From 59d535e534d142e04898fef6df4378ab790cc408 Mon Sep 17 00:00:00 2001
From: ricola <ricola@poivron.org>
Date: Sun, 6 Apr 2025 17:04:31 -0600
Subject: [PATCH] Require being an organizer to modify the state and organizers
 of a vote

---
 ...otes_results.erb => votes_show_closed.erb} | 40 +++++++++----
 views/{votes_show.erb => votes_show_open.erb} | 58 ++++++++++++-------
 vote.rb                                       | 31 +++++-----
 3 files changed, 80 insertions(+), 49 deletions(-)
 rename views/{votes_results.erb => votes_show_closed.erb} (75%)
 rename views/{votes_show.erb => votes_show_open.erb} (87%)

diff --git a/views/votes_results.erb b/views/votes_show_closed.erb
similarity index 75%
rename from views/votes_results.erb
rename to views/votes_show_closed.erb
index 01b14f9..ae81bd3 100644
--- a/views/votes_results.erb
+++ b/views/votes_show_closed.erb
@@ -2,18 +2,6 @@
 
 <p><%= @vote.description %></p>
 
-<form action="/votes/<%= @vote.secure_id %>/reopen" method="post">
-  <button type="submit">Reopen voting period</button>
-</form>
-
-<h2>Organizers</h2>
-
-<ul>
-  <% @vote.organizers.each do |organizer| %>
-  <li><%= organizer.user.email %></li>
-  <% end %>
-</ul>
-
 <h2>All ratings</h2>
 
 <table>
@@ -42,3 +30,31 @@
   <li><%= candidate.name %>: <%= candidate.mj.mj %></li>
   <% end %>
 </ol>
+
+<% if @vote.users.exists?(current_user.id) %>
+
+<h2>Organizers</h2>
+
+<ul>
+  <% @vote.organizers.each do |organizer| %>
+  <li><%= organizer.user.email %></li>
+  <% end %>
+</ul>
+
+<h3>Actions for organizers</h3>
+
+<form action="/votes/<%= @vote.secure_id %>/reopen" method="post">
+  <button type="submit">Reopen voting period</button>
+</form>
+
+<h3>Add organizer</h3>
+
+<form action="/votes/<%= @vote.secure_id %>/organizers" method="post">
+  <p>
+    <label for="email">Email</label>
+    <input type="text" name="email">
+  </p>
+  <button type="submit">Add new organizer</button>
+</form>
+
+<% end %>
diff --git a/views/votes_show.erb b/views/votes_show_open.erb
similarity index 87%
rename from views/votes_show.erb
rename to views/votes_show_open.erb
index d80ad31..eed4a5b 100644
--- a/views/votes_show.erb
+++ b/views/votes_show_open.erb
@@ -2,26 +2,6 @@
 
 <p><%= @vote.description %></p>
 
-<form action="/votes/<%= @vote.secure_id %>/draft" method="post">
-  <button type="submit">Change back to draft vote</button>
-</form>
-
-<h2>Organizers</h2>
-
-<ul>
-  <% @vote.organizers.each do |organizer| %>
-  <li><%= organizer.user.email %></li>
-  <% end %>
-</ul>
-
-<h2>Participants</h2>
-
-<ul>
-<% @vote.ratings.collect { |rating| rating.user }.uniq.each do |user| %>
-  <li><%= user.email %></li>
-<% end %>
-</ul>
-
 <h2>Your ratings</h2>
 
 <p>Hello, <%= current_user.email %>.</p>
@@ -47,8 +27,42 @@
 <button type="submit">Save ratings</button>
 </form>
 
-<h2>Close voting period</h2>
+<h2>Participants</h2>
+
+<ul>
+<% @vote.ratings.collect { |rating| rating.user }.uniq.each do |user| %>
+  <li><%= user.email %></li>
+<% end %>
+</ul>
+
+<h2>Organizers</h2>
+
+<ul>
+  <% @vote.organizers.each do |organizer| %>
+  <li><%= organizer.user.email %></li>
+  <% end %>
+</ul>
+
+<% if @vote.users.exists?(current_user.id) %>
+
+<h3>Actions for organizers</h3>
+
+<form action="/votes/<%= @vote.secure_id %>/draft" method="post">
+  <button type="submit">Change back to draft vote</button>
+</form>
 
