ricola/vedia
0
0
Fork 0
Code Issues 18 Pull requests Projects Releases Packages Wiki Activity Actions

Make sure the candidate belongs to the vote

Browse source
This commit is contained in:
ricola 2025-12-04 01:25:18 +01:00
parent 5a278fcddf
commit 62e70e3935
1 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
vedia.rb
View file

@ -338,7 +338,8 @@ post '/votes/:id/candidates/:cid/delete' do
find_vote find_vote
require_organizer require_organizer
require_draft_vote require_draft_vote
@candidate = Candidate.find(params[:cid]) find_candidate
require_candidate_in_vote
@candidate.destroy @candidate.destroy
redirect '/votes/' + @vote.secure_id redirect '/votes/' + @vote.secure_id
end end
@ -489,6 +490,14 @@ helpers do
@vote = Vote.find_by(secure_id: params[:id]) @vote = Vote.find_by(secure_id: params[:id])
end end
def find_candidate
@candidate = Candidate.find(params[:cid])
end
def require_candidate_in_vote
redirect '/votes/' + @vote.secure_id unless @candidate.vote == @vote
end
def require_organizer def require_organizer
redirect '/votes/' + @vote.secure_id unless @vote.users.exists?(current_user.id) redirect '/votes/' + @vote.secure_id unless @vote.users.exists?(current_user.id)
end end