XMLRPC Vote Casting Validation:

[selectricity-live] / app / models / selectricity_service.rb

diff --git a/app/models/selectricity_service.rb b/app/models/selectricity_service.rb
index 3f0a3bf7442ba12deb8d9d96ae5944af272085dc..4075f6401fa40f889f16be53ac80fc7b17398d57 100644 (file)
--- a/app/models/selectricity_service.rb
+++ b/app/models/selectricity_service.rb
@@ -5,6 +5,12 @@ class SelectricityService < ActionWebService::Base
   def cast_quickvote(election_name, voter_id, vote_list)
     election = QuickVote.ident_to_quickvote election_name
     if election
+      candidates=election.candidates.collect { |c| c.id }
+      vote_list[0].each do |vote|
+        raise ArgumentError.new "Invalid Candidate ID #{vote}" unless candidates.index(vote)
+      end
+      raise ArgumentError.new "You must rank all candidates" unless candidates.length <= vote_list[0].length
+      raise ArgumentError.new "Please rank each candidate only once" if vote_list[0].uniq!
       voter = QuickVoter.new
       voter.election = election
       voter.ipaddress = "XMLRPC Request"