Chapril/date.chapril.org-framadate
Chapril
/
date.chapril.org-framadate
23
1
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'feature/Disable_when_results_are_hidden' into 'release' 

Disable when results are hidden

Fix #196

See merge request !154
This commit is contained in:
Antonin 2016-10-06 22:46:24 +02:00
parent 1d43293276 73de6199fa
commit 671f37c05c
12 changed files with 36 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/classes/Framadate/Migration/From_0_0_to_0_8_Migration.php
View File

@ -72,7 +72,7 @@ CREATE TABLE IF NOT EXISTS `sondage` (
`titre` text, `titre` text,
`id_sondage_admin` char(24) DEFAULT NULL, `id_sondage_admin` char(24) DEFAULT NULL,
`date_creation` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, `date_creation` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`date_fin` timestamp NOT NULL DEFAULT \'0000-00-00 00:00:00\', `date_fin` timestamp NOT NULL,
`format` varchar(2) DEFAULT NULL, `format` varchar(2) DEFAULT NULL,
`mailsonde` tinyint(1) DEFAULT \'0\', `mailsonde` tinyint(1) DEFAULT \'0\',
`statut` int(11) NOT NULL DEFAULT \'1\' COMMENT \'1 = actif ; 0 = inactif ; \', `statut` int(11) NOT NULL DEFAULT \'1\' COMMENT \'1 = actif ; 0 = inactif ; \',

2
app/classes/Framadate/Migration/From_0_8_to_0_9_Migration.php
View File

@ -90,7 +90,7 @@ CREATE TABLE IF NOT EXISTS `' . Utils::table('poll') . '` (
`admin_name` VARCHAR(64) DEFAULT NULL, `admin_name` VARCHAR(64) DEFAULT NULL,
`admin_mail` VARCHAR(128) DEFAULT NULL, `admin_mail` VARCHAR(128) DEFAULT NULL,
`creation_date` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, `creation_date` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`end_date` TIMESTAMP NOT NULL DEFAULT \'0000-00-00 00:00:00\', `end_date` TIMESTAMP NOT NULL,
`format` VARCHAR(1) DEFAULT NULL, `format` VARCHAR(1) DEFAULT NULL,
`editable` TINYINT(1) DEFAULT \'0\', `editable` TINYINT(1) DEFAULT \'0\',
`receiveNewVotes` TINYINT(1) DEFAULT \'0\', `receiveNewVotes` TINYINT(1) DEFAULT \'0\',

4
app/classes/Framadate/Repositories/PollRepository.php
View File

@ -16,7 +16,7 @@ class PollRepository extends AbstractRepository {
(id, admin_id, title, description, admin_name, admin_mail, end_date, format, editable, receiveNewVotes, receiveNewComments, hidden, password_hash, results_publicly_visible) (id, admin_id, title, description, admin_name, admin_mail, end_date, format, editable, receiveNewVotes, receiveNewComments, hidden, password_hash, results_publicly_visible)
VALUES (?,?,?,?,?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?)'; VALUES (?,?,?,?,?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?)';
$prepared = $this->prepare($sql); $prepared = $this->prepare($sql);
$prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable, $form->receiveNewVotes, $form->receiveNewComments, $form->hidden, $form->password_hash, $form->results_publicly_visible)); $prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable ? 1 : 0, $form->receiveNewVotes ? 1 : 0, $form->receiveNewComments ? 1 : 0, $form->hidden ? 1 : 0, $form->password_hash, $form->results_publicly_visible ? 1 : 0));
} }
function findById($poll_id) { function findById($poll_id) {
@ -58,7 +58,7 @@ class PollRepository extends AbstractRepository {
function update($poll) { function update($poll) {
$prepared = $this->prepare('UPDATE `' . Utils::table('poll') . '` SET title=?, admin_name=?, admin_mail=?, description=?, end_date=?, active=?, editable=?, hidden=?, password_hash=?, results_publicly_visible=? WHERE id = ?'); $prepared = $this->prepare('UPDATE `' . Utils::table('poll') . '` SET title=?, admin_name=?, admin_mail=?, description=?, end_date=?, active=?, editable=?, hidden=?, password_hash=?, results_publicly_visible=? WHERE id = ?');
return $prepared->execute([$poll->title, $poll->admin_name, $poll->admin_mail, $poll->description, $poll->end_date, $poll->active, $poll->editable, $poll->hidden, $poll->password_hash, $poll->results_publicly_visible, $poll->id]); return $prepared->execute([$poll->title, $poll->admin_name, $poll->admin_mail, $poll->description, $poll->end_date, $poll->active, $poll->editable ? 1 : 0, $poll->hidden ? 1 : 0, $poll->password_hash, $poll->results_publicly_visible ? 1 : 0, $poll->id]);
} }
function deleteById($poll_id) { function deleteById($poll_id) {

