zo gant ar mentrezh",

locale/de.json

@@ -370,6 +370,7 @@
     },
     "Error": {
         "Error!": "Fehler!",
+        "Forbidden!": "Verboten!",
         "Enter a title": "Titel eingeben",
         "Something is going wrong...": "Etwas geht schief...",
         "Something is wrong with the format": "Mit dem Format stimmt etwas nicht",

locale/en.json

@@ -371,6 +371,7 @@
   },
   "Error": {
     "Error!": "Error!",
+    "Forbidden!": "Forbidden!",
     "Enter a title": "Enter a title",
     "Something is going wrong...": "Something has gone wrong...",
     "Something is wrong with the format": "Something is wrong with the format",

locale/es.json

@@ -370,6 +370,7 @@
   },
   "Error": {
     "Error!": "¡Error!",
+    "Forbidden!": "¡Prohibido!",
     "Enter a title": "Introducza un título",
     "Something is going wrong...": "Algo anda mal...",
     "Something is wrong with the format": "Algo está mal con el formato",

locale/fr.json

@@ -370,6 +370,7 @@
   },
   "Error": {
     "Error!": "Erreur !",
+    "Forbidden!": "Interdit !",
     "Enter a title": "Il faut saisir un titre !",
     "Something is going wrong...": "Quelque chose ne va pas...",
     "Something is wrong with the format": "Quelque chose ne va pas avec le format",

locale/it.json

@@ -370,6 +370,7 @@
   },
   "Error": {
     "Error!": "Errore!",
+    "Forbidden!": "Proibito!",
     "Enter a title": "È necessario inserire un titolo !",
     "Something is going wrong...": "Qualcosa non è corretto...",
     "Something is wrong with the format": "Qualche errore nel formato",

locale/oc.json

@@ -370,6 +370,7 @@
   },
   "Error": {
     "Error!": "Error !",
+    "Forbidden!": "OC_Interdit !",
     "Enter a title": "Cal picar un títol !",
     "Something is going wrong...": "I a quicòm que truca...",
     "Something is wrong with the format": "I a quicòm que truca amb lo format.",

tpl/part/poll_info.tpl

@@ -21,7 +21,13 @@
             <div class="col-md-5 hidden-print">
                 <div class="btn-group pull-right">
                     <button onclick="print(); return false;" class="btn btn-default"><span class="glyphicon glyphicon-print"></span> {__('PollInfo', 'Print')}</button>
-                    <a href="{$SERVER_URL|html}exportcsv.php?poll={$poll_id|html}" class="btn btn-default"><span class="glyphicon glyphicon-download-alt"></span> {__('PollInfo', 'Export to CSV')}</a>
+                    {if $admin}
+                        <a href="{$SERVER_URL|html}exportcsv.php?admin={$admin_poll_id|html}" class="btn btn-default"><span class="glyphicon glyphicon-download-alt"></span> {__('PollInfo', 'Export to CSV')}</a>
+                    {else}
+                        {if !$hidden}
+                            <a href="{$SERVER_URL|html}exportcsv.php?poll={$poll_id|html}" class="btn btn-default"><span class="glyphicon glyphicon-download-alt"></span> {__('PollInfo', 'Export to CSV')}</a>
+                        {/if}
+                    {/if}
                     {if $admin}
                         {if !$expired}
                         <button type="button" class="btn btn-danger dropdown-toggle" data-toggle="dropdown">