diff options
| author | ThibG <thib@sitedethib.com> | 2019-03-08 00:54:50 +0100 |
|---|---|---|
| committer | Eugen Rochko <eugen@zeonfederated.com> | 2019-03-08 00:54:50 +0100 |
| commit | 3aaac4f134eb092baeb0ba5979bdb3abd702a4ee (patch) | |
| tree | 166112abcd990ece652d0be5792be5d54edd58cc | |
| parent | 054bbb3da21b2c76374eb921cba862adb8d5a0b3 (diff) | |
Do not allow adding votes to expired polls (#10214)
* Do not allow adding votes to expired polls * Only validate expires_at on create
| -rw-r--r-- | app/lib/activitypub/activity/create.rb | 1 | ||||
| -rw-r--r-- | app/models/poll.rb | 2 | ||||
| -rw-r--r-- | app/services/vote_service.rb | 2 | ||||
| -rw-r--r-- | spec/lib/activitypub/activity/create_spec.rb | 22 |
4 files changed, 26 insertions, 1 deletions
diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index 87179030c..7e4e57ead 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -241,6 +241,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity def poll_vote? return false if replied_to_status.nil? || replied_to_status.poll.nil? || !replied_to_status.local? || !replied_to_status.poll.options.include?(@object['name']) + return true if replied_to_status.poll.expired? replied_to_status.poll.votes.create!(account: @account, choice: replied_to_status.poll.options.index(@object['name']), uri: @object['id']) end diff --git a/app/models/poll.rb b/app/models/poll.rb index 14a38026a..09f0b65ec 100644 --- a/app/models/poll.rb +++ b/app/models/poll.rb @@ -28,7 +28,7 @@ class Poll < ApplicationRecord validates :options, presence: true validates :expires_at, presence: true, if: :local? - validates_with PollValidator, if: :local? + validates_with PollValidator, on: :create, if: :local? scope :attached, -> { where.not(status_id: nil) } scope :unattached, -> { where(status_id: nil) } diff --git a/app/services/vote_service.rb b/app/services/vote_service.rb index 8bab2810e..5b80da03a 100644 --- a/app/services/vote_service.rb +++ b/app/services/vote_service.rb @@ -11,6 +11,8 @@ class VoteService < BaseService @choices = choices @votes = [] + return if @poll.expired? + ApplicationRecord.transaction do @choices.each do |choice| @votes << @poll.votes.create!(account: @account, choice: choice) diff --git a/spec/lib/activitypub/activity/create_spec.rb b/spec/lib/activitypub/activity/create_spec.rb index 56c7bfc61..3a1463d95 100644 --- a/spec/lib/activitypub/activity/create_spec.rb +++ b/spec/lib/activitypub/activity/create_spec.rb @@ -482,6 +482,28 @@ RSpec.describe ActivityPub::Activity::Create do expect(poll.reload.cached_tallies).to eq [1, 0] end end + + context 'when a vote to an expired local poll' do + let(:poll) do + poll = Fabricate.build(:poll, options: %w(Yellow Blue), expires_at: 1.day.ago) + poll.save(validate: false) + poll + end + let!(:local_status) { Fabricate(:status, owned_poll: poll) } + + let(:object_json) do + { + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, + type: 'Note', + name: 'Yellow', + inReplyTo: ActivityPub::TagManager.instance.uri_for(local_status) + } + end + + it 'does not add a vote to the poll' do + expect(poll.votes.first).to be_nil + end + end end context 'when sender is followed by local users' do |