18
exportcsv.php
View File

@ -18,6 +18,7 @@
*/ */
use Framadate\Services\LogService; use Framadate\Services\LogService;
use Framadate\Services\PollService; use Framadate\Services\PollService;
use Framadate\Services\SecurityService;
use Framadate\Utils; use Framadate\Utils;
include_once __DIR__ . '/app/inc/init.php'; include_once __DIR__ . '/app/inc/init.php';
@ -35,6 +36,7 @@ $poll = null;
$logService = new LogService(); $logService = new LogService();
$pollService = new PollService($connect, $logService); $pollService = new PollService($connect, $logService);
$securityService = new SecurityService();
/* PAGE */ /* PAGE */
/* ---- */ /* ---- */
@ -42,6 +44,12 @@ $pollService = new PollService($connect, $logService);
if (!empty($_GET['poll'])) { if (!empty($_GET['poll'])) {
$poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]); $poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
$poll = $pollService->findById($poll_id); $poll = $pollService->findById($poll_id);
} else if (!empty($_GET['admin'])) {
$admin_id = filter_input(INPUT_GET, 'admin', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => ADMIN_POLL_REGEX]]);
$poll = $pollService->findByAdminId($admin_id);
if ($poll) {
$poll_id = $poll->id;
}
} }
if (!$poll) { if (!$poll) {
@ -50,6 +58,16 @@ if (!$poll) {
exit; exit;
} }
if (empty($admin_id)) {
$forbiddenBecauseOfPassword = !$poll->results_publicly_visible && !$securityService->canAccessPoll($poll);
$resultsAreHidden = $poll->hidden;
if ($resultsAreHidden || $forbiddenBecauseOfPassword) {
$smarty->assign('error', __('Error', 'Forbidden!'));
$smarty->display('error.tpl');
exit;
}
}
$slots = $pollService->allSlotsByPoll($poll); $slots = $pollService->allSlotsByPoll($poll);
$votes = $pollService->allVotesByPollId($poll_id); $votes = $pollService->allVotesByPollId($poll_id);

1
locale/br.json
View File

@ -369,6 +369,7 @@
}, },
"Error": { "Error": {
"Error!": "Fazi!", "Error!": "Fazi!",
"Forbidden!": "BR_Interdit !",
"Enter a title": "Ret eo enankañ un titl!", "Enter a title": "Ret eo enankañ un titl!",
"Something is going wrong...": "Un dra bennak a-dreuz a zo...", "Something is going wrong...": "Un dra bennak a-dreuz a zo...",
"Something is wrong with the format": "Un dra bennak a-dreuz a zo gant ar mentrezh", "Something is wrong with the format": "Un dra bennak a-dreuz a zo gant ar mentrezh",

1
locale/de.json
View File

@ -370,6 +370,7 @@
}, },
"Error": { "Error": {
"Error!": "Fehler!", "Error!": "Fehler!",
"Forbidden!": "Verboten!",
"Enter a title": "Titel eingeben", "Enter a title": "Titel eingeben",
"Something is going wrong...": "Etwas geht schief...", "Something is going wrong...": "Etwas geht schief...",
"Something is wrong with the format": "Mit dem Format stimmt etwas nicht", "Something is wrong with the format": "Mit dem Format stimmt etwas nicht",

1
locale/en.json
View File

@ -371,6 +371,7 @@
}, },
"Error": { "Error": {
"Error!": "Error!", "Error!": "Error!",
"Forbidden!": "Forbidden!",
"Enter a title": "Enter a title", "Enter a title": "Enter a title",
"Something is going wrong...": "Something has gone wrong...", "Something is going wrong...": "Something has gone wrong...",
"Something is wrong with the format": "Something is wrong with the format", "Something is wrong with the format": "Something is wrong with the format",

1
locale/es.json
View File

@ -370,6 +370,7 @@
}, },
"Error": { "Error": {
"Error!": "¡Error!", "Error!": "¡Error!",
"Forbidden!": "¡Prohibido!",
"Enter a title": "Introducza un título", "Enter a title": "Introducza un título",
"Something is going wrong...": "Algo anda mal...", "Something is going wrong...": "Algo anda mal...",
"Something is wrong with the format": "Algo está mal con el formato", "Something is wrong with the format": "Algo está mal con el formato",

1
locale/fr.json
View File

@ -370,6 +370,7 @@
}, },
"Error": { "Error": {
"Error!": "Erreur !", "Error!": "Erreur !",
"Forbidden!": "Interdit !",
"Enter a title": "Il faut saisir un titre !", "Enter a title": "Il faut saisir un titre !",
"Something is going wrong...": "Quelque chose ne va pas...", "Something is going wrong...": "Quelque chose ne va pas...",
"Something is wrong with the format": "Quelque chose ne va pas avec le format", "Something is wrong with the format": "Quelque chose ne va pas avec le format",

1
locale/it.json
View File

@ -370,6 +370,7 @@
}, },
"Error": { "Error": {
"Error!": "Errore!", "Error!": "Errore!",
"Forbidden!": "Proibito!",
"Enter a title": "È necessario inserire un titolo !", "Enter a title": "È necessario inserire un titolo !",
"Something is going wrong...": "Qualcosa non è corretto...", "Something is going wrong...": "Qualcosa non è corretto...",
"Something is wrong with the format": "Qualche errore nel formato", "Something is wrong with the format": "Qualche errore nel formato",

1
locale/oc.json
View File

@ -370,6 +370,7 @@
}, },
"Error": { "Error": {
"Error!": "Error !", "Error!": "Error !",
"Forbidden!": "OC_Interdit !",
"Enter a title": "Cal picar un títol !", "Enter a title": "Cal picar un títol !",
"Something is going wrong...": "I a quicòm que truca...", "Something is going wrong...": "I a quicòm que truca...",
"Something is wrong with the format": "I a quicòm que truca amb lo format.", "Something is wrong with the format": "I a quicòm que truca amb lo format.",

8
tpl/part/poll_info.tpl
View File

@ -21,7 +21,13 @@
<div class="col-md-5 hidden-print"> <div class="col-md-5 hidden-print">
<div class="btn-group pull-right"> <div class="btn-group pull-right">
<button onclick="print(); return false;" class="btn btn-default"><span class="glyphicon glyphicon-print"></span> {__('PollInfo', 'Print')}</button> <button onclick="print(); return false;" class="btn btn-default"><span class="glyphicon glyphicon-print"></span> {__('PollInfo', 'Print')}</button>
<a href="{$SERVER_URL|html}exportcsv.php?poll={$poll_id|html}" class="btn btn-default"><span class="glyphicon glyphicon-download-alt"></span> {__('PollInfo', 'Export to CSV')}</a> {if $admin}
<a href="{$SERVER_URL|html}exportcsv.php?admin={$admin_poll_id|html}" class="btn btn-default"><span class="glyphicon glyphicon-download-alt"></span> {__('PollInfo', 'Export to CSV')}</a>
{else}
{if !$hidden}
<a href="{$SERVER_URL|html}exportcsv.php?poll={$poll_id|html}" class="btn btn-default"><span class="glyphicon glyphicon-download-alt"></span> {__('PollInfo', 'Export to CSV')}</a>
{/if}
{/if}
{if $admin} {if $admin}
{if !$expired} {if !$expired}
<button type="button" class="btn btn-danger dropdown-toggle" data-toggle="dropdown"> <button type="button" class="btn btn-danger dropdown-toggle" data-toggle="dropdown">