From: Benjamin Mako Hill <mako@ephesus.xvm.mit.edu>
Date: Sun, 17 Jun 2012 22:45:25 +0000 (-0400)
Subject: fix bug that allowed votes with more rankings than candidates to be recorded
X-Git-Url: https://projects.mako.cc/source/selectricity/commitdiff_plain/4446a6555bd54ca10a925340bb65c706678ac98e

fix bug that allowed votes with more rankings than candidates to be recorded
---

diff --git a/app/controllers/quickvote_controller.rb b/app/controllers/quickvote_controller.rb
index b57abaa..cd16743 100644
--- a/app/controllers/quickvote_controller.rb
+++ b/app/controllers/quickvote_controller.rb
@@ -165,10 +165,12 @@ class QuickvoteController < ApplicationController
       @voter.save
       
       # toggle the confirmation bit      
-      @voter.vote.confirm!
-     
-      @voter.reload
-      render :action => 'thanks'
+      if @voter.vote.confirm!
+        @voter.reload
+        render :action => 'thanks'
+      else
+        redirect_to :action => 'index'
+      end
     end
   end
  
diff --git a/app/controllers/voter_controller.rb b/app/controllers/voter_controller.rb
index afc0103..4ff8140 100644
--- a/app/controllers/voter_controller.rb
+++ b/app/controllers/voter_controller.rb
@@ -128,16 +128,18 @@ class VoterController < ApplicationController
 
   def confirm
     if authenticate
-      @voter.vote.confirm!
-
-      if @voter.election.embeddable? and params[:embed] == "true" \
-        and @voter.election.early_results?
-        redirect_to :action => :results, :id => @password, :embed => 'true'
+      if @voter.vote.confirm!
+        if @voter.election.embeddable? and params[:embed] == "true" \
+          and @voter.election.early_results?
+          redirect_to :action => :results, :id => @password, :embed => 'true'
+        else
+          render :action => 'thanks'
+        end
       else
-        render :action => 'thanks'
+        redirect_to :action => 'index'
       end
     else
-      redirect_to :action => 'index'
+        redirect_to :action => 'index'
     end
   end
   
diff --git a/app/models/vote.rb b/app/models/vote.rb
index d3010df..719aa7b 100644
--- a/app/models/vote.rb
+++ b/app/models/vote.rb
@@ -73,14 +73,19 @@ class Vote < ActiveRecord::Base
   end
 
   def confirm!
-    self.confirmed = 1
-    self.time = Time.now
-    self.save
-    
-    unless self.voter.election.quickvote?
-      token.destroy and token.reload if token
-      self.token = Token.new
+    if self.voter.election.candidates.length == self.rankings.length
+      self.confirmed = 1
+      self.time = Time.now
       self.save
+    
+      unless self.voter.election.quickvote?
+        token.destroy and token.reload if token
+        self.token = Token.new
+        self.save
+      end
+      return false
+    else
+      return true
     end
   end