From 1d7a26940867a5ebf5b6eb2c6ef2bd020c2f0bc1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <javim@elretirao.net>
Date: Sat, 1 Jul 2023 22:43:05 +0200
Subject: [PATCH] Use a transaction when registering a vote

Otherwise it would be possible to increment the votes counter without
actually introducing the vote.
---
 app/models/debate.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/models/debate.rb b/app/models/debate.rb
index 5333c08ad..0606d6630 100644
--- a/app/models/debate.rb
+++ b/app/models/debate.rb
@@ -107,8 +107,13 @@ class Debate < ApplicationRecord
 
   def register_vote(user, vote_value)
     if votable_by?(user)
-      Debate.increment_counter(:cached_anonymous_votes_total, id) if user.unverified? && !user.voted_for?(self)
-      vote_by(voter: user, vote: vote_value)
+      transaction do
+        if user.unverified? && !user.voted_for?(self)
+          Debate.increment_counter(:cached_anonymous_votes_total, id)
+        end
+
+        vote_by(voter: user, vote: vote_value)
+      end
     end
   end