]> projects.mako.cc - selectricity-live/blobdiff - app/models/candidate.rb
HTML escape description to prevent code injection onto page
[selectricity-live] / app / models / candidate.rb
index dfc8b1fec08fc19e87b320ea3a7c3856d1369c08..430b6ab22762223a728eaf6cc27bb3d51f7b8d2e 100644 (file)
@@ -1,12 +1,36 @@
 class Candidate < ActiveRecord::Base
   belongs_to :election
+  validates_presence_of :name
+
+  # validate uniqueness of a name *within a given election*
 
   def <=>(other)
-   self.name <=> other.name 
+    self.name <=> other.name 
   end
   
   def to_s
     name
   end
 
+  def picture=(picture_field)
+    if picture_field
+      unless picture_field.content_type.match(/^image/)
+        return false
+      end
+      self.picture_filename = base_part_of(picture_field.original_filename)
+      self.picture_type =  picture_field.content_type.chomp
+      self.picture_data = picture_field.read
+    end
+  end
+
+  def base_part_of(filename)
+    name = File.basename(filename)
+    name.gsub(/[^\w._-]/, '')
+  end
+
+  def picture?
+    !self.picture_filename.nil?
+  end
+
 end
+

Benjamin Mako Hill || Want to submit a patch?