generate keys for ballots, and misc

jmontross · Feb 7, 2012 · 1c8bdb6 · 1c8bdb6
1 parent 3a3e7cd
commit 1c8bdb6
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 29 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -2,6 +2,12 @@ class ApplicationController < ActionController::Base
   protect_from_forgery
 
   rescue_from Mongoid::Errors::DocumentNotFound, BSON::InvalidObjectId do |exception|
-    render :file => File.join(Rails.root, "public", "404.html"), :status => 404
+    render :file => File.join(Rails.root, "public", "404"), :status => 404
+  end
+
+  private
+  def check_admin_key_and_load_poll
+    @poll = Poll.find(params[:id])
+    render :file => File.join(Rails.root, "public", "404"), :status => 404 if @poll.owner_key != params[:owner_key]
   end
 end
diff --git a/app/controllers/ballots_controller.rb b/app/controllers/ballots_controller.rb
@@ -1,31 +1,26 @@
 class BallotsController < ApplicationController
+  before_filter :load_poll_and_ballot, :only => [:show, :edit, :update]
+  before_filter :check_admin_key_and_load_poll, :only => [:new, :create]
+
   # GET /ballots
   def index
     @ballots = Ballot.all
   end
 
   # GET /ballots/1
   def show
-    @poll = Poll.find(params[:poll_id])
-    @ballot = @poll.ballots.find(params[:ballot_id])
   end
 
   # GET /ballots/new
   def new
-    @poll = Poll.find(params[:id])
-    if @poll.owner_key != params[:owner_key]
-      render :file => File.join(Rails.root, "public", "404.html"), :status => 404 if @poll.owner_key != params[:owner_key]
-    end
   end
 
   # GET /ballots/1/edit
   def edit
-    @ballot = Ballot.find(params[:id])
   end
 
   # POST /ballots
   def create
-    @poll = Poll.find(params[:poll_id])
     emails = params[:emails].split(/\s*,\s*/).reject { |s| s.strip.empty? }.uniq
     emails.each do |e|
       b = @poll.ballots.create(email: e)
@@ -36,18 +31,15 @@ def create
 
   # PUT /ballots/1
   def update
-    @poll = Poll.find(params[:poll_id])
-    @ballot = @poll.ballots.find(params[:ballot_id])
     if @ballot.update_attributes(params[:ballot])
       redirect_to poll_results_path(:ballot_id => @ballot.id, :id => @poll.id), notice: 'Your vote was successfully recorded'
     end
   end
 
-  # DELETE /ballots/1
-  def destroy
-    @ballot = Ballot.find(params[:id])
-    @ballot.destroy
-
-    format.html { redirect_to ballots_url }
+  private
+  def load_poll_and_ballot
+    @poll = Poll.find(params[:poll_id])
+    @ballot = @poll.ballots.find(:key => params[:ballot_key])
+    render :file => File.join(Rails.root, "public", "404"), :status => 404 if !@ballot.present?
   end
 end
diff --git a/app/controllers/polls_controller.rb b/app/controllers/polls_controller.rb
@@ -1,5 +1,5 @@
 class PollsController < ApplicationController
-  before_filter :check_admin_key, :only => [:edit, :update, :destroy]
+  before_filter :check_admin_key_and_load_poll, :only => [:edit, :update, :destroy]
 
   # GET /polls
   def index
@@ -43,13 +43,7 @@ def update
   # DELETE /polls/1
   def destroy
     @poll.destroy
-
     redirect_to polls_url
   end
-
-  private
-  def check_admin_key
-    @poll = Poll.find(params[:id])
-    render :file => File.join(Rails.root, "public", "404.html"), :status => 404 if @poll.owner_key != params[:owner_key] 
-  end
+
 end
diff --git a/app/models/ballot.rb b/app/models/ballot.rb
@@ -4,12 +4,17 @@ class Ballot
 
   field :email, :type => String
   field :cast, :type => Boolean, :default => false
+  field :key, :type => String
+  index :key
 
   embeds_many :choices
   embedded_in :poll
   accepts_nested_attributes_for :choices
+  before_validation :generate_key
   after_update :destroy_blank_choices, :ensure_one_choice, :sort_by_priority
   before_update :mark_as_cast
+  validates_presence_of :key
+  validates_uniqueness_of :key
 
   set_callback(:create, :after) do |ballot|
     InviteMailer.invite_to_vote(ballot).deliver
@@ -28,7 +33,7 @@ def sort_by_priority
     reordered_choices.each { |choice| self.choices.create(choice.attributes) } 
   end
 
-  protected
+  private
 
   def destroy_blank_choices
      self.cast = true 
@@ -43,4 +48,11 @@ def mark_as_cast
     self.cast = true
   end
 
+  def generate_key
+    # if a collision, try again
+    begin
+      new_key = SecureRandom.urlsafe_base64(4)
+    end while self.poll.ballots.where(:key => new_key).count > 0
+    self.key = new_key
+  end
 end
diff --git a/app/models/poll.rb b/app/models/poll.rb
@@ -17,7 +17,7 @@ class Poll
     OwnerMailer.send_admin_link(poll).deliver
   end
 
-  protected
+  private
 
   def generate_owner_key
     self.owner_key = SecureRandom.urlsafe_base64(4)

diff --git a/config/routes.rb b/config/routes.rb
@@ -56,8 +56,8 @@
 
   get '/:id/:owner_key/invite_voters' => 'ballots#new', :as => :invite_voters
   post 'ballots/update' => 'ballots#update', :as => :update_ballot
-  get '/:poll_id/:ballot_id' => 'ballots#show', :as => :vote_on_ballot
-  get '/:id/:ballot_id/results' => 'polls#show', :as => :poll_results
+  get '/:poll_id/:ballot_key' => 'ballots#show', :as => :vote_on_ballot
+  get '/:id/:bellot_key/results' => 'polls#show', :as => :poll_results
   get '/:id/:owner_key/admin' => 'polls#edit', :as => :poll_admin
 
   # See how all your routes lay out with "rake routes"