fix bug that allowed votes with more rankings than candidates to be recorded
authorBenjamin Mako Hill <mako@ephesus.xvm.mit.edu>
Sun, 17 Jun 2012 22:45:25 +0000 (18:45 -0400)
committerBenjamin Mako Hill <mako@ephesus.xvm.mit.edu>
Sun, 17 Jun 2012 22:45:25 +0000 (18:45 -0400)
app/controllers/quickvote_controller.rb
app/controllers/voter_controller.rb
app/models/vote.rb

index b57abaa..cd16743 100644 (file)
@@ -165,10 +165,12 @@ class QuickvoteController < ApplicationController
       @voter.save
       
       # toggle the confirmation bit      
-      @voter.vote.confirm!
-     
-      @voter.reload
-      render :action => 'thanks'
+      if @voter.vote.confirm!
+        @voter.reload
+        render :action => 'thanks'
+      else
+        redirect_to :action => 'index'
+      end
     end
   end
  
index afc0103..4ff8140 100644 (file)
@@ -128,16 +128,18 @@ class VoterController < ApplicationController
 
   def confirm
     if authenticate
-      @voter.vote.confirm!
-
-      if @voter.election.embeddable? and params[:embed] == "true" \
-        and @voter.election.early_results?
-        redirect_to :action => :results, :id => @password, :embed => 'true'
+      if @voter.vote.confirm!
+        if @voter.election.embeddable? and params[:embed] == "true" \
+          and @voter.election.early_results?
+          redirect_to :action => :results, :id => @password, :embed => 'true'
+        else
+          render :action => 'thanks'
+        end
       else
-        render :action => 'thanks'
+        redirect_to :action => 'index'
       end
     else
-      redirect_to :action => 'index'
+        redirect_to :action => 'index'
     end
   end
   
index d3010df..719aa7b 100644 (file)
@@ -73,14 +73,19 @@ class Vote < ActiveRecord::Base
   end
 
   def confirm!
-    self.confirmed = 1
-    self.time = Time.now
-    self.save
-    
-    unless self.voter.election.quickvote?
-      token.destroy and token.reload if token
-      self.token = Token.new
+    if self.voter.election.candidates.length == self.rankings.length
+      self.confirmed = 1
+      self.time = Time.now
       self.save
+    
+      unless self.voter.election.quickvote?
+        token.destroy and token.reload if token
+        self.token = Token.new
+        self.save
+      end
+      return false
+    else
+      return true
     end
   end
 

Benjamin Mako Hill || Want to submit a patch?