mirror of
https://gitlab.com/animath/si/plateforme.git
synced 2024-12-25 17:42:24 +00:00
Quelques restrictions d'accès lors du téléchargement de fichiers
This commit is contained in:
parent
bffaf4b360
commit
fd861ca8c9
@ -7,6 +7,9 @@ if (!isset($_GET["file_id"])) {
|
|||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!isset($_SESSION["user_id"]))
|
||||||
|
require_once "../403.php";
|
||||||
|
|
||||||
$id = htmlspecialchars($_GET["file_id"]);
|
$id = htmlspecialchars($_GET["file_id"]);
|
||||||
$type = "SOLUTION";
|
$type = "SOLUTION";
|
||||||
|
|
||||||
@ -29,16 +32,29 @@ if ($data !== false) {
|
|||||||
if ($type == "SOLUTION") {
|
if ($type == "SOLUTION") {
|
||||||
$problem = $data["problem"];
|
$problem = $data["problem"];
|
||||||
$name = "Problème $problem $trigram.pdf";
|
$name = "Problème $problem $trigram.pdf";
|
||||||
|
|
||||||
|
if (($_SESSION["role"] == Role::PARTICIPANT || $_SESSION["role"] == Role::ENCADRANT) && (!isset($_SESSION["team"]) || $_SESSION["team"]->getId() != $team->getId()))
|
||||||
|
require_once "../403.php";
|
||||||
|
|
||||||
|
// TODO Seuls les organisateurs concernés doivent pouvoir télécharger les fichiers
|
||||||
}
|
}
|
||||||
else if ($type == "SYNTHESE") {
|
else if ($type == "SYNTHESE") {
|
||||||
$dest = $data["dest"];
|
$dest = $data["dest"];
|
||||||
$name = "Note de synthèse $trigram pour " . ($dest == "OPPOSANT" ? "l'opposant" : "le rapporteur") . ".pdf";
|
$name = "Note de synthèse $trigram pour " . ($dest == "OPPOSANT" ? "l'opposant" : "le rapporteur") . ".pdf";
|
||||||
|
|
||||||
|
// TODO Seuls les organisateurs, défenseurs, opposants et rapporteurs doivent pouvoir télécharger les fichiers
|
||||||
}
|
}
|
||||||
else if ($type == "DOCUMENT") {
|
else if ($type == "DOCUMENT") {
|
||||||
$user_id = $data["user"];
|
$user_id = $data["user"];
|
||||||
$user_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = 'user';")->fetch();
|
$user = User::fromId($user_id);
|
||||||
$surname = $user_data["surname"];
|
|
||||||
$first_name = $user_data["first_name"];
|
if (($_SESSION["role"] == Role::PARTICIPANT || $_SESSION["role"] == Role::ENCADRANT) && $user_id != $_SESSION["user_id"])
|
||||||
|
require_once "../403.php";
|
||||||
|
|
||||||
|
// TODO Seuls les organisateurs concernés doivent pouvoir télécharger les fichiers
|
||||||
|
|
||||||
|
$surname = $user->getSurname();
|
||||||
|
$first_name = $user->getFirstName();
|
||||||
switch ($data["type"]) {
|
switch ($data["type"]) {
|
||||||
case "PARENTAL_CONSENT":
|
case "PARENTAL_CONSENT":
|
||||||
$name = "Autorisation parentale";
|
$name = "Autorisation parentale";
|
||||||
|
Loading…
Reference in New Issue
Block a user