From:
Date: Mon, 11 Feb 2008 15:50:53 +0000 (-0500)
Subject: merged changes back from live
X-Git-Url: https://projects.mako.cc/source/selectricity/commitdiff_plain/215cf287e52da41605cb033da236a6b0aeee4f3a?hp=8a444bfe3f442135ba66e5d9b8cdddfa9e3b50f2
merged changes back from live
---
diff --git a/TODO b/TODO
index be982ee..f2e186e 100644
--- a/TODO
+++ b/TODO
@@ -1,2 +1,33 @@
Known bugs or issues:
+- randomize each voting list
+
+- it'd be nice if the ordering were persistent, so I could drag
+ the candidates around, then come back later (loading the page anew),
+ make tweaks, and submit.
+
+- the results page says "the winner is Elizabeth Stark"; it'd be nice
+ if it were aware that it's a five-seat election and could say
+ explicitly who the whole board is.
+
+- it's probably a good thing that users can't check out what alternate
+ voting systems would have done at the click of a button. =)
+ (though of course they could work it out themselves.)
+
+- is there rhyme or reason to the ordering within each row of the
+ second table in pref_tables? it could be, eg, sorted by magnitude
+ of victory, narrowest first.
+
+- it'd be nice to attach names to the email identities, on eg the
+ details page; in this election we'd have said MIT for gregp@mit.edu,
+ Northeastern for cbudnick@gmail.com, etc. I don't know many of these
+ addresses, and names would be more informative. (They'd be more
+ helpful for auditing, too, as one could separately match names to the
+ correct list and match addresses to names.)
+
+- just a tiny suggestion - possibly it could be a good idea to add a
+ counter/line-count to the table with keys and vote results so in one
+ glance someone can see that the number of votes matches the number of
+ voters.
+
+
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 4752f00..22a7940 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,4 +1,3 @@
# Methods added to this helper will be available to all templates in the application.
module ApplicationHelper
-
end
diff --git a/app/views/common/_methodinfo_ssd.rhtml b/app/views/common/_methodinfo_ssd.rhtml
index 6b6d42f..5ec8b89 100644
--- a/app/views/common/_methodinfo_ssd.rhtml
+++ b/app/views/common/_methodinfo_ssd.rhtml
@@ -3,7 +3,7 @@ preference (from most preferred to least preferred):
<% @election.ssd_result.ranked_candidates.each do |place| %>
-
<%= h(place.collect {|c| @names[c].capitalize}.join( " and " )) %>
+
<%= white_list place.collect {|c| @names[c].capitalize}.join( " and " ) %>
<%= "(TIE)" if place.length > 1 %>
<% end %>
diff --git a/app/views/common/_pref_tables.rhtml b/app/views/common/_pref_tables.rhtml
index 7701985..567873b 100644
--- a/app/views/common/_pref_tables.rhtml
+++ b/app/views/common/_pref_tables.rhtml
@@ -14,13 +14,13 @@ top of the left column.
<% candidates.each do |candidate| -%>
-
<%=h @names[candidate] -%>
+
<%= white_list(@names[candidate]) -%>
<% end -%>
<% candidates.each do |winner| -%>
-
<%=h @names[winner] %>
+
<%= white_list(@names[winner]) %>
<% candidates.each do |loser| -%>
<% if winner == loser -%>
--
@@ -46,10 +46,10 @@ parenthesis.
<% candidates.each do |victor| %>
-
<%=h @names[victor] %>
+
<%= white_list(@names[victor]) %>
<% victories[victor].keys.each do |loser| %>
<% margin = victories[victor][loser]%>
-
<% if result.winner? and result.winners.length == 1 -%>
The winner is:
- <%=h @candidates[result.winner].name.capitalize %>
+ <%= white_list(@candidates[result.winner].name.capitalize) %>
<% elsif result.winner? and result.winners.length > 1 %>
- There was a tie. The winners are: <%=h( result.winners.collect {|w| @candidates[w].to_s.capitalize}.join(", ") )%>
+ There was a tie. The winners are: <%= white_list(result.winners.collect {|w| @candidates[w].to_s.capitalize}.join(", ") )%>
<% else %>
There is no winner using this method.
