Merge pull request #1994 from consul/feature/1985#voting_token

Voter Answer unique Token
2017-10-07 16:54:01 +02:00
parent a585f79351 84e35edca7
commit 2e4ce39722
17 changed files with 79 additions and 17 deletions
--- a/app/assets/javascripts/application.js
+++ b/app/assets/javascripts/application.js
@@ -70,6 +70,7 @@
 //= require polls_admin
 //= require leaflet
 //= require map
+//= require polls

 var initialize_modules = function() {
  App.Comments.initialize();
@@ -108,6 +109,7 @@ var initialize_modules = function() {
  App.TagAutocomplete.initialize();
  App.PollsAdmin.initialize();
  App.Map.initialize();
+  App.Polls.initialize();
 };

 $(function(){
--- a/app/assets/javascripts/polls.js.coffee
+++ b/app/assets/javascripts/polls.js.coffee
@@ -0,0 +1,28 @@
+App.Polls =
+  generateToken: ->
+    token = ''
+    rand = ''
+    for n in [0..5]
+      rand = Math.random().toString(36).substr(2) # remove `0.`
+      token = token + rand;
+
+    token = token.substring(0, 64)
+    return token
+
+  replaceToken: ->
+    for link in $('.js-question-answer')
+      token_param = link.search.slice(-6)
+      if token_param == "token="
+        link.href = link.href + @token
+
+  initialize: ->
+    @token = App.Polls.generateToken()
+    App.Polls.replaceToken()
+
+    $(".js-question-answer").on
+      click: =>
+        token_message = $(".js-token-message")
+        if !token_message.is(':visible')
+          token_message.html(token_message.html() + "<br><strong>" + @token + "</strong>");
+          token_message.show()
+    false
--- a/app/controllers/polls/questions_controller.rb
+++ b/app/controllers/polls/questions_controller.rb
@@ -7,11 +7,12 @@ class Polls::QuestionsController < ApplicationController

  def answer
    answer = @question.answers.find_or_initialize_by(author: current_user)
+    token = params[:token]

    answer.answer = params[:answer]
    answer.touch if answer.persisted?
    answer.save!
-    answer.record_voter_participation
+    answer.record_voter_participation(token)

    @answers_by_question_id = { @question.id => params[:answer] }
  end
--- a/app/controllers/polls_controller.rb
+++ b/app/controllers/polls_controller.rb
@@ -1,5 +1,7 @@
 class PollsController < ApplicationController

+  include PollsHelper
+
  load_and_authorize_resource

  has_filters %w{current expired incoming}
@@ -12,7 +14,7 @@ class PollsController < ApplicationController

  def show
    @questions = @poll.questions.for_render.sort_for_list
-
+    @token = poll_voter_token(@poll, current_user)
    @answers_by_question_id = {}
    poll_answers = ::Poll::Answer.by_question(@poll.question_ids).by_author(current_user.try(:id))
    poll_answers.each do |answer|
--- a/app/helpers/polls_helper.rb
+++ b/app/helpers/polls_helper.rb
@@ -41,6 +41,10 @@ module PollsHelper
    booth.name + location
  end

+  def poll_voter_token(poll, user)
+    Poll::Voter.where(poll: poll, user: user, origin: "web").first&.token || ''
+  end
+  
  def voted_before_sign_in(question)
    question.answers.where(author: current_user).any? { |vote| current_user.current_sign_in_at >= vote.updated_at }
  end
--- a/app/models/poll/answer.rb
+++ b/app/models/poll/answer.rb
@@ -16,7 +16,7 @@ class Poll::Answer < ActiveRecord::Base
  scope :by_author, ->(author_id) { where(author_id: author_id) }
  scope :by_question, ->(question_id) { where(question_id: question_id) }

-  def record_voter_participation
-    Poll::Voter.find_or_create_by!(user: author, poll: poll, origin: "web")
+  def record_voter_participation(token)
+    Poll::Voter.find_or_create_by(user: author, poll: poll, origin: "web", token: token)
  end
-end
+end
--- a/app/views/polls/questions/_answers.html.erb
+++ b/app/views/polls/questions/_answers.html.erb
@@ -10,11 +10,11 @@
        </span>
      <% else %>
        <%= link_to answer.title,
-          answer_question_path(question, answer: answer.title),
+          answer_question_path(question, answer: answer.title, token: token),
          method: :post,
          remote: true,
          title: t("poll_questions.show.vote_answer", answer: answer.title),
-          class: "button secondary hollow" %>
+          class: "button secondary hollow js-question-answer" %>
      <% end %>
    <% end %>
  <% else %>
--- a/app/views/polls/questions/_question.html.erb
+++ b/app/views/polls/questions/_question.html.erb
@@ -4,6 +4,6 @@
  </h3>

  <div id="<%= dom_id(question) %>_answers" class="padding">
-    <%= render 'polls/questions/answers', question: question %>
+    <%= render 'polls/questions/answers', question: question, token: token %>
  </div>
 </div>
--- a/app/views/polls/questions/answer.js.erb
+++ b/app/views/polls/questions/answer.js.erb
@@ -1 +1,2 @@
-$("#<%= dom_id(@question) %>_answers").html('<%= j render("polls/questions/answers", question: @question) %>');
+<% token = poll_voter_token(@question.poll, current_user) %>
+$("#<%= dom_id(@question) %>_answers").html('<%= j render("polls/questions/answers", question: @question, token: token) %>');
--- a/app/views/polls/show.html.erb
+++ b/app/views/polls/show.html.erb
@@ -38,13 +38,21 @@
          <%= t("polls.show.already_voted_in_booth") %>
        </div>
      <% else %>
+
+      <% if poll_voter_token(@poll, current_user).empty? %>
+        <div class="callout primary js-token-message" style="display: none">
+          <%= t('poll_questions.show.voted_token') %>
+        </div>
+      <% end %>
+
        <% if current_user && !@poll.votable_by?(current_user) %>
          <div class="callout warning">
            <%= t("polls.show.already_voted_in_web") %>
          </div>
        <% end %>
+
        <% @questions.each do |question| %>
-          <%= render 'polls/questions/question', question: question %>
+          <%= render 'polls/questions/question', question: question, token: @token %>
        <% end %>
      <% end %>
    </div>