Commit 9a65cabf authored by Dries's avatar Dries
Browse files

- Modified patch #51561 by dww: optionally allow people to inspect votes, and to cancel their vote.

parent c3324b9a
...@@ -5,6 +5,9 @@ Drupal x.x.x, xxxx-xx-xx (development version) ...@@ -5,6 +5,9 @@ Drupal x.x.x, xxxx-xx-xx (development version)
* improved configurability of the contact forms. * improved configurability of the contact forms.
- block system: - block system:
* extended the block visibility settings with a role specific settings.. * extended the block visibility settings with a role specific settings..
- poll module:
* optionally allow people to inspect all votes.
* optionally allow people to cancel their vote.
- distributed authentication: - distributed authentication:
* added default server option. * added default server option.
- fixed critical SQL issue, see SA-2006-005 - fixed critical SQL issue, see SA-2006-005
......
...@@ -537,6 +537,7 @@ CREATE TABLE poll ( ...@@ -537,6 +537,7 @@ CREATE TABLE poll (
CREATE TABLE poll_votes ( CREATE TABLE poll_votes (
nid int(10) unsigned NOT NULL, nid int(10) unsigned NOT NULL,
uid int(10) unsigned NOT NULL default 0, uid int(10) unsigned NOT NULL default 0,
chorder int(10) NOT NULL default -1,
hostname varchar(128) NOT NULL default '', hostname varchar(128) NOT NULL default '',
INDEX (nid), INDEX (nid),
INDEX (uid), INDEX (uid),
......
...@@ -573,6 +573,7 @@ DEFAULT CHARACTER SET utf8; ...@@ -573,6 +573,7 @@ DEFAULT CHARACTER SET utf8;
CREATE TABLE poll_votes ( CREATE TABLE poll_votes (
nid int(10) unsigned NOT NULL, nid int(10) unsigned NOT NULL,
uid int(10) unsigned NOT NULL default 0, uid int(10) unsigned NOT NULL default 0,
chorder int(10) NOT NULL default -1,
hostname varchar(128) NOT NULL default '', hostname varchar(128) NOT NULL default '',
INDEX (nid), INDEX (nid),
INDEX (uid), INDEX (uid),
......
...@@ -540,6 +540,7 @@ CREATE TABLE poll ( ...@@ -540,6 +540,7 @@ CREATE TABLE poll (
CREATE TABLE poll_votes ( CREATE TABLE poll_votes (
nid int NOT NULL, nid int NOT NULL,
uid int NOT NULL default 0, uid int NOT NULL default 0,
chorder int NOT NULL default -1,
hostname varchar(128) NOT NULL default '' hostname varchar(128) NOT NULL default ''
); );
CREATE INDEX poll_votes_nid_idx ON poll_votes (nid); CREATE INDEX poll_votes_nid_idx ON poll_votes (nid);
......
...@@ -2040,3 +2040,23 @@ function system_update_183() { ...@@ -2040,3 +2040,23 @@ function system_update_183() {
} }
return $ret; return $ret;
} }
function system_update_184() {
// change DB schema for better poll support
$ret = array();
switch ($GLOBALS['db_type']) {
case 'mysqli':
case 'mysql':
// alter poll_votes table
$ret[] = update_sql("ALTER TABLE {poll_votes} ADD COLUMN chorder int(10) NOT NULL default -1 AFTER uid");
break;
case 'pgsql':
db_add_column($ret, 'poll_votes', 'chorder', 'int', array('not null' => TRUE, 'default' => "'-1'"));
break;
}
return $ret;
}
...@@ -201,11 +201,24 @@ function poll_menu($may_cache) { ...@@ -201,11 +201,24 @@ function poll_menu($may_cache) {
'callback' => 'poll_vote', 'callback' => 'poll_vote',
'access' => user_access('vote on polls'), 'access' => user_access('vote on polls'),
'type' => MENU_CALLBACK); 'type' => MENU_CALLBACK);
$items[] = array('path' => 'poll/cancel',
'title' => t('cancel'),
'callback' => 'poll_cancel',
'access' => user_access('cancel own vote'),
'type' => MENU_CALLBACK);
} }
else { else {
if (arg(0) == 'node' && is_numeric(arg(1))) { if (arg(0) == 'node' && is_numeric(arg(1))) {
$node = node_load(arg(1)); $node = node_load(arg(1));
if ($node->type == 'poll') {
$items[] = array('path' => 'node/'. arg(1) .'/votes',
'title' => t('votes'),
