Commit 9a65cabf authored by Dries's avatar Dries

- Modified patch #51561 by dww: optionally allow people to inspect votes, and to cancel their vote.

parent c3324b9a
......@@ -5,6 +5,9 @@ Drupal x.x.x, xxxx-xx-xx (development version)
* improved configurability of the contact forms.
- block system:
* extended the block visibility settings with a role specific settings..
- poll module:
* optionally allow people to inspect all votes.
* optionally allow people to cancel their vote.
- distributed authentication:
* added default server option.
- fixed critical SQL issue, see SA-2006-005
......
......@@ -537,6 +537,7 @@ CREATE TABLE poll (
CREATE TABLE poll_votes (
nid int(10) unsigned NOT NULL,
uid int(10) unsigned NOT NULL default 0,
chorder int(10) NOT NULL default -1,
hostname varchar(128) NOT NULL default '',
INDEX (nid),
INDEX (uid),
......
......@@ -573,6 +573,7 @@ DEFAULT CHARACTER SET utf8;
CREATE TABLE poll_votes (
nid int(10) unsigned NOT NULL,
uid int(10) unsigned NOT NULL default 0,
chorder int(10) NOT NULL default -1,
hostname varchar(128) NOT NULL default '',
INDEX (nid),
INDEX (uid),
......
......@@ -540,6 +540,7 @@ CREATE TABLE poll (
CREATE TABLE poll_votes (
nid int NOT NULL,
uid int NOT NULL default 0,
chorder int NOT NULL default -1,
hostname varchar(128) NOT NULL default ''
);
CREATE INDEX poll_votes_nid_idx ON poll_votes (nid);
......
......@@ -2040,3 +2040,23 @@ function system_update_183() {
}
return $ret;
}
function system_update_184() {
// change DB schema for better poll support
$ret = array();
switch ($GLOBALS['db_type']) {
case 'mysqli':
case 'mysql':
// alter poll_votes table
$ret[] = update_sql("ALTER TABLE {poll_votes} ADD COLUMN chorder int(10) NOT NULL default -1 AFTER uid");
break;
case 'pgsql':
db_add_column($ret, 'poll_votes', 'chorder', 'int', array('not null' => TRUE, 'default' => "'-1'"));
break;
}
return $ret;
}
......@@ -201,11 +201,24 @@ function poll_menu($may_cache) {
'callback' => 'poll_vote',
'access' => user_access('vote on polls'),
'type' => MENU_CALLBACK);
$items[] = array('path' => 'poll/cancel',
'title' => t('cancel'),
'callback' => 'poll_cancel',
'access' => user_access('cancel own vote'),
'type' => MENU_CALLBACK);
}
else {
if (arg(0) == 'node' && is_numeric(arg(1))) {
$node = node_load(arg(1));
if ($node->type == 'poll') {
$items[] = array('path' => 'node/'. arg(1) .'/votes',
'title' => t('votes'),
'callback' => 'poll_votes',
'access' => user_access('inspect all votes'),
'weight' => 3,
'type' => MENU_LOCAL_TASK);
}
if ($node->type == 'poll' && $node->allowvotes) {
$items[] = array('path' => 'node/'. arg(1) .'/results',
'title' => t('results'),
......@@ -237,10 +250,17 @@ function poll_load($node) {
// Determine whether or not this user is allowed to vote
$poll->allowvotes = FALSE;
if (user_access('vote on polls') && $poll->active) {
if ($user->uid && db_num_rows(db_query('SELECT uid FROM {poll_votes} WHERE nid = %d AND uid = %d', $node->nid, $user->uid)) == 0) {
$poll->allowvotes = TRUE;
if ($user->uid) {
$result = db_fetch_object(db_query('SELECT chorder FROM {poll_votes} WHERE nid = %d AND uid = %d', $node->nid, $user->uid));
}
else {
$result = db_fetch_object(db_query("SELECT chorder FROM {poll_votes} WHERE nid = %d AND hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR']));
}
else if ($user->uid == 0 && db_num_rows(db_query("SELECT hostname FROM {poll_votes} WHERE nid = %d AND hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR'])) == 0) {
if (isset($result->chorder)) {
$poll->vote = $result->chorder;
}
else {
$poll->vote = -1;
$poll->allowvotes = TRUE;
}
}
......@@ -272,7 +292,7 @@ function poll_page() {
* Implementation of hook_perm().
