The form, _poll_choice_form(), adds a textfield for vote counts on the add/edit form for poll nodes. This field is only displayed for users with the "administer nodes" permission.
$form['chvotes'] = array(
'#type' => 'textfield',
'#title' => t('Votes for choice @n', array('@n' => ($delta + 1))),
'#default_value' => $votes,
'#size' => 5,
'#maxlength' => 7,
'#parents' => array('choice', $delta, 'chvotes'),
'#access' => user_access('administer nodes'),
);
Within the theme callback to theme for form, theme_poll_choices(), the table to show all of the poll choices contains a header for "Vote count" as well as attempts to render the vote count field; without any check for the "administer nodes" permission. So, if you're not an admin, you see the "Vote count" table header, and empty cells (see attached).
Permissions should be checked in the theme function to avoid showing this column. Or, the form should return uneditable numeric values if you're not an admin.
Patch coming for both solutions.
Comment | File | Size | Author |
---|---|---|---|
#1 | poll_show-vote-values-for-nonadmin-1368938-1.patch | 1.21 KB | mstef |
#1 | poll_hide-vote-values-for-nonadmin-1368938-1.patch | 1.38 KB | mstef |
Comments
Comment #1
mstef CreditAttribution: mstef commentedBoth patches attached. The first patch shows the vote values as a simple number, the second hides them and the column completely (only for non-admins).
Comment #2
mstef CreditAttribution: mstef commentedComment #3
sheld0r CreditAttribution: sheld0r commented#1: poll_show-vote-values-for-nonadmin-1368938-1.patch queued for re-testing.
Comment #4
sheld0r CreditAttribution: sheld0r commented#1: poll_hide-vote-values-for-nonadmin-1368938-1.patch queued for re-testing.