/* 6/8/09 danielhonrade bug report
*
* Hi, I was hacking the poll core module (which is really bad, I know but
* I only have few days to finish the project, this is temporary anyway, I am
* planning to create a module that would integrate to poll module with the following
* features:
* - use of google chart
* - add default values for choices
* - allow/disallow users to add choices and change other settings
* - require users to vote before commenting and not otherwise
*
* then I encountered this PROBLEM, which I thought at first was the result of
* my hacking but when I installed a fresh Drupal6 and tested the poll again,
* it's still there, you can check the bug by:
* 1) Install fresh Drupal 6
* 2) Allow authenticated users to vote, create/edit/delete own poll
* 3) Login as a new authenticated user and not as admin, so you don't have node administer perm
* 4) Create a poll, then vote and edit then save
* 5) You'll notice that the vote values become 0
* 5) Cancel your vote, the result becomes -1
*
* PROBLEM: if an authenticated user without node administer permission but
* has a permission to edit his/any poll, everytime he edits his poll or
* any poll the vote values become 0 and when he goes to view tab,
* if has voted, the cancel button still exists even though vote values are 0
* so if he decided to cancel, the result is negative value which
* the validator function doesn't even notice
*
* I created a patch, which I am sure, it's not the best, but it works
*
* SOLUTION 1: I added an else statement where I copied the the content in the
* if($admin) {...} and added '#disabled' => 'disabled', and changed
* '#default_value' => $votes, to '#value' => $votes, because if the
* attribute is disabled #default_value doesn't pass its value
*
* SOLUTION 2: I added an else statement where I copied the the content in the
* if($admin) {...} and just change the '#type' => 'textfield', to '#type' => 'hidden',
* but you'll have nothing under the heading VOTE COUNT which is the original
* state when you create a poll in the original poll module
*/

// PATCH, just replace this function with this one
function _poll_choice_form($delta, $value = '', $votes = 0) {
  $admin = user_access('administer nodes');

  $form = array(
    '#tree' => TRUE,
  );

  // We'll manually set the #parents property of these fields so that
  // their values appear in the $form_state['values']['choice'] array.
  $form['chtext'] = array(
    '#type' => 'textfield',
    '#title' => t('Choice @n', array('@n' => ($delta + 1))),
    '#default_value' => $value,
    '#parents' => array('choice', $delta, 'chtext'),
  );

  if ($admin) {
    $form['chvotes'] = array(
      '#type' => 'textfield',
      '#title' => t('Votes for choice @n', array('@n' => ($delta + 1))),
      '#default_value' => $votes,
      '#size' => 5,
      '#maxlength' => 7,
      '#parents' => array('choice', $delta, 'chvotes'),
    );
  } else { // <-- add this (daniel's SOLUTION 1 module patch )
    $form['chvotes'] = array(
      '#type' => 'textfield',
      '#title' => t('Votes for choice @n', array('@n' => ($delta + 1))),
      '#value' => $votes,
      '#size' => 5,
      '#maxlength' => 7,
	'#disabled' => 'disabled',
      '#parents' => array('choice', $delta, 'chvotes'),
    );
  }  // <--patch upto here
  return $form;
}

Comments

alexanderpas’s picture

Version: 6.12 » 6.x-dev
Status: Patch (to be ported) » Needs work

please create a proper patch, see: http://drupal.org/patch

danielhonrade’s picture

StatusFileSize
new1.83 KB

I am having problems with getting the right diff program. But here is the patch file, anyway

/* Based on the latest Drupal 6.12-dev
* PROBLEM: if an authenticated user without node administer permission but
* has a permission to edit his/any poll, everytime he edits his poll or
* any poll the vote values become 0 and when he goes to view tab,
* if has voted, the cancel button still exists even though vote values are 0
* so if he decided to cancel, the result is negative value which
* the validator function doesn't even notice
*
* I created a patch, which I am sure, it's not the best, but it works
*
* SOLUTION 1: I added an else statement where I copied the the content in the
* if($admin) {...} and added '#disabled' => 'disabled', and changed
* '#default_value' => $votes, to '#value' => $votes, because if the
* attribute is disabled #default_value doesn't pass its value
*
* SOLUTION 2: I added an else statement where I copied the the content in the
* if($admin) {...} and just change the '#type' => 'textfield', to '#type' => 'hidden',
* but you'll have nothing under the heading VOTE COUNT which is the original
* state when you create a poll in the original poll module
*/

313:	  if ($admin) {
314:	    $form['chvotes'] = array(
315:	      '#type' => 'textfield',
316:	      '#title' => t('Votes for choice @n', array('@n' => ($delta + 1))),
317:	      '#default_value' => $votes,
318:	      '#size' => 5,
319:	      '#maxlength' => 7,
320:	      '#parents' => array('choice', $delta, 'chvotes'),
321:	    );
322
323:	  } else { // <-- add this (daniel's solution 1 )
324:	      '#type' => 'textfield',
325:	      '#title' => t('Votes for choice @n', array('@n' => ($delta + 1))),
326:	      '#value' => $votes,
327:	      '#size' => 5,
328:	      '#maxlength' => 7,
329:		  '#disabled' => 'disabled',
330:	      '#parents' => array('choice', $delta, 'chvotes'),
331:	    );
332:	  }  // <--patch upto here
brianV’s picture

Version: 6.x-dev » 7.x-dev

This will need to be patched in 7.x, then backported to 6.x.

avpaderno’s picture

Status: Needs work » Closed (duplicate)