]> projects.mako.cc - selectricity/blobdiff - app/controllers/election_controller.rb
fix security issue
[selectricity] / app / controllers / election_controller.rb
index 94c203d104c902de9dd673a3713ad0c2e76a9fa7..3d811e622112f32ab59b6c5fc075a5a21d9c60da 100644 (file)
@@ -45,7 +45,15 @@ class ElectionController < ApplicationController
     @election.user = session[:user]
     @election.anonymous = 1
     @election.startdate = Time.now
-
+    @election.type = 'Election'
+    
+    holder = create_theme_hash
+    unless holder.values.all? {|v| v.has_value?("")}
+      token_generator = UniqueTokenGenerator.new( 16 )
+      @election.embed_custom_string = token_generator.token
+      add_theme(@election.embed_custom_string)
+    end
+    
     if @election.save
       flash[:notice] = 'Election was successfully created.'
       redirect_to :action => 'edit_candidates', :id => @election.id
@@ -54,6 +62,15 @@ class ElectionController < ApplicationController
     end
   end
   
+  def create_theme_hash
+    target = Hash.new
+    params.each do |k,v|
+      target[k] = v if k=="top_bar" or k=="default_image" or k=="bg1" \
+                    or k=="bg2" or k=="bottom_bar"
+    end
+    return target
+  end
+  
   # TODO add filter to verify that the person working on or looking at
   # something is the owner
   def edit_general_information
@@ -62,6 +79,17 @@ class ElectionController < ApplicationController
   
   def update_general_information
     @election = Election.find(params[:id])
+    
+    holder = create_theme_hash
+    unless holder.values.all? {|v| v.has_value?("")}
+      unless @election.embed_custom_string
+        token_generator = UniqueTokenGenerator.new( 16 )
+        @election.embed_custom_string = token_generator.token
+      end
+      
+      add_theme(@election.embed_custom_string)
+    end
+    
     if @election.update_attributes(params[:election])
       flash[:notice] = 'Election was successfully updated.'
       redirect_to :action => 'show', :id => @election
@@ -69,20 +97,81 @@ class ElectionController < ApplicationController
       render :action => 'edit'
     end
   end
-
-
+  
+  #Takes care of uploading custom images 
+  #unnecessarily long, how can I compress?
+  def add_theme(prefix)
+    holder = create_theme_hash
+    unless params[:top_bar][:uploaded_data].to_s.empty?
+      previous = SkinPicture.find(:first,
+      :conditions => ["filename = ?", @election.embed_custom_string + "top_bar.png"])
+      if previous
+        previous.destroy
+      end
+      top_bar = SkinPicture.new(params[:top_bar])
+      top_bar.filename = prefix + "top_bar." + params[:top_bar][:uploaded_data].content_type[6..-2]
+      top_bar.save
+    end
+    unless params[:default_image][:uploaded_data].to_s.empty?
+      previous = SkinPicture.find(:first,
+      :conditions => ["filename = ?", @election.embed_custom_string + "default_image.png"])
+      if previous
+        previous.destroy
+      end
+      default_image = SkinPicture.new(params[:default_image])
+      default_image.filename = prefix + "default_image." + params[:default_image][:uploaded_data].content_type[6..-2]
+      default_image.save
+    end
+    unless params[:bg1][:uploaded_data].to_s.empty?
+      previous = SkinPicture.find(:first,
+      :conditions => ["filename = ?", @election.embed_custom_string + "bg1.png"])
+      if previous
+        previous.destroy
+      end
+      bg1 = SkinPicture.new(params[:bg1])  
+      bg1.filename = prefix + "bg1." + params[:bg1][:uploaded_data].content_type[6..-2]
+      bg1.save
+    end
+    unless params[:bg2][:uploaded_data].to_s.empty?
+      previous = SkinPicture.find(:first,
+      :conditions => ["filename = ?", @election.embed_custom_string + "bg2.png"])
+      if previous
+        previous.destroy
+      end
+      bg2 = SkinPicture.new(params[:bg2]) 
+      bg2.filename = prefix + "bg2." + params[:bg2][:uploaded_data].content_type[6..-2]
+      bg2.save
+    end
+    unless params[:bottom_bar][:uploaded_data].to_s.empty?
+      previous = SkinPicture.find(:first,
+      :conditions => ["filename = ?", @election.embed_custom_string + "bottom_bar.png"])
+      if previous
+        previous.destroy
+      end
+      bottom_bar = SkinPicture.new(params[:bottom_bar])
+      bottom_bar.filename = prefix + "bottom_bar." + params[:bottom_bar][:uploaded_data].content_type[6..-2]
+      bottom_bar.save
+    end
+        
+  end
+  
   def show
     @sidebar_content = render_to_string :partial => 'progress',
                                         :locals => { :page => 'review' }
 
     @election = Election.find(params[:id])
+    if @election.class  == QuickVote
+      redirect_to(:controller => 'quickvote', :action => 'index', :ident => @election.id)
+    end
+      
   end
 
   def start_election
     @election = Election.find(params[:id])
+    
     @election.voters.each do |voter|
       voter.vote = Vote.new
-      email_voter voter
+      email_voter voter unless voter.email.nil?
     end
 
     @election.activate!
@@ -145,11 +234,12 @@ class ElectionController < ApplicationController
     if params.has_key?( :raw_voter_list )
       process_incoming_voters( params[:raw_voter_list] )
     end
+    @edit = true
     @raw_voter_list = RawVoterList.new
   end
   
   def delete_voter
-    voter = Voter.find( params[:id] )
+    voter = FullVoter.find( params[:id] )
     voter.destroy
   end
 
@@ -168,7 +258,7 @@ class ElectionController < ApplicationController
   def results
     @election = Election.find( params[:id] )
     votes = []
-
+    
     @election.voters.each do |voter|
       if voter.vote and voter.vote.confirmed?
         votes << voter.vote.rankings.sort.collect {|vote| vote.candidate_id}
@@ -181,6 +271,7 @@ class ElectionController < ApplicationController
     
     @candidates_by_id = {}
     @election.candidates.each {|cand| @candidates_by_id[cand.id] = cand}
+    
   end
   
   def detailed_results
@@ -189,7 +280,8 @@ class ElectionController < ApplicationController
 
     @voter_list = []
     @vote_list = []
-    @election.voters. each do |voter|
+    
+    @election.voters.each do |voter|
       if voter.vote and voter.vote.confirmed?
         @voter_list << voter.email
              @vote_list << voter.vote

Benjamin Mako Hill || Want to submit a patch?