Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Multi-voting possible?
rossum
New
It looks like users can add as many upvotes as they like? Is this by design, broken, or misconfigured?
0
Comments
I would think of it as a bug, however only @R_J can confrim whethere this is possible or a bug.
As an Admin you should be able to do whatever you like, but a normal user shouldn't be able to vote more than one time
@rossum did you confirm what happened and if this is possible for users also?
@PCTipsGR @R_J I have not had a chance to test further.
Give me a link to your forum if you can (via PM too if you like privacy) if you want me to test it or create a user account through Dashboard and test it.
@PCTipsGR I actually wound up disabling the plugin. Do you still want to test?
Yeah. It would help.
The intention has been that an admin (or someone with the permission "Plugins.Rating.Manage") can vote whatever he want and other users (with the permission "Plugins.Rating.Add") can up and downvote
// Prevent users from voting on their own posts. if (!$canManage) { $post = $postModel->getID($postID); if ($post->InsertUserID == Gdn::session()->UserID) { return false; } } // Determine rating. if (Gdn::request()->get('rate', 'up') == 'down') { $score = -1; } else { $score = 1; } $currentScore = $postModel->getUserScore( $postID, Gdn::session()->UserID ); $newScore = $currentScore + $score; // Ensure that users without manage permissions cannot give // a score > 1 / < -1. if (!$canManage && ($newScore > 1 || $newScore < -1)) { return false; }Seems like the plugin works just fine. Users cannot vote more than 1 time.
@PCTipsGR You're right! I was testing originally with the admin account, which had the "manage" permission.
Thanks @R_J !