'callback' => 'poll_votes',
'access' => user_access('inspect all votes'),
'weight' => 3,
'type' => MENU_LOCAL_TASK);
}
if ($node->type == 'poll' && $node->allowvotes) { if ($node->type == 'poll' && $node->allowvotes) {
$items[] = array('path' => 'node/'. arg(1) .'/results', $items[] = array('path' => 'node/'. arg(1) .'/results',
'title' => t('results'), 'title' => t('results'),
...@@ -237,10 +250,17 @@ function poll_load($node) { ...@@ -237,10 +250,17 @@ function poll_load($node) {
// Determine whether or not this user is allowed to vote // Determine whether or not this user is allowed to vote
$poll->allowvotes = FALSE; $poll->allowvotes = FALSE;
if (user_access('vote on polls') && $poll->active) { if (user_access('vote on polls') && $poll->active) {
if ($user->uid && db_num_rows(db_query('SELECT uid FROM {poll_votes} WHERE nid = %d AND uid = %d', $node->nid, $user->uid)) == 0) { if ($user->uid) {
$poll->allowvotes = TRUE; $result = db_fetch_object(db_query('SELECT chorder FROM {poll_votes} WHERE nid = %d AND uid = %d', $node->nid, $user->uid));
}
else {
$result = db_fetch_object(db_query("SELECT chorder FROM {poll_votes} WHERE nid = %d AND hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR']));
} }
else if ($user->uid == 0 && db_num_rows(db_query("SELECT hostname FROM {poll_votes} WHERE nid = %d AND hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR'])) == 0) { if (isset($result->chorder)) {
$poll->vote = $result->chorder;
}
else {
$poll->vote = -1;
$poll->allowvotes = TRUE; $poll->allowvotes = TRUE;
} }
} }
...@@ -272,7 +292,7 @@ function poll_page() { ...@@ -272,7 +292,7 @@ function poll_page() {
* Implementation of hook_perm(). * Implementation of hook_perm().
*/ */
function poll_perm() { function poll_perm() {
return array('create polls', 'vote on polls'); return array('create polls', 'vote on polls', 'cancel own vote', 'inspect all votes');
} }
/** /**
...@@ -342,12 +362,12 @@ function poll_view_results(&$node, $teaser, $page, $block) { ...@@ -342,12 +362,12 @@ function poll_view_results(&$node, $teaser, $page, $block) {
} }
} }
$output .= theme('poll_results', check_plain($node->title), $poll_results, $total_votes, $node->links, $block); $output .= theme('poll_results', check_plain($node->title), $poll_results, $total_votes, $node->links, $block, $node->nid, $node->vote);
return $output; return $output;
} }
function theme_poll_results($title, $results, $votes, $links, $block) { function theme_poll_results($title, $results, $votes, $links, $block, $nid, $vote) {
if ($block) { if ($block) {
$output .= '<div class="poll">'; $output .= '<div class="poll">';
$output .= '<div class="title">'. $title .'</div>'; $output .= '<div class="title">'. $title .'</div>';
...@@ -360,6 +380,15 @@ function theme_poll_results($title, $results, $votes, $links, $block) { ...@@ -360,6 +380,15 @@ function theme_poll_results($title, $results, $votes, $links, $block) {
$output .= '<div class="poll">'; $output .= '<div class="poll">';
$output .= $results; $output .= $results;
$output .= '<div class="total">'. t('Total votes: %votes', array('%votes' => $votes)) .'</div>'; $output .= '<div class="total">'. t('Total votes: %votes', array('%votes' => $votes)) .'</div>';
if (isset($vote) && $vote > -1) {
if (user_access('cancel own vote')) {
$form['#action'] = url("poll/cancel/$nid");
$form['choice'] = array('#type' => 'hidden', '#value' => $vote);
$form['submit'] = array('#type' => 'submit', '#value' => t('Cancel your vote'));
$output .= drupal_get_form('poll_cancel_form', $form);
}
$output .= '</div>';
}
$output .= '</div>'; $output .= '</div>';
} }
...@@ -394,6 +423,33 @@ function poll_results() { ...@@ -394,6 +423,33 @@ function poll_results() {
