Skip to content

Commit

Permalink
Fixing voting
Browse files Browse the repository at this point in the history
Using the endpoint 'forms/:formID/vote' doesn't work with the sendToDela method
  • Loading branch information
ineiti committed Sep 28, 2023
1 parent 34ba6ca commit 40742e9
Showing 1 changed file with 24 additions and 25 deletions.
49 changes: 24 additions & 25 deletions web/backend/src/controllers/dela.ts
Original file line number Diff line number Diff line change
Expand Up @@ -177,31 +177,6 @@ delaRouter.use('/services/shuffle/:formID', (req, res, next) => {
next();
});

delaRouter.post('/forms/:formID/vote', (req, res) => {
if (!req.session.userId) {
res.status(401).send('Authentication required!');
return;
}
if (!isAuthorized(req.session.userId, req.params.formID, PERMISSIONS.ACTIONS.VOTE)) {
res.status(400).send('Unauthorized');
return;
}

// We must set the UserID to know who this ballot is associated to. This is
// only needed to allow users to cast multiple ballots, where only the last
// ballot is taken into account. To preserve anonymity, the web-backend could
// translate UserIDs to another random ID.
// bodyData.UserID = req.session.userId.toString();

// DEBUG: this is only for debugging and needs to be replaced before production
const bodyData = req.body;
console.warn('DEV CODE - randomizing the SCIPER ID to allow for unlimited votes');
bodyData.UserID = makeid(10);

const dataStr = JSON.stringify(bodyData);
sendToDela(dataStr, req, res);
});

delaRouter.delete('/forms/:formID', (req, res) => {
if (!req.session.userId) {
res.status(401).send('Unauthenticated');
Expand Down Expand Up @@ -263,6 +238,30 @@ delaRouter.use('/*', (req, res) => {
}

const bodyData = req.body;

// special case for voting
const match = req.baseUrl.match('/api/evoting/forms/(.*)/vote');
if (match) {
if (!req.session.userId) {
res.status(401).send('Authentication required!');
return;
}
if (!isAuthorized(req.session.userId, match[1], PERMISSIONS.ACTIONS.VOTE)) {
res.status(400).send('Unauthorized');
return;
}

// We must set the UserID to know who this ballot is associated to. This is
// only needed to allow users to cast multiple ballots, where only the last
// ballot is taken into account. To preserve anonymity, the web-backend could
// translate UserIDs to another random ID.
// bodyData.UserID = req.session.userId.toString();

// DEBUG: this is only for debugging and needs to be replaced before production
console.warn('DEV CODE - randomizing the SCIPER ID to allow for unlimited votes');
bodyData.UserID = makeid(10);
}

const dataStr = JSON.stringify(bodyData);

sendToDela(dataStr, req, res);
Expand Down

0 comments on commit 40742e9

Please sign in to comment.