]> projects.mako.cc - selectricity/blobdiff - app/models/election.rb
fix security issue
[selectricity] / app / models / election.rb
index 7d8ad80d883ee45ab6bee1a875ed446478d68151..7c15dcfcd785298c1e524702801d69fdfd4f3147 100644 (file)
@@ -73,7 +73,7 @@ class Election < ActiveRecord::Base
       reasons << "You must have at least two candidates."
     end
     
       reasons << "You must have at least two candidates."
     end
     
-    if self.voters.length <= 1
+    if self.voters.length <= 1 and self.authenticated?
       reasons << "You must have at least two voters."
     end
 
       reasons << "You must have at least two voters."
     end
 
@@ -86,7 +86,7 @@ class Election < ActiveRecord::Base
   end
   
   def quickvote?
   end
   
   def quickvote?
-    self.class == 'QuickVote'
+    self.class == QuickVote
   end
 
   def active?
   end
 
   def active?
@@ -97,6 +97,10 @@ class Election < ActiveRecord::Base
     active == 2
   end
 
     active == 2
   end
 
+  def authenticated?
+    authenticated
+  end
+  
   def shortdesc
     shortdesc = description.split(/\n/)[0]
   end
   def shortdesc
     shortdesc = description.split(/\n/)[0]
   end
@@ -137,11 +141,11 @@ class Election < ActiveRecord::Base
       # skip if the voter has not voted or has an unconfirmed vote
       next unless voter.voted?
 
       # skip if the voter has not voted or has an unconfirmed vote
       next unless voter.voted?
 
-      plurality_tally << voter.vote.rankings.sort[0].candidate.id
+      plurality_tally << voter.vote.rankings.sort[0].candidate_id
       approval_tally << voter.vote.rankings.sort[0..1].collect \
       approval_tally << voter.vote.rankings.sort[0..1].collect \
-        { |ranking| ranking.candidate.id }
+        { |ranking| ranking.candidate_id }
       preference_tally << voter.vote.rankings.sort.collect \
       preference_tally << voter.vote.rankings.sort.collect \
-        { |ranking| ranking.candidate.id }
+        { |ranking| ranking.candidate_id }
     end
     
     @plurality_result = PluralityVote.new(plurality_tally).result
     end
     
     @plurality_result = PluralityVote.new(plurality_tally).result

Benjamin Mako Hill || Want to submit a patch?