*/
function poll_perm() {
return array('create polls', 'vote on polls');
return array('create polls', 'vote on polls', 'cancel own vote', 'inspect all votes');
}
/**
......@@ -342,12 +362,12 @@ function poll_view_results(&$node, $teaser, $page, $block) {
}
}
$output .= theme('poll_results', check_plain($node->title), $poll_results, $total_votes, $node->links, $block);
$output .= theme('poll_results', check_plain($node->title), $poll_results, $total_votes, $node->links, $block, $node->nid, $node->vote);
return $output;
}
function theme_poll_results($title, $results, $votes, $links, $block) {
function theme_poll_results($title, $results, $votes, $links, $block, $nid, $vote) {
if ($block) {
$output .= '<div class="poll">';
$output .= '<div class="title">'. $title .'</div>';
......@@ -360,6 +380,15 @@ function theme_poll_results($title, $results, $votes, $links, $block) {
$output .= '<div class="poll">';
$output .= $results;
$output .= '<div class="total">'. t('Total votes: %votes', array('%votes' => $votes)) .'</div>';
if (isset($vote) && $vote > -1) {
if (user_access('cancel own vote')) {
$form['#action'] = url("poll/cancel/$nid");
$form['choice'] = array('#type' => 'hidden', '#value' => $vote);
$form['submit'] = array('#type' => 'submit', '#value' => t('Cancel your vote'));
$output .= drupal_get_form('poll_cancel_form', $form);
}
$output .= '</div>';
}
$output .= '</div>';
}
......@@ -394,6 +423,33 @@ function poll_results() {
}
}
/**
* Callback for the 'votes' tab for polls you can see other votes on
*/
function poll_votes() {
if ($node = node_load(arg(1))) {
drupal_set_title(check_plain($node->title));
$output = t('This table lists all the recorded votes for this poll. If anonymous users are allowed to vote, they will be identified by the IP address of the computer they used when they voted.');
$header[] = array('data' => t('Visitor'), 'field' => 'u.name');
$header[] = array('data' => t('Vote'), 'field' => 'pv.chorder');
$result = pager_query("SELECT pv.chorder, pv.uid, pv.hostname, u.name FROM {poll_votes} pv LEFT JOIN {users} u ON pv.uid = u.uid WHERE pv.nid = %d" . tablesort_sql($header), 20, 0, NULL, $node->nid);
$rows = array();
while ($vote = db_fetch_object($result)) {
$rows[] = array(
$vote->name ? theme('username', $vote) : check_plain($vote->hostname),
check_plain($node->choice[$vote->chorder]['chtext']));
}
$output .= theme('table', $header, $rows);
$output .= theme('pager', NULL, 20, 0);
print theme('page', $output);
}
else {
drupal_not_found();
}
}
/**
* Callback for processing a vote
*/
......@@ -408,12 +464,12 @@ function poll_vote(&$node) {
if (isset($choice) && isset($node->choice[$choice])) {
if ($node->allowvotes) {
// Mark the user or host as having voted.
// Record the vote by this user or host.
if ($user->uid) {
db_query('INSERT INTO {poll_votes} (nid, uid) VALUES (%d, %d)', $node->nid, $user->uid);
db_query('INSERT INTO {poll_votes} (nid, chorder, uid) VALUES (%d, %d, %d)', $node->nid, $choice, $user->uid);
}
else {
db_query("INSERT INTO {poll_votes} (nid, hostname) VALUES (%d, '%s')", $node->nid, $_SERVER['REMOTE_ADDR']);
db_query("INSERT INTO {poll_votes} (nid, chorder, hostname) VALUES (%d, %d, '%s')", $node->nid, $choice, $_SERVER['REMOTE_ADDR']);
}
// Add one to the votes.