} }
} }
/**
* Callback for the 'votes' tab for polls you can see other votes on
*/
function poll_votes() {
if ($node = node_load(arg(1))) {
drupal_set_title(check_plain($node->title));
$output = t('This table lists all the recorded votes for this poll. If anonymous users are allowed to vote, they will be identified by the IP address of the computer they used when they voted.');
$header[] = array('data' => t('Visitor'), 'field' => 'u.name');
$header[] = array('data' => t('Vote'), 'field' => 'pv.chorder');
$result = pager_query("SELECT pv.chorder, pv.uid, pv.hostname, u.name FROM {poll_votes} pv LEFT JOIN {users} u ON pv.uid = u.uid WHERE pv.nid = %d" . tablesort_sql($header), 20, 0, NULL, $node->nid);
$rows = array();
while ($vote = db_fetch_object($result)) {
$rows[] = array(
$vote->name ? theme('username', $vote) : check_plain($vote->hostname),
check_plain($node->choice[$vote->chorder]['chtext']));
}
$output .= theme('table', $header, $rows);
$output .= theme('pager', NULL, 20, 0);
print theme('page', $output);
}
else {
drupal_not_found();
}
}
/** /**
* Callback for processing a vote * Callback for processing a vote
*/ */
...@@ -408,12 +464,12 @@ function poll_vote(&$node) { ...@@ -408,12 +464,12 @@ function poll_vote(&$node) {
if (isset($choice) && isset($node->choice[$choice])) { if (isset($choice) && isset($node->choice[$choice])) {
if ($node->allowvotes) { if ($node->allowvotes) {
// Mark the user or host as having voted. // Record the vote by this user or host.
if ($user->uid) { if ($user->uid) {
db_query('INSERT INTO {poll_votes} (nid, uid) VALUES (%d, %d)', $node->nid, $user->uid); db_query('INSERT INTO {poll_votes} (nid, chorder, uid) VALUES (%d, %d, %d)', $node->nid, $choice, $user->uid);
} }
else { else {
db_query("INSERT INTO {poll_votes} (nid, hostname) VALUES (%d, '%s')", $node->nid, $_SERVER['REMOTE_ADDR']); db_query("INSERT INTO {poll_votes} (nid, chorder, hostname) VALUES (%d, %d, '%s')", $node->nid, $choice, $_SERVER['REMOTE_ADDR']);
} }
// Add one to the votes. // Add one to the votes.
...@@ -424,13 +480,49 @@ function poll_vote(&$node) { ...@@ -424,13 +480,49 @@ function poll_vote(&$node) {
drupal_set_message(t('Your vote was recorded.')); drupal_set_message(t('Your vote was recorded.'));
} }
else { else {
drupal_set_message(t("You're not allowed to vote on this poll."), 'error'); drupal_set_message(t("You are not allowed to vote on this poll."), 'error');
} }
} }
else { else {
drupal_set_message(t("You didn't specify a valid poll choice."), 'error'); drupal_set_message(t("You did not specify a valid poll choice."), 'error');
}
drupal_goto('node/'. $nid);
}
else {
drupal_not_found();
} }
}
/**
* Callback for canceling a vote
*/
function poll_cancel(&$node) {
global $user;
$nid = arg(2);
if ($node = node_load(array('nid' => $nid))) {
$edit = $_POST['edit'];
$choice = $edit['choice'];
$cancel = $_POST['cancel'];
if (isset($choice) && isset($node->choice[$choice])) {
if ($user->uid) {
db_query('DELETE FROM {poll_votes} WHERE nid = %d and uid = %d', $node->nid, $user->uid);
}
else {
db_query("DELETE FROM {poll_votes} WHERE nid = %d and hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR']);
}
// Subtract from the votes.
db_query("UPDATE {poll_choices} SET chvotes = chvotes - 1 WHERE nid = %d AND chorder = %d", $node->nid, $choice);
$node->allowvotes = true;
$node->choice[$choice]['chvotes']--;
drupal_set_message(t('Your vote was canceled.'));
}
else {
drupal_set_message(t("You are not allowed to cancel an invalid poll choice."), 'error');
}
drupal_goto('node/'. $nid); drupal_goto('node/'. $nid);
} }
else { else {
......
