liquid_feedback_frontend

view app/main/vote/_action/update.lua @ 9:0ee1e0c42d4c

find changesets by author, revision, files, or words in the commit message
Version beta5

Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.

Changing of name and login is possible while a history of these changes is written and accessible by all users.

Statistics shown in area list

Trimming of user input also converts multiple whitespaces to single space character.
author bsw
date Mon Jan 04 12:00:00 2010 +0100 (2010-01-04)
parents afd9f769c7ae
children 00d1004545f1
line source
1 local issue = Issue:new_selector():add_where{ "id = ?", param.get("issue_id", atom.integer) }:for_share():single_object_mode():exec()
2
3 if issue.closed then
4 slot.put_into("error", _"This issue is already closed.")
5 return false
6 end
7
8 if issue.state ~= "voting" then
9 slot.put_into("error", _"Voting has not started yet.")
10 return false
11 end
12
13 local direct_voter = DirectVoter:by_pk(issue.id, app.session.member_id)
14
15 if not direct_voter then
16 direct_voter = DirectVoter:new()
17 direct_voter.issue_id = issue.id
18 direct_voter.member_id = app.session.member_id
19 end
20
21 direct_voter.autoreject = false
22
23 direct_voter:save()
24
25
26 local scoring = param.get("scoring")
27
28 for initiative_id, grade in scoring:gmatch("([^:;]+):([^:;]+)") do
29 local initiative_id = tonumber(initiative_id)
30 local grade = tonumber(grade)
31 local initiative = Initiative:by_id(initiative_id)
32 if initiative.issue.id ~= issue.id then
33 error("initiative from wrong issue")
34 end
35 local vote = Vote:by_pk(initiative_id, app.session.member.id)
36 if not vote then
37 vote = Vote:new()
38 vote.issue_id = issue.id
39 vote.initiative_id = initiative.id
40 vote.member_id = app.session.member.id
41 end
42 vote.grade = grade
43 vote:save()
44 end
45
46 trace.debug(scoring)
47

Impressum / About Us