......@@ -424,13 +480,49 @@ function poll_vote(&$node) {
drupal_set_message(t('Your vote was recorded.'));
}
else {
drupal_set_message(t("You're not allowed to vote on this poll."), 'error');
drupal_set_message(t("You are not allowed to vote on this poll."), 'error');
}
}
else {
drupal_set_message(t("You didn't specify a valid poll choice."), 'error');
drupal_set_message(t("You did not specify a valid poll choice."), 'error');
}
drupal_goto('node/'. $nid);
}
else {
drupal_not_found();
}
}
/**
* Callback for canceling a vote
*/
function poll_cancel(&$node) {
global $user;
$nid = arg(2);
if ($node = node_load(array('nid' => $nid))) {
$edit = $_POST['edit'];
$choice = $edit['choice'];
$cancel = $_POST['cancel'];
if (isset($choice) && isset($node->choice[$choice])) {
if ($user->uid) {
db_query('DELETE FROM {poll_votes} WHERE nid = %d and uid = %d', $node->nid, $user->uid);
}
else {
db_query("DELETE FROM {poll_votes} WHERE nid = %d and hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR']);
}
// Subtract from the votes.
db_query("UPDATE {poll_choices} SET chvotes = chvotes - 1 WHERE nid = %d AND chorder = %d", $node->nid, $choice);
$node->allowvotes = true;
$node->choice[$choice]['chvotes']--;
drupal_set_message(t('Your vote was canceled.'));
}
else {
drupal_set_message(t("You are not allowed to cancel an invalid poll choice."), 'error');
}
drupal_goto('node/'. $nid);
}
else {
......
......@@ -201,11 +201,24 @@ function poll_menu($may_cache) {
'callback' => 'poll_vote',
'access' => user_access('vote on polls'),
'type' => MENU_CALLBACK);
$items[] = array('path' => 'poll/cancel',
'title' => t('cancel'),
'callback' => 'poll_cancel',
'access' => user_access('cancel own vote'),
'type' => MENU_CALLBACK);
}
else {
if (arg(0) == 'node' && is_numeric(arg(1))) {
$node = node_load(arg(1));
if ($node->type == 'poll') {
$items[] = array('path' => 'node/'. arg(1) .'/votes',
'title' => t('votes'),
'callback' => 'poll_votes',
'access' => user_access('inspect all votes'),
'weight' => 3,
'type' => MENU_LOCAL_TASK);
}
if ($node->type == 'poll' && $node->allowvotes) {
$items[] = array('path' => 'node/'. arg(1) .'/results',
'title' => t('results'),
......@@ -237,10 +250,17 @@ function poll_load($node) {
// Determine whether or not this user is allowed to vote
$poll->allowvotes = FALSE;
if (user_access('vote on polls') && $poll->active) {
if ($user->uid && db_num_rows(db_query('SELECT uid FROM {poll_votes} WHERE nid = %d AND uid = %d', $node->nid, $user->uid)) == 0) {
$poll->allowvotes = TRUE;
if ($user->uid) {
$result = db_fetch_object(db_query('SELECT chorder FROM {poll_votes} WHERE nid = %d AND uid = %d', $node->nid, $user->uid));
}
else {
$result = db_fetch_object(db_query("SELECT chorder FROM {poll_votes} WHERE nid = %d AND hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR']));
}
else if ($user->uid == 0 && db_num_rows(db_query("SELECT hostname FROM {poll_votes} WHERE nid = %d AND hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR'])) == 0) {
if (isset($result->chorder)) {
$poll->vote = $result->chorder;
}
else {
$poll->vote = -1;
$poll->allowvotes = TRUE;
}
}
......@@ -272,7 +292,7 @@ function poll_page() {
* Implementation of hook_perm().