...@@ -201,11 +201,24 @@ function poll_menu($may_cache) { ...@@ -201,11 +201,24 @@ function poll_menu($may_cache) {
'callback' => 'poll_vote', 'callback' => 'poll_vote',
'access' => user_access('vote on polls'), 'access' => user_access('vote on polls'),
'type' => MENU_CALLBACK); 'type' => MENU_CALLBACK);
$items[] = array('path' => 'poll/cancel',
'title' => t('cancel'),
'callback' => 'poll_cancel',
'access' => user_access('cancel own vote'),
'type' => MENU_CALLBACK);
} }
else { else {
if (arg(0) == 'node' && is_numeric(arg(1))) { if (arg(0) == 'node' && is_numeric(arg(1))) {
$node = node_load(arg(1)); $node = node_load(arg(1));
if ($node->type == 'poll') {
$items[] = array('path' => 'node/'. arg(1) .'/votes',
'title' => t('votes'),
'callback' => 'poll_votes',
'access' => user_access('inspect all votes'),
'weight' => 3,
'type' => MENU_LOCAL_TASK);
}
if ($node->type == 'poll' && $node->allowvotes) { if ($node->type == 'poll' && $node->allowvotes) {
$items[] = array('path' => 'node/'. arg(1) .'/results', $items[] = array('path' => 'node/'. arg(1) .'/results',
'title' => t('results'), 'title' => t('results'),
...@@ -237,10 +250,17 @@ function poll_load($node) { ...@@ -237,10 +250,17 @@ function poll_load($node) {
// Determine whether or not this user is allowed to vote // Determine whether or not this user is allowed to vote
$poll->allowvotes = FALSE; $poll->allowvotes = FALSE;
if (user_access('vote on polls') && $poll->active) { if (user_access('vote on polls') && $poll->active) {
if ($user->uid && db_num_rows(db_query('SELECT uid FROM {poll_votes} WHERE nid = %d AND uid = %d', $node->nid, $user->uid)) == 0) { if ($user->uid) {
$poll->allowvotes = TRUE; $result = db_fetch_object(db_query('SELECT chorder FROM {poll_votes} WHERE nid = %d AND uid = %d', $node->nid, $user->uid));
}
else {
$result = db_fetch_object(db_query("SELECT chorder FROM {poll_votes} WHERE nid = %d AND hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR']));
} }
else if ($user->uid == 0 && db_num_rows(db_query("SELECT hostname FROM {poll_votes} WHERE nid = %d AND hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR'])) == 0) { if (isset($result->chorder)) {
$poll->vote = $result->chorder;
}
else {
$poll->vote = -1;
$poll->allowvotes = TRUE; $poll->allowvotes = TRUE;
} }
} }
...@@ -272,7 +292,7 @@ function poll_page() { ...@@ -272,7 +292,7 @@ function poll_page() {
* Implementation of hook_perm(). * Implementation of hook_perm().
*/ */
function poll_perm() { function poll_perm() {
return array('create polls', 'vote on polls'); return array('create polls', 'vote on polls', 'cancel own vote', 'inspect all votes');
} }
/** /**
...@@ -342,12 +362,12 @@ function poll_view_results(&$node, $teaser, $page, $block) { ...@@ -342,12 +362,12 @@ function poll_view_results(&$node, $teaser, $page, $block) {
} }
} }
$output .= theme('poll_results', check_plain($node->title), $poll_results, $total_votes, $node->links, $block); $output .= theme('poll_results', check_plain($node->title), $poll_results, $total_votes, $node->links, $block, $node->nid, $node->vote);
return $output; return $output;
} }
function theme_poll_results($title, $results, $votes, $links, $block) { function theme_poll_results($title, $results, $votes, $links, $block, $nid, $vote) {
if ($block) { if ($block) {
$output .= '<div class="poll">'; $output .= '<div class="poll">';
$output .= '<div class="title">'. $title .'</div>'; $output .= '<div class="title">'. $title .'</div>';
...@@ -360,6 +380,15 @@ function theme_poll_results($title, $results, $votes, $links, $block) { ...@@ -360,6 +380,15 @@ function theme_poll_results($title, $results, $votes, $links, $block) {
$output .= '<div class="poll">'; $output .= '<div class="poll">';
$output .= $results; $output .= $results;
$output .= '<div class="total">'. t('Total votes: %votes', array('%votes' => $votes)) .'</div>'; $output .= '<div class="total">'. t('Total votes: %votes', array('%votes' => $votes)) .'</div>';
if (isset($vote) && $vote > -1) {
if (user_access('cancel own vote')) {