 <form action="/votes/<%= @vote.secure_id %>/close" method="post">
-  <button type="submit">Show results</button>
+  <button type="submit">Close votes and show results</button>
 </form>
+
+<h3>Add organizer</h3>
+
+<form action="/votes/<%= @vote.secure_id %>/organizers" method="post">
+  <p>
+    <label for="email">Email</label>
+    <input type="text" name="email">
+  </p>
+  <button type="submit">Add new organizer</button>
+</form>
+
+<% end %>
diff --git a/vote.rb b/vote.rb
index d7cc4ac..713ca82 100644
--- a/vote.rb
+++ b/vote.rb
@@ -114,7 +114,7 @@ get '/votes/:id' do
   @vote = Vote.find_by(secure_id: params[:id])
   case @vote.state
   when "open"
-    erb :votes_show
+    erb :votes_show_open
   when "draft"
     if @vote.users.exists?(current_user.id)
       erb :votes_edit
@@ -122,7 +122,7 @@ get '/votes/:id' do
       erb :votes_show_draft
     end
   when "closed"
-    erb :votes_results
+    erb :votes_show_closed
   else
     @vote.state = "draft"
     @vote.save
@@ -133,7 +133,7 @@ end
 post '/votes/:id/edit' do
   redirect '/login' unless current_user
   @vote = Vote.find_by(secure_id: params[:id])
-  redirect '/votes/' + vote.secure_id if @vote.state != "draft"
+  redirect '/votes/' + @vote.secure_id unless @vote.state == "draft" and @vote.users.exists?(current_user.id)
   @vote.title = params[:title]
   @vote.description = params[:description]
   @vote.save
@@ -143,7 +143,7 @@ end
 post '/votes/:id/candidates' do
   redirect '/login' unless current_user
   @vote = Vote.find_by(secure_id: params[:id])
-  redirect '/votes/' + vote.secure_id if @vote.state != "draft"
+  redirect '/votes/' + @vote.secure_id unless @vote.state == "draft" and @vote.users.exists?(current_user.id)
   @candidate = Candidate.new(name: params[:name],
                              description: params[:description])
   @candidate.vote = @vote
@@ -154,7 +154,7 @@ end
 post '/votes/:id/open' do
   redirect '/login' unless current_user
   @vote = Vote.find_by(secure_id: params[:id])
-  redirect '/votes/' + vote.secure_id if @vote.state != "draft"
+  redirect '/votes/' + @vote.secure_id unless @vote.state == "draft" and @vote.users.exists?(current_user.id)
   @vote.state = "open"
   @vote.save
   redirect '/votes/' + @vote.secure_id
@@ -163,7 +163,7 @@ end
 post '/votes/:id/draft' do
   redirect '/login' unless current_user
   @vote = Vote.find_by(secure_id: params[:id])
-  redirect '/votes/' + vote.secure_id if @vote.state != "open"
+  redirect '/votes/' + @vote.secure_id unless @vote.state == "open" and @vote.users.exists?(current_user.id)
   @vote.state = "draft"
   @vote.save
   redirect '/votes/' + @vote.secure_id
@@ -172,7 +172,7 @@ end
 post '/votes/:id/close' do
   redirect '/login' unless current_user
   @vote = Vote.find_by(secure_id: params[:id])
-  redirect '/votes/' + vote.secure_id if @vote.state != "open"
+  redirect '/votes/' + @vote.secure_id unless @vote.state == "open" and @vote.users.exists?(current_user.id)
   @vote.state = "closed"
   @vote.save
   redirect '/votes/' + @vote.secure_id
@@ -181,7 +181,7 @@ end
 post '/votes/:id/reopen' do
   redirect '/login' unless current_user
   @vote = Vote.find_by(secure_id: params[:id])
-  redirect '/votes/' + vote.secure_id if @vote.state != "closed"
+  redirect '/votes/' + @vote.secure_id unless @vote.state == "closed" and @vote.users.exists?(current_user.id)
   @vote.state = "open"
   @vote.save
   redirect '/votes/' + @vote.secure_id
@@ -189,21 +189,22 @@ end
 
 post '/votes/:id/ratings' do
   redirect '/login' unless current_user
-  vote = Vote.find_by(secure_id: params[:id])
-  vote.candidates.each do |candidate|
-    rating = Rating.find_or_initialize_by(vote: vote, user: current_user, candidate: candidate)
+  @vote = Vote.find_by(secure_id: params[:id])
+  @vote.candidates.each do |candidate|
+    rating = Rating.find_or_initialize_by(vote: @vote, user: current_user, candidate: candidate)
     rating.value = params[candidate.id.to_s]
     rating.save
   end
-  redirect '/votes/' + vote.secure_id
+  redirect '/votes/' + @vote.secure_id
 end
 
 post '/votes/:id/organizers' do
   redirect '/login' unless current_user
-  vote = Vote.find_by(secure_id: params[:id])
+  @vote = Vote.find_by(secure_id: params[:id])
+  redirect '/votes/' + @vote.secure_id unless @vote.users.exists?(current_user.id)
   user = User.find_by(email: params[:email])
-  vote.users << user
-  redirect '/votes/' + vote.secure_id
+  @vote.users << user
+  redirect '/votes/' + @vote.secure_id
 end
 
 helpers do