Initial changes defense

parent fff69c85
class ElectionController < ApplicationController
def vote
@vote = Vote.new
@candidates = Candidate.all.group_by(&:position_id)
render "/votes/vote.html.erb"
end
def confirm_vote
@vote = Vote.new(vote_params)
@vote.user = current_user
if @vote.save(vote_params)
if current_user.votes.count >= Position.count
redirect_to root_path, notice: "You have already exceeded your number of votes."
else
redirect_to :vote, notice: "Vote successful!"
end
else
render :vote
end
end
def vote_history
@votes = current_user.votes
end
private
def vote_params
params.require(:vote).permit!
end
end
\ No newline at end of file
...@@ -3,16 +3,19 @@ ...@@ -3,16 +3,19 @@
<h1>Ballot</h1> <h1>Ballot</h1>
<% @candidates.each do |position_id, candidates| %> <% @candidates.each do |position_id, candidates| %>
<%= simple_form_for(@vote, url: confirm_vote_path, method: :post) do |o| %> <%= simple_form_for(@vote, url: "/election/vote/id:", method: :get) do |o| %>
<%= Position.find(position_id).name %> <%= Position.find(position_id).name %>
<ul> <ul>
<li><%= o.association :candidate, :collection => candidates %></li> <li><%= o.association :candidate, :collection => candidates %></li>
<li><%= o.input :comments %></li>
</ul> </ul>
<% if current_user.votes.count >= Position.count %>
<% link_to "Home", root_path %>
<% else %>
<%= o.button :submit, "Vote" %> <%= o.button :submit, "Vote" %>
<% end %> <% end %>
<% end %>
<%= link_to "Back to Home", candidates_list_path %> <%= link_to "Back to Home", candidates_list_path %>
<% end %> <% end %>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment