Skip to content
Snippets Groups Projects
Commit 0d15b15c authored by jan.bednarik's avatar jan.bednarik
Browse files

Hide voters hashes in running election

parent c1a8e826
No related branches found
No related tags found
2 merge requests!38Hide voters hashes in running election,!37Hide voters hashes in running election
Pipeline #17061 passed
import re
import pytz
from django.conf import settings
from django.http import JsonResponse
from django.views.generic import TemplateView, View
......@@ -21,6 +24,24 @@ class IndexView(TemplateView):
template_name = "api/index.html"
def get_auth_token(headers):
auth_header = headers.get("Authorization", "")
m = re.match(r"Bearer (?P<token>.+)", auth_header)
if m:
return m.group("token")
return None
def should_hide_votes(request, election):
if election.voting_has_started() and not election.voting_has_stopped():
if not settings.API_TOKEN:
return True
if get_auth_token(request.headers) == settings.API_TOKEN:
return False
return True
return False
def election_as_dict(election):
voting_start_at = (
election.voting_start_at.replace(tzinfo=pytz.UTC)
......@@ -74,7 +95,10 @@ class UserElectionsView(JsonView):
elections = []
for voter in qs:
election = election_as_dict(voter.election)
election["user_has_voted"] = voter.vote_hash is not None
if should_hide_votes(request, voter.election):
election["user_has_voted"] = False
else:
election["user_has_voted"] = voter.vote_hash is not None
elections.append(election)
return {"username": username, "elections": elections}
......@@ -90,14 +114,18 @@ class ElectionVotersView(JsonView):
result = election_as_dict(election)
result["voters"] = []
hide_votes = should_hide_votes(request, election)
voters = (
election.voter_set.all()
.values_list("user__user_id", "vote_hash")
.order_by("user__user_id")
)
for user_id, vote_hash in voters:
result["voters"].append(
{"username": user_id, "has_voted": vote_hash is not None}
)
if hide_votes:
has_voted = False
else:
has_voted = vote_hash is not None
result["voters"].append({"username": user_id, "has_voted": has_voted})
return result
......@@ -143,7 +143,7 @@ Voliči {{voters_page.start_index}} - {{voters_page.end_index}} (z {{total_voter
{% if election.use_voter_aliases %}
<td>{{voter.alias}}</td>
{% endif %}
<td><tt style="font-size: 1.4em;">{% if voter.vote_hash %}{{voter.vote_hash}} <span style="font-size:0.8em;"><!-- no link for now --></span>{% else %}&mdash;{% endif %}</tt></td>
<td><tt style="font-size: 1.4em;">{% if voter.vote_hash %}{% if not election.voting_has_stopped and voter.user != user %}&mdash;{% else %}{{voter.vote_hash}}{% endif %}{% else %}&mdash;{% endif %}</tt></td>
</tr>
{% endfor %}
</table>
......
......@@ -1222,6 +1222,7 @@ def voters_list_pretty(request, election):
{'election': election, 'voters_page': voters_page,
'voters': voters_page.object_list, 'admin_p': admin_p,
'email_voters': VOTERS_EMAIL,
'user': get_user(request),
'limit': limit, 'total_voters': total_voters,
'upload_p': VOTERS_UPLOAD, 'q' : q,
'voter_files': voter_files,
......
......@@ -314,6 +314,8 @@ PIRATI_CLIENT_SECRET = get_from_env('PIRATI_CLIENT_SECRET', '')
OCTOPUS_API_URL = get_from_env('OCTOPUS_API_URL', '')
OCTOPUS_API_TOKEN = get_from_env('OCTOPUS_API_TOKEN', '')
API_TOKEN = get_from_env('API_TOKEN', '')
if DEBUG:
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment