projects / selectricity / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fix security issue
[selectricity] / app / controllers / voter_controller.rb
1 # Selectricity: Voting Machinery for the Masses
2 # Copyright (C) 2007, 2008 Benjamin Mako Hill <mako@atdot.cc>
3 # Copyright (C) 2007 Massachusetts Institute of Technology
4 #
5 # This program is free software. Please see the COPYING file for
6 # details.
7
8 class VoterController < ApplicationController
9   helper :sparklines
10   layout 'main'
11   require_dependency "voter"
12   require_dependency "vote"
13   require_dependency "election"
14
15   before_filter :authenticate, :except => [:index, :login, :reminder,
16                                            :kiosk_ready, :sort_candidates]
17
18   def index
19     if params[:election_id]
20       @election = Election.find(params[:election_id])
21       unless @election.authenticated?
22         @voter = OpenVoter.find(:all,
23           :conditions => ["session_id = ? and election_id = ?",
24           session.session_id, @election.id])[0]
25      
26         @voter = OpenVoter.new unless @voter
27
28         @voter.election = @election
29         @voter.session_id = session.session_id
30         @password = "open." + @election.id.to_s
31       end
32     elsif params[:urlpassword]
33       password = params[:urlpassword]
34
35       if @voter = FullVoter.find(:all,
36         :conditions => [ "password = ?", password ] )[0]
37         @election = @voter.election
38         @password = @voter.password
39       end
40     end
41
42     if @voter and @election
43       # initialize things if the vote is blank
44       if @voter.vote.nil?
45         @voter.vote = Vote.new 
46         @voter.save
47       end
48     
49       @voter.vote.set_defaults! if @voter.vote.rankings.empty?
50
51       # if the election is now finished 
52       if @election.enddate < Time.now
53         redirect_to :action => :results, :id => @password
54       else
55         @sidebar_content = render_to_string(:partial => 'vote_sidebar')
56         if @election.embeddable? and params[:embed] == "true"
57           # look for custom theme, and assign to instance variabels
58           # for widget use
59           if @election.embed_custom_string
60             @top_bar = SkinPicture.find(:first,
61               :conditions => ["filename = ?",
62                 @election.embed_custom_string + "top_bar.png"])
63             @default_image = SkinPicture.find(:first,
64               :conditions => ["filename = ?",
65                 @election.embed_custom_string + "default_image.png"])
66             @bg1 = SkinPicture.find(:first,
67               :conditions => ["filename = ?",
68                 @election.embed_custom_string + "bg1.png"])
69             @bg2 = SkinPicture.find(:first,
70               :conditions => ["filename = ?",
71                 @election.embed_custom_string + "bg2.png"])
72             @bottom_bar = SkinPicture.find(:first,
73               :conditions => ["filename = ?",
74                 @election.embed_custom_string + "bottom_bar.png"])
75           end
76           render :template => 'embed/full_vote', :layout => 'embed'
77         else
78           render :action => 'full_vote'
79         end
80       end
81     end
82   end
83
84   def login
85     if params[:vote] and params[:vote][:password]
86       redirect_to votepassword_url(:action => 'index',
87         :urlpassword => params[:vote][:password])
88     else
89       redirect_to :action => 'index'
90     end
91   end
92   
93   def review
94     @voter.vote.time = Time.now
95     @voter.vote.save
96     @voter.reload
97   end
98
99   def confirm
100     if @voter.vote.confirm!
101       if @voter.election.embeddable? and params[:embed] == "true" \
102         and @voter.election.early_results?
103         redirect_to :action => :results, :id => @password, :embed => 'true'
104       elsif not(@voter.election.verifiable) \
105         and @voter.election.kiosk and params[:kiosk] == "true"
106         redirect_to :action => "kiosk_ready", :id => @password, :kiosk => true
107       else
108         render :action => 'thanks'
109       end
110     else
111       redirect_to :action => 'index'
112     end
113   end
114   
115   def reminder
116     if params[:email]
117       voter_array= FullVoter.find(:all,
118         :conditions => ["email = ?", params[:email]])
119       voter_array.delete_if {|voter| voter.election.active == 0}
120       unless voter_array.empty?
121         VoterNotify.deliver_reminder(voter_array)
122       end
123       render :action => 'reminder_sent'
124     end
125   end
126   
127   def results
128     if authenticate and
129       (@voter.election.early_results? \
130        or @voter.election.enddate < Time.now)
131       
132       @election = @voter.election
133       @sidebar_content = \
134         render_to_string(:partial => 'full_results_sidebar')
135
136       # look for custom theme, and assign to instance variabels for
137       # widget use
138       if @election.embed_custom_string
139         @top_bar = SkinPicture.find(:first,
140           :conditions => ["filename = ?",
141             @election.embed_custom_string + "top_bar.png"])
142         @default_image = SkinPicture.find(:first,
143           :conditions => ["filename = ?",
144             @election.embed_custom_string + "default_image.png"])
145         @bg1 = SkinPicture.find(:first,
146           :conditions => ["filename = ?",
147             @election.embed_custom_string + "bg1.png"])
148         @bg2 = SkinPicture.find(:first,
149           :conditions => ["filename = ?",
150             @election.embed_custom_string + "bg2.png"])
151         @bottom_bar = SkinPicture.find(:first,
152           :conditions => ["filename = ?",
153             @election.embed_custom_string + "bottom_bar.png"])
154       end
155       if @election.embeddable? and params[:embed] == "true"
156         render :template => 'embed/results', :layout => 'embed'
157       else
158         render :template => 'common/results'
159       end
160     else
161       redirect_to :action => 'index'
162     end
163   end
164  
165   def pref_tables
166     @election = @voter.election
167     render :template => 'common/pref_tables_wrapper', :layout => 'basic'
168   end
169
170   def details
171     @election = @voter.election
172     render :template => 'common/details'
173   end
174
175   def kiosk_ready
176     reset_session
177
178     if not authenticate
179       redirect_to :action => 'index'
180     end
181   end
182
183   private
184   def authenticate
185     password = params[:id]
186     if password == "open"
187       election = Election.find(params[:format])
188
189       # if it's not actually open, lets redirect
190       if election.authenticated
191         redirect_to :action => 'index'
192       
193       # otherwise, lets see if they've before
194       else
195         @voter = OpenVoter.find(:all,
196           :conditions => ["session_id = ? and election_id = ?",
197                           session.session_id, election.id])[0]
198
199         # when (a) there is no voter or (b) when there is a voter but
200         # it's kiosk mode on the right page, rewrite with a blank voter
201         if ((not @voter) and  (election.enddate < Time.now)) \
202           or (params[:action] == 'kiosk_ready' and election.kiosk)
203           @voter = OpenVoter.new unless @voter
204         end
205
206         # now that we have a voter (one way or another), set things
207         # right
208         @voter.election = election
209         @voter.session_id = session.session_id
210         @password = "open." + election.id.to_s
211       end
212
213     else
214       @voter = FullVoter.find(:all,
215         :conditions => [ "password = ?", password ] )[0]
216
217       if @voter
218         @password = @voter.password
219       else
220         redirect_to :Action => 'index'
221       end
222     end
223   end
224 end
225
Voting machinery for the masses!

Benjamin Mako Hill || Want to submit a patch?