From: John Dong <jdong@mit.edu>
Date: Fri, 17 Aug 2007 00:20:16 +0000 (-0400)
Subject: XMLRPC Vote Casting Validation:
X-Git-Url: https://projects.mako.cc/source/selectricity/commitdiff_plain/bbd877082e64db53c96467431cb766c75f14c96c

XMLRPC Vote Casting Validation:
  * Can only vote for candidate_id's within the current election
  * Can only rank each candidate once
  * Must rank all candidates
---

diff --git a/TODO b/TODO
index dbac0f6..be982ee 100644
--- a/TODO
+++ b/TODO
@@ -1,3 +1,2 @@
 Known bugs or issues:
 
-* Validate XMLRPC data, particularly creating quickvotes
diff --git a/app/models/selectricity_service.rb b/app/models/selectricity_service.rb
index 3f0a3bf..4075f64 100644
--- a/app/models/selectricity_service.rb
+++ b/app/models/selectricity_service.rb
@@ -5,6 +5,12 @@ class SelectricityService < ActionWebService::Base
   def cast_quickvote(election_name, voter_id, vote_list)
     election = QuickVote.ident_to_quickvote election_name
     if election
+      candidates=election.candidates.collect { |c| c.id }
+      vote_list[0].each do |vote|
+        raise ArgumentError.new "Invalid Candidate ID #{vote}" unless candidates.index(vote)
+      end
+      raise ArgumentError.new "You must rank all candidates" unless candidates.length <= vote_list[0].length
+      raise ArgumentError.new "Please rank each candidate only once" if vote_list[0].uniq!
       voter = QuickVoter.new
       voter.election = election
       voter.ipaddress = "XMLRPC Request"