]> projects.mako.cc - selectricity/blobdiff - app/models/vote.rb
fix security issue
[selectricity] / app / models / vote.rb
index bef35020a45b1a7d37ca25fdd86dec73259f8ab5..719aa7b33f9cb7163049b3bc27389d49c4605251 100644 (file)
@@ -39,7 +39,7 @@ class Vote < ActiveRecord::Base
       if rankings.empty?
         @votes = Array.new
       else
-        @votes = rankings.sort.collect { |ranking| ranking.candidate.id }
+        @votes = self.rankings.sort.collect { |ranking| ranking.candidate.id }
       end
     end
 
@@ -51,6 +51,9 @@ class Vote < ActiveRecord::Base
   end
 
   def save_rankings
+    self.votes # i need to initalize this before destroying rankings
+               # or else the ranks themselves show up as nil
+
     destroy_rankings
     self.votes.each_with_index do |candidate_id, index| 
       ranking = Ranking.new
@@ -70,14 +73,19 @@ class Vote < ActiveRecord::Base
   end
 
   def confirm!
-    self.confirmed = 1
-    self.time = Time.now
-    self.save
-    
-    unless self.voter.election.quickvote?
-      token.destroy and token.reload if token
-      self.token = Token.new
+    if self.voter.election.candidates.length == self.rankings.length
+      self.confirmed = 1
+      self.time = Time.now
       self.save
+    
+      unless self.voter.election.quickvote?
+        token.destroy and token.reload if token
+        self.token = Token.new
+        self.save
+      end
+      return false
+    else
+      return true
     end
   end
 

Benjamin Mako Hill || Want to submit a patch?