$form['#action'] = url("poll/cancel/$nid");
$form['choice'] = array('#type' => 'hidden', '#value' => $vote);
$form['submit'] = array('#type' => 'submit', '#value' => t('Cancel your vote'));
$output .= drupal_get_form('poll_cancel_form', $form);
}
$output .= '</div>';
}
$output .= '</div>'; $output .= '</div>';
} }
...@@ -394,6 +423,33 @@ function poll_results() { ...@@ -394,6 +423,33 @@ function poll_results() {
} }
} }
/**
* Callback for the 'votes' tab for polls you can see other votes on
*/
function poll_votes() {
if ($node = node_load(arg(1))) {
drupal_set_title(check_plain($node->title));
$output = t('This table lists all the recorded votes for this poll. If anonymous users are allowed to vote, they will be identified by the IP address of the computer they used when they voted.');
$header[] = array('data' => t('Visitor'), 'field' => 'u.name');
$header[] = array('data' => t('Vote'), 'field' => 'pv.chorder');
$result = pager_query("SELECT pv.chorder, pv.uid, pv.hostname, u.name FROM {poll_votes} pv LEFT JOIN {users} u ON pv.uid = u.uid WHERE pv.nid = %d" . tablesort_sql($header), 20, 0, NULL, $node->nid);
$rows = array();
while ($vote = db_fetch_object($result)) {
$rows[] = array(
$vote->name ? theme('username', $vote) : check_plain($vote->hostname),
check_plain($node->choice[$vote->chorder]['chtext']));
}
$output .= theme('table', $header, $rows);
$output .= theme('pager', NULL, 20, 0);
print theme('page', $output);
}
else {
drupal_not_found();
}
}
/** /**
* Callback for processing a vote * Callback for processing a vote
*/ */
...@@ -408,12 +464,12 @@ function poll_vote(&$node) { ...@@ -408,12 +464,12 @@ function poll_vote(&$node) {
if (isset($choice) && isset($node->choice[$choice])) { if (isset($choice) && isset($node->choice[$choice])) {
if ($node->allowvotes) { if ($node->allowvotes) {
// Mark the user or host as having voted. // Record the vote by this user or host.
if ($user->uid) { if ($user->uid) {
db_query('INSERT INTO {poll_votes} (nid, uid) VALUES (%d, %d)', $node->nid, $user->uid); db_query('INSERT INTO {poll_votes} (nid, chorder, uid) VALUES (%d, %d, %d)', $node->nid, $choice, $user->uid);
} }
else { else {
db_query("INSERT INTO {poll_votes} (nid, hostname) VALUES (%d, '%s')", $node->nid, $_SERVER['REMOTE_ADDR']); db_query("INSERT INTO {poll_votes} (nid, chorder, hostname) VALUES (%d, %d, '%s')", $node->nid, $choice, $_SERVER['REMOTE_ADDR']);
} }
// Add one to the votes. // Add one to the votes.
...@@ -424,13 +480,49 @@ function poll_vote(&$node) { ...@@ -424,13 +480,49 @@ function poll_vote(&$node) {
drupal_set_message(t('Your vote was recorded.')); drupal_set_message(t('Your vote was recorded.'));
} }
else { else {
drupal_set_message(t("You're not allowed to vote on this poll."), 'error'); drupal_set_message(t("You are not allowed to vote on this poll."), 'error');
} }
} }
else { else {
drupal_set_message(t("You didn't specify a valid poll choice."), 'error'); drupal_set_message(t("You did not specify a valid poll choice."), 'error');
}
drupal_goto('node/'. $nid);
}
else {
drupal_not_found();
} }
}
/**
* Callback for canceling a vote
*/
function poll_cancel(&$node) {
global $user;
$nid = arg(2);
if ($node = node_load(array('nid' => $nid))) {
$edit = $_POST['edit'];
$choice = $edit['choice'];
$cancel = $_POST['cancel'];
if (isset($choice) && isset($node->choice[$choice])) {
if ($user->uid) {
db_query('DELETE FROM {poll_votes} WHERE nid = %d and uid = %d', $node->nid, $user->uid);
}
else {
db_query("DELETE FROM {poll_votes} WHERE nid = %d and hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR']);
}
// Subtract from the votes.
db_query("UPDATE {poll_choices} SET chvotes = chvotes - 1 WHERE nid = %d AND chorder = %d", $node->nid, $choice);
$node->allowvotes = true;
$node->choice[$choice]['chvotes']--;
drupal_set_message(t('Your vote was canceled.'));
}
else {
drupal_set_message(t("You are not allowed to cancel an invalid poll choice."), 'error');
}
drupal_goto('node/'. $nid); drupal_goto('node/'. $nid);
} }
else { else {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment