Make sure the candidate belongs to the vote
This commit is contained in:
parent
5a278fcddf
commit
62e70e3935
1 changed files with 10 additions and 1 deletions
11
vedia.rb
11
vedia.rb
|
|
@ -338,7 +338,8 @@ post '/votes/:id/candidates/:cid/delete' do
|
|||
find_vote
|
||||
require_organizer
|
||||
require_draft_vote
|
||||
@candidate = Candidate.find(params[:cid])
|
||||
find_candidate
|
||||
require_candidate_in_vote
|
||||
@candidate.destroy
|
||||
redirect '/votes/' + @vote.secure_id
|
||||
end
|
||||
|
|
@ -489,6 +490,14 @@ helpers do
|
|||
@vote = Vote.find_by(secure_id: params[:id])
|
||||
end
|
||||
|
||||
def find_candidate
|
||||
@candidate = Candidate.find(params[:cid])
|
||||
end
|
||||
|
||||
def require_candidate_in_vote
|
||||
redirect '/votes/' + @vote.secure_id unless @candidate.vote == @vote
|
||||
end
|
||||
|
||||
def require_organizer
|
||||
redirect '/votes/' + @vote.secure_id unless @vote.users.exists?(current_user.id)
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue