summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Lipscombe <Mark Lipscombe@d4452222-2f33-11de-9270-010000000000>2009-08-02 11:44:35 +0000
committerMark Lipscombe <Mark Lipscombe@d4452222-2f33-11de-9270-010000000000>2009-08-02 11:44:35 +0000
commitade8dc177afd706d1f153c5b56c8ea09c3157929 (patch)
tree1ff4e6c412bbc25cfb3ea072b371a589bf9aef1e
parenta6fea98782bfc2e1f3de6cbafbb0461c541fa634 (diff)
downloadcacert-boardvoting-ade8dc177afd706d1f153c5b56c8ea09c3157929.tar.gz
cacert-boardvoting-ade8dc177afd706d1f153c5b56c8ea09c3157929.tar.xz
cacert-boardvoting-ade8dc177afd706d1f153c5b56c8ea09c3157929.zip
Restrict ability to withdraw motions to the proponent only.
git-svn-id: http://svn.cacert.cl/Software/Voting/vote@70 d4452222-2f33-11de-9270-010000000000
-rw-r--r--database.php8
-rw-r--r--motions.php30
2 files changed, 23 insertions, 15 deletions
diff --git a/database.php b/database.php
index 8c7faea..e226c5a 100644
--- a/database.php
+++ b/database.php
@@ -6,10 +6,10 @@
function __construct() {
$this->dbh = new PDO("sqlite:".dirname(__FILE__)."/database.sqlite");
$this->statement = array();
- $this->statement['list decisions'] = $this->dbh->prepare("SELECT decisions.id AS id, decisions.tag AS tag, voters.name AS proposer, decisions.proposed, decisions.title, decisions.content, decisions.votetype, decisions.status, decisions.due, decisions.modified, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=1) AS ayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=-1) AS nayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=0) AS abstains FROM decisions, voters WHERE decisions.proponent=voters.id ORDER BY proposed DESC LIMIT 10 OFFSET 10 * (:page - 1);");
- $this->statement['list my unvoted decisions'] = $this->dbh->prepare("SELECT * FROM (SELECT decisions.id AS id, decisions.tag AS tag, voters.name AS proposer,decisions.proposed AS proposed, decisions.title AS title, decisions.content AS content, decisions.votetype AS votetype, decisions.status AS status, decisions.due AS due, decisions.modified AS modified,(SELECT COUNT(*) AS ayes FROM votes WHERE decision=decisions.id AND vote=1), (SELECT COUNT(*) AS nayes FROM votes WHERE decision=decisions.id AND vote=-1), (SELECT COUNT(*) AS abstains FROM votes WHERE decision=decisions.id AND vote=0) FROM decisions, voters WHERE decisions.proponent=voters.id AND decisions.status=0) WHERE NOT EXISTS (SELECT vote FROM votes WHERE votes.decision=id AND votes.voter=:id) ORDER BY proposed DESC LIMIT 10 OFFSET 10 * (:page - 1);");
- $this->statement['list decision'] = $this->dbh->prepare("SELECT decisions.id AS id, decisions.tag AS tag, voters.name AS proposer, decisions.proposed, decisions.title, decisions.content, decisions.votetype, decisions.status, decisions.due, decisions.modified, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=1) AS ayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=-1) AS nayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=0) AS abstains FROM decisions, voters WHERE decisions.proponent=voters.id AND decisions.tag=:id ORDER BY proposed DESC;");
- $this->statement['closed decisions'] = $this->dbh->prepare("SELECT decisions.id, decisions.tag, voters.name AS proposer, decisions.proposed, decisions.title, decisions.content, decisions.votetype, decisions.status, decisions.due, decisions.modified, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=1) AS ayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=-1) AS nayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=0) AS abstains FROM decisions, voters WHERE decisions.proponent=voters.id AND decisions.status=0 AND datetime('now','utc') > datetime(due);");
+ $this->statement['list decisions'] = $this->dbh->prepare("SELECT decisions.id AS id, decisions.tag AS tag, voters.name AS proposer, decisions.proponent, decisions.proposed, decisions.title, decisions.content, decisions.votetype, decisions.status, decisions.due, decisions.modified, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=1) AS ayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=-1) AS nayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=0) AS abstains FROM decisions, voters WHERE decisions.proponent=voters.id ORDER BY proposed DESC LIMIT 10 OFFSET 10 * (:page - 1);");
+ $this->statement['list my unvoted decisions'] = $this->dbh->prepare("SELECT * FROM (SELECT decisions.id AS id, decisions.tag AS tag, voters.name AS proposer, decisions.proponent AS proponent, decisions.proposed AS proposed, decisions.title AS title, decisions.content AS content, decisions.votetype AS votetype, decisions.status AS status, decisions.due AS due, decisions.modified AS modified,(SELECT COUNT(*) AS ayes FROM votes WHERE decision=decisions.id AND vote=1), (SELECT COUNT(*) AS nayes FROM votes WHERE decision=decisions.id AND vote=-1), (SELECT COUNT(*) AS abstains FROM votes WHERE decision=decisions.id AND vote=0) FROM decisions, voters WHERE decisions.proponent=voters.id AND decisions.status=0) WHERE NOT EXISTS (SELECT vote FROM votes WHERE votes.decision=id AND votes.voter=:id) ORDER BY proposed DESC LIMIT 10 OFFSET 10 * (:page - 1);");
