Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

Multi-voting possible?

This discussion is related to the Rating addon.

It looks like users can add as many upvotes as they like? Is this by design, broken, or misconfigured?

Comments

  • PCTipsGRPCTipsGR Unknown New

    @rossum said:
    It looks like users can add as many upvotes as they like? Is this by design, broken, or misconfigured?

    I would think of it as a bug, however only @R_J can confrim whethere this is possible or a bug.

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    As an Admin you should be able to do whatever you like, but a normal user shouldn't be able to vote more than one time


  • PCTipsGRPCTipsGR Unknown New

    @rossum did you confirm what happened and if this is possible for users also?

  • @PCTipsGR @R_J I have not had a chance to test further.

  • PCTipsGRPCTipsGR Unknown New

    @rossum said:
    @PCTipsGR @R_J I have not had a chance to test further.

    Give me a link to your forum if you can (via PM too if you like privacy) if you want me to test it or create a user account through Dashboard and test it.

  • @PCTipsGR I actually wound up disabling the plugin. Do you still want to test?

  • PCTipsGRPCTipsGR Unknown New

    @rossum said:
    @PCTipsGR I actually wound up disabling the plugin. Do you still want to test?

    Yeah. It would help.

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    The intention has been that an admin (or someone with the permission "Plugins.Rating.Manage") can vote whatever he want and other users (with the permission "Plugins.Rating.Add") can up and downvote

    • only other users posts
    • as often as they like but
    • only change the rating by max -1/1:
            // Prevent users from voting on their own posts.
            if (!$canManage) {
                $post = $postModel->getID($postID);
                if ($post->InsertUserID == Gdn::session()->UserID) {
                    return false;
                }
            }
            // Determine rating.
            if (Gdn::request()->get('rate', 'up') == 'down') {
                $score = -1;
            } else {
                $score = 1;
            }
            $currentScore = $postModel->getUserScore(
                $postID,
                Gdn::session()->UserID
            );
            $newScore = $currentScore + $score;
            // Ensure that users without manage permissions cannot give
            // a score > 1 / < -1.
            if (!$canManage && ($newScore > 1 || $newScore < -1)) {
                return false;
            }
    


    rossum
  • PCTipsGRPCTipsGR Unknown New

    Seems like the plugin works just fine. Users cannot vote more than 1 time.

  • @PCTipsGR You're right! I was testing originally with the admin account, which had the "manage" permission.

    Thanks @R_J !

Sign In or Register to comment.