From 242dfa74c824ac7fe0ad583ef816c699461b475e Mon Sep 17 00:00:00 2001
From: Caribana <lars.kermode@caribana.ch>
Date: Mon, 9 Apr 2018 21:11:13 +0200
Subject: [PATCH] =?UTF-8?q?Ajout=20fonctionnement=20de=20la=20possibilit?=
 =?UTF-8?q?=C3=A9=20globale=20d'=C3=A9diter=20ou=20pas?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 accred_form.php |  8 ++++++++
 accred_list.php | 14 +++++++++++---
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/accred_form.php b/accred_form.php
index 7c5b3d15..82d5cb86 100644
--- a/accred_form.php
+++ b/accred_form.php
@@ -8,11 +8,19 @@ require_once 'vendor/autoload.php';
         $aid = $_GET['aid'];
         $isAdmin = $_SESSION['admin']==1;
 
+	$isEditable = $_SESSION['allowedit']==1;
 	if(!$userid) {
 		syslog(LOG_ERR, "Unauthorized access to form page aid:$aid from : {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
 		header('Location: accred_list');
 		die();
 	}
+	if(!$isAdmin && $isEditable!=1) {
+                syslog(LOG_ERR, "Unauthorized access to form page aid by non editable user :$aid from : {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
+                header('Location: accred_list');
+                die();
+        }
+
+
 	$uname = $_SESSION['name'];
 	if($_POST['btncancel']) {
 		header('Location: accred_list');
diff --git a/accred_list.php b/accred_list.php
index 5e135be8..35c87593 100644
--- a/accred_list.php
+++ b/accred_list.php
@@ -9,9 +9,9 @@
 	// CSRF Counter-measure
 	$token = md5(uniqid(rand(), TRUE));
 	$_SESSION['state'] = $token;
-
 	$userid = $_SESSION['uid'];
 	$isAdmin = $_SESSION['admin']==1;
+	$isEditable = $_SESSION['allowedit']==1;
 	// Bail out if not logged in
 	if($userid=='') {
 		header("location: index?");
@@ -240,13 +240,21 @@ if ($mysqli->connect_errno) {
 
 <body <?php if($isAdmin) echo 'class="admin" '; else echo 'class="user" '; ?>>
 <div class="right-blob"><span id="identification">Bienvenue <?php echo $_SESSION['name']; if($isAdmin) echo ", tu es admin";?></span><br>
+<?php if($isEditable) { ?>
+
+<span class="identification">Le formulaire est ouvert, les utilisateurs  peuvent modifier ou ajouter des demandes</span><br>
+<?php } else { ?>
+<span class="identification">Le formulaire est fermé, les utilisateurs ne peuvent plus modifier ou ajouter des demandes</span><br>
+<?php } ?>
 <div id="uid" style="display:none"><?php echo $userid;?></div></div>
 <h1>Commande</h1>
 <div id="tblContent">
 <table id="example" class="display" cellspacing="0" width="100%">
         <thead>
 <ul>
+<?php if($isAdmin || $isEditable==1) { ?>
     <li> <a href="accred_form">Nouvelle demande</a></li>
+<?php } ?>
 <?php if($isAdmin) { ?>
     <li> <a href="./accred_list?o=excel">Export Excel</a></li>
 <?php } ?>
@@ -347,9 +355,9 @@ $(document).ready(function(){
                 $(td).addClass('bck-check <?php if($isAdmin) echo " editable"; ?>');
                 break;
             case "1":
-                $(td).addClass('bck-edit editable');
+                $(td).addClass('bck-edit <?php if($isAdmin || $isEditable==1) echo " editable"; ?>');
                 break;
-            case "2":
+            case "3":
                 $(td).addClass('bck-processed');
                 break;
             }