+ $this->statement['list decision'] = $this->dbh->prepare("SELECT decisions.id AS id, decisions.tag AS tag, voters.name AS proposer, decisions.proponent, decisions.proposed, decisions.title, decisions.content, decisions.votetype, decisions.status, decisions.due, decisions.modified, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=1) AS ayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=-1) AS nayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=0) AS abstains FROM decisions, voters WHERE decisions.proponent=voters.id AND decisions.tag=:id ORDER BY proposed DESC;");
+ $this->statement['closed decisions'] = $this->dbh->prepare("SELECT decisions.id, decisions.tag, voters.name AS proposer, decisions.proponent, decisions.proposed, decisions.title, decisions.content, decisions.votetype, decisions.status, decisions.due, decisions.modified, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=1) AS ayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=-1) AS nayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=0) AS abstains FROM decisions, voters WHERE decisions.proponent=voters.id AND decisions.status=0 AND datetime('now','utc') > datetime(due);");
$this->statement['get decision'] = $this->dbh->prepare("SELECT decisions.id, decisions.tag, decisions.proponent, voters.name AS proposer, decisions.proposed, decisions.title, decisions.content, decisions.votetype, decisions.status, decisions.due, decisions.modified, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=1) AS ayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=-1) AS nayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=0) AS abstains FROM decisions, voters WHERE decisions.proponent=voters.id AND decisions.id=:decision;");
$this->statement['get new decision'] = $this->dbh->prepare("SELECT decisions.id, decisions.tag, decisions.proponent, voters.name AS proposer, decisions.proposed, decisions.title, decisions.content, decisions.votetype, decisions.status, decisions.due, decisions.modified, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=1) AS ayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=-1) AS nayes, (SELECT COUNT(*) FROM votes WHERE decision=decisions.id AND vote=0) AS abstains FROM decisions, voters WHERE decisions.proponent=voters.id AND decisions.id=last_insert_rowid();");
$this->statement['get voter'] = $this->dbh->prepare("SELECT voters.id, voters.name FROM voters, emails WHERE voters.id=emails.voter AND emails.address=? AND voters.enabled=1");
diff --git a/motions.php b/motions.php
index 20b4653..b508385 100644
--- a/motions.php
+++ b/motions.php
@@ -5,19 +5,21 @@
$user = $db->auth();
if ($_REQUEST['withdrawl'] && $_REQUEST['confirm'] && $_REQUEST['id']) {
- if (!$user) {
+ $stmt = $db->getStatement("get decision");
+ $stmt->bindParam(":decision",$_REQUEST['id']);
+ $stmt->execute();
+ $decision=$stmt->fetch();
+
+ if (!$decision || !$user || $user['id'] != $decision['proponent']) {
header("HTTP/1.0 302 Redirect");
header("Location: denied.php");
exit();
}
- $stmt = $db->getStatement("get decision");
- $stmt->bindParam(":decision",$_REQUEST['id']);
- if ($stmt->execute() && ($decision=$stmt->fetch())) {
- $name = $user['name'];
- $tag = $decision['tag'];
- $title = $decision['title'];
- $content = $decision['content'];
- $body = <<<BODY
+ $name = $user['name'];
+ $tag = $decision['tag'];
+ $title = $decision['title'];
+ $content = $decision['content'];
+ $body = <<<BODY
Dear Board,
$name has withdrawn the motion $tag that was as follows:
@@ -28,8 +30,8 @@ $content
Kind regards,
the voting system
BODY;
- $db->notify("Re: $tag - $title - withdrawn",$body,$tag);
- }
+ $db->notify("Re: $tag - $title - withdrawn",$body,$tag);
+
$stmt = $db->getStatement("close decision");
$status = -2;
$stmt->bindParam(":status",$status);
@@ -115,7 +117,13 @@ BODY;
<li><a href="vote.php?motion=<?php echo($row['id']); ?>&amp;vote=0">Abstain</a></li>
<li><a href="vote.php?motion=<?php echo($row['id']); ?>&amp;vote=-1">Naye</a></li>
<li><a href="proxy.php?motion=<?php echo($row['id']); ?>">Proxy Vote</a></li>
+ <?php
+ if ($user && $user['id'] == $row['proponent']) {
+ ?>
<li><a href="motions.php?motion=<?php echo($row['tag']); ?>&amp;withdrawl=1">Withdraw</a></li>
+ <?php
+ }
+ ?>
</ul>
<?php
} else {