*/
function poll_perm() {
return array('create polls', 'vote on polls');
return array('create polls', 'vote on polls', 'cancel own vote', 'inspect all votes');
}
/**
......@@ -342,12 +362,12 @@ function poll_view_results(&$node, $teaser, $page, $block) {
}
}
$output .= theme('poll_results', check_plain($node->title), $poll_results, $total_votes, $node->links, $block);
$output .= theme('poll_results', check_plain($node->title), $poll_results, $total_votes, $node->links, $block, $node->nid, $node->vote);
return $output;
}
function theme_poll_results($title, $results, $votes, $links, $block) {
function theme_poll_results($title, $results, $votes, $links, $block, $nid, $vote) {
if ($block) {
$output .= '<div class="poll">';
$output .= '<div class="title">'. $title .'</div>';
......@@ -360,6 +380,15 @@ function theme_poll_results($title, $results, $votes, $links, $block) {
$output .= '<div class="poll">';
$output .= $results;
$output .= '<div class="total">'. t('Total votes: %votes', array('%votes' => $votes)) .'</div>';
if (isset($vote) && $vote > -1) {
if (user_access('cancel own vote')) {
$form['#action'] = url("poll/cancel/$nid");
$form['choice'] = array('#type' => 'hidden', '#value' => $vote);
$form['submit'] = array('#type' => 'submit', '#value' => t('Cancel your vote'));
$output .= drupal_get_form('poll_cancel_form', $form);
}
$output .= '</div>';
}
$output .= '</div>';
}
......@@ -394,6 +423,33 @@ function poll_results() {
}
}
/**
* Callback for the 'votes' tab for polls you can see other votes on
*/
function poll_votes() {
if ($node = node_load(arg(1))) {
drupal_set_title(check_plain($node->title));
$output = t('This table lists all the recorded votes for this poll. If anonymous users are allowed to vote, they will be identified by the IP address of the computer they used when they voted.');
$header[] = array('data' => t('Visitor'), 'field' => 'u.name');
$header[] = array('data' => t('Vote'), 'field' => 'pv.chorder');
$result = pager_query("SELECT pv.chorder, pv.uid, pv.hostname, u.name FROM {poll_votes} pv LEFT JOIN {users} u ON pv.uid = u.uid WHERE pv.nid = %d" . tablesort_sql($header), 20, 0, NULL, $node->nid);
$rows = array();
while ($vote = db_fetch_object($result)) {
$rows[] = array(
$vote->name ? theme('username', $vote) : check_plain($vote->hostname),
check_plain($node->choice[$vote->chorder]['chtext']));
}
$output .= theme('table', $header, $rows);
$output .= theme('pager', NULL, 20, 0);
print theme('page', $output);
}
else {
drupal_not_found();
}
}
/**
* Callback for processing a vote
*/
......@@ -408,12 +464,12 @@ function poll_vote(&$node) {
if (isset($choice) && isset($node->choice[$choice])) {
if ($node->allowvotes) {
// Mark the user or host as having voted.
// Record the vote by this user or host.
if ($user->uid) {
db_query('INSERT INTO {poll_votes} (nid, uid) VALUES (%d, %d)', $node->nid, $user->uid);
db_query('INSERT INTO {poll_votes} (nid, chorder, uid) VALUES (%d, %d, %d)', $node->nid, $choice, $user->uid);
}
else {
db_query("INSERT INTO {poll_votes} (nid, hostname) VALUES (%d, '%s')", $node->nid, $_SERVER['REMOTE_ADDR']);
db_query("INSERT INTO {poll_votes} (nid, chorder, hostname) VALUES (%d, %d, '%s')", $node->nid, $choice, $_SERVER['REMOTE_ADDR']);
}
// Add one to the votes.
......@@ -424,13 +480,49 @@ function poll_vote(&$node) {
drupal_set_message(t('Your vote was recorded.'));
}
else {
drupal_set_message(t("You're not allowed to vote on this poll."), 'error');
drupal_set_message(t("You are not allowed to vote on this poll."), 'error');
}
}
else {
drupal_set_message(t("You didn't specify a valid poll choice."), 'error');
drupal_set_message(t("You did not specify a valid poll choice."), 'error');
}
drupal_goto('node/'. $nid);
}
else {
drupal_not_found();
}
}
/**
* Callback for canceling a vote
*/
function poll_cancel(&$node) {
global $user;
$nid = arg(2);
if ($node = node_load(array('nid' => $nid))) {
$edit = $_POST['edit'];
$choice = $edit['choice'];
$cancel = $_POST['cancel'];
if (isset($choice) && isset($node->choice[$choice])) {
if ($user->uid) {
db_query('DELETE FROM {poll_votes} WHERE nid = %d and uid = %d', $node->nid, $user->uid);
}
else {
db_query("DELETE FROM {poll_votes} WHERE nid = %d and hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR']);
}
// Subtract from the votes.
db_query("UPDATE {poll_choices} SET chvotes = chvotes - 1 WHERE nid = %d AND chorder = %d", $node->nid, $choice);
$node->allowvotes = true;
$node->choice[$choice]['chvotes']--;
drupal_set_message(t('Your vote was canceled.'));
}
else {
drupal_set_message(t("You are not allowed to cancel an invalid poll choice."), 'error');
}
drupal_goto('node/'. $nid);
}
else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment