Ajout d'une classe pour les fichiers à télécharger, meilleur support des organisateurs d'un tournoi

server_files/controllers/view_file.php

@@ -9,58 +9,58 @@ if (!isset($_SESSION["user_id"]))
 	require_once "server_files/403.php";
 
 $id = htmlspecialchars($_GET["file_id"]);
-$type = "SOLUTION";
 
-$req = $DB->query("SELECT * FROM `solutions` WHERE `file_id` = '$id';");
-if (($data = $req->fetch()) === false) {
-	$req = $DB->query("SELECT * FROM `syntheses` WHERE `file_id` = '$id';");
-	$type = "SYNTHESE";
+$type = DocumentType::SOLUTION;
+$file = Solution::fromId($id);
+if ($file === null) {
+	$type = DocumentType::SYNTHESE;
+	$file = Synthese::fromId($id);
 
-	if (($data = $req->fetch()) === false) {
-		$req = $DB->query("SELECT * FROM `documents` WHERE `file_id` = '$id';");
-		$type = "DOCUMENT";
-		$data = $req->fetch();
+	if ($file === null) {
+		$file = Document::fromId($id);
+		$type = DocumentType::PARENTAL_CONSENT;
 	}
 }
 
-if ($data !== false) {
-	$team = Team::fromId($data["team"]);
-	$tournament = Tournament::fromId($data["tournament"]);
+if ($file !== null) {
+	$team = Team::fromId($file->getTeamId());
+	$tournament = Tournament::fromId($file->getTournamentId());
 	$trigram = $team->getTrigram();
-	if ($type == "SOLUTION") {
-		$problem = $data["problem"];
+
+	if ($_SESSION["role"] == Role::ORGANIZER && !$tournament->organize($_SESSION["user_id"]))
+		require_once "server_files/403.php";
+
+	if ($type == DocumentType::SOLUTION) {
+		$problem = $file->getProblem();
 		$name = "Problème $problem $trigram.pdf";
 
 		if (($_SESSION["role"] == Role::PARTICIPANT || $_SESSION["role"] == Role::ENCADRANT) && (!isset($_SESSION["team"]) || $_SESSION["team"]->getId() != $team->getId()))
 			require_once "server_files/403.php";
-
-		// TODO Seuls les organisateurs concernés doivent pouvoir télécharger les fichiers
 	}
 	else if ($type == "SYNTHESE") {
-		$dest = $data["dest"];
-		$name = "Note de synthèse $trigram pour " . ($dest == "OPPOSANT" ? "l'opposant" : "le rapporteur") . ".pdf";
+		$dest = $file->getDest();
+		$name = "Note de synthèse $trigram pour " . ($dest == DestType::OPPOSANT ? "l'opposant" : "le rapporteur") . ".pdf";
 
-		// TODO Seuls les organisateurs, défenseurs, opposants et rapporteurs doivent pouvoir télécharger les fichiers
-	}
-	else if ($type == "DOCUMENT") {
-		$user_id = $data["user"];
-		$user = User::fromId($user_id);
-
-		if (($_SESSION["role"] == Role::PARTICIPANT || $_SESSION["role"] == Role::ENCADRANT) && $user_id != $_SESSION["user_id"])
+		if (($_SESSION["role"] == Role::PARTICIPANT || $_SESSION["role"] == Role::ENCADRANT) && (!isset($_SESSION["team"]) || $_SESSION["team"]->getId() != $team->getId()))
 			require_once "server_files/403.php";
+	}
+	else {
+		$user = User::fromId($file->getUserId());
+		$type = $file->getType();
 
-		// TODO Seuls les organisateurs concernés doivent pouvoir télécharger les fichiers
+		if (($_SESSION["role"] == Role::PARTICIPANT || $_SESSION["role"] == Role::ENCADRANT) && $user->getId() != $_SESSION["user_id"])
+			require_once "server_files/403.php";
 
 		$surname = $user->getSurname();
 		$first_name = $user->getFirstName();
-		switch ($data["type"]) {
-			case "PARENTAL_CONSENT":
+		switch ($type) {
+			case DocumentType::PARENTAL_CONSENT:
 				$name = "Autorisation parentale";
 				break;
-			case "PHOTO_CONSENT":
+			case DocumentType::PHOTO_CONSENT:
 				$name = "Autorisation de droit à l'image";
 				break;
-			case "SANITARY_PLUG":
+			case DocumentType::SANITARY_PLUG:
 				$name = "Fiche sanitaire";
 				break;
 		}