<% end %>
diff --git a/app/views/common/_sortable_vote.rhtml b/app/views/common/_sortable_vote.rhtml
index 6876966..f026c42 100644
--- a/app/views/common/_sortable_vote.rhtml
+++ b/app/views/common/_sortable_vote.rhtml
@@ -2,7 +2,7 @@
<% @election.approval_result.points.keys.sort.each do |candidate| %>
-
<%=h @names[candidate] %>
+
<%= white_list(@names[candidate]) %>
<% end -%>
@@ -12,4 +12,4 @@
<%= points %>
<% end -%>
-
\ No newline at end of file
+
diff --git a/app/views/quickvote/_candidate_list.rhtml b/app/views/quickvote/_candidate_list.rhtml
index 4ec3db8..9ccb3b1 100644
--- a/app/views/quickvote/_candidate_list.rhtml
+++ b/app/views/quickvote/_candidate_list.rhtml
@@ -2,7 +2,7 @@
<% if flash[:candidate_names] %>
<% for cand in flash[:candidate_names] %>
-
<%=h cand.capitalize %>
+
<%= white_list(cand.capitalize) %>
<% end %>
<% end %>
diff --git a/app/views/quickvote/results.rhtml b/app/views/quickvote/results.rhtml
index 8d8bf5f..78e74e8 100644
--- a/app/views/quickvote/results.rhtml
+++ b/app/views/quickvote/results.rhtml
@@ -23,7 +23,7 @@
<% for candidate in @election.candidates.sort %>
-
<%=h candidate.name.capitalize %>
+
<%= white_list(candidate.name.capitalize) %>
<% end %>
diff --git a/app/views/quickvote/thanks.rhtml b/app/views/quickvote/thanks.rhtml
index bf98ef8..d6ed8e0 100644
--- a/app/views/quickvote/thanks.rhtml
+++ b/app/views/quickvote/thanks.rhtml
@@ -8,7 +8,7 @@ preferences:
<% for rank in @voter.vote.rankings.sort %>
-
<%=h rank.candidate.name.capitalize %>
+
<%= white_list(rank.candidate.name.capitalize) %>
<% end %>
diff --git a/app/views/voter/details.rhtml b/app/views/voter/details.rhtml
index 584c408..cf73f41 100644
--- a/app/views/voter/details.rhtml
+++ b/app/views/voter/details.rhtml
@@ -4,7 +4,7 @@
This page contains information useful for auditing elections and
-verify that votes were tabulated correctly.
+verifying that votes were tabulated correctly.
The following invididuals (in random order) voted in this
election:
@@ -20,15 +20,17 @@ election:
The column marked Verification Token lists tokens that were
given to voters at the time of voting. Voters can check to see that the
vote that corresponds to their token was recorded correctly. The column
-marks "vote" lists the candidates in order of the voter's preference. To
-read these votes, please refer to the key below.
+marked Vote lists the candidates in order of the voter's
+preference. To read these votes, refer to the key below.
+
Verification Token
Vote
-<%- @votes.each do |vote| -%>
+<%- @votes.each_with_index do |vote, i| -%>
+
<%= i + 1 %>
<%= vote.token %>
<%= vote.votestring%>
<%- end -%>
diff --git a/test/functional/quickvote_controller_test.rb b/test/functional/quickvote_controller_test.rb
index 60ddb1b..e116c0d 100644
--- a/test/functional/quickvote_controller_test.rb
+++ b/test/functional/quickvote_controller_test.rb
@@ -115,24 +115,40 @@ class QuickvoteControllerTest < Test::Unit::TestCase
post :confirm, { 'ident' => 'variable', 'rankings-list' => votes.sort_by {rand} }
assert_redirected_to :controller => 'quickvote', :ident => 'variable'
end
+
def test_display_tainted_quickvote
+ # create quickvote with tainted data
test_create_quickvote
qv=QuickVote.ident_to_quickvote('variable')
qv.description=""
- qv.candidate_names = ["