]> projects.mako.cc - selectricity-live/blobdiff - app/models/candidate.rb
HTML escape description to prevent code injection onto page
[selectricity-live] / app / models / candidate.rb
index 41d743b3a55ed07c0184605cbba600ba2ebc5c84..430b6ab22762223a728eaf6cc27bb3d51f7b8d2e 100644 (file)
@@ -1,2 +1,36 @@
 class Candidate < ActiveRecord::Base
+  belongs_to :election
+  validates_presence_of :name
+
+  # validate uniqueness of a name *within a given election*
+
+  def <=>(other)
+    self.name <=> other.name 
+  end
+  
+  def to_s
+    name
+  end
+
+  def picture=(picture_field)
+    if picture_field
+      unless picture_field.content_type.match(/^image/)
+        return false
+      end
+      self.picture_filename = base_part_of(picture_field.original_filename)
+      self.picture_type =  picture_field.content_type.chomp
+      self.picture_data = picture_field.read
+    end
+  end
+
+  def base_part_of(filename)
+    name = File.basename(filename)
+    name.gsub(/[^\w._-]/, '')
+  end
+
+  def picture?
+    !self.picture_filename.nil?
+  end
+
 end
+

Benjamin Mako Hill || Want to submit a patch?