Changes to support abtesting output. Security

- Users can now export the number of votes from specific vistors (sessions) - Users must now authenticate before accessing protected resources

Changes to support abtesting output. Security
- Users can now export the number of votes from specific vistors (sessions) - Users must now authenticate before accessing protected resources
Dhruv Kapadia
1 parent d6ea3f13
Showing 5 changed files with 30 additions and 92 deletions Show diff stats
app/controllers/questions_controller.rb
app/controllers/visitors_controller.rb
app/models/visitor.rb
app/models/vote.rb
config/routes.rb
 require 'fastercsv'
  
 class QuestionsController < InheritedResources::Base
+  before_filter :authenticate
   respond_to :xml, :json
   respond_to :csv, :only => :export #leave the option for xml export here
   belongs_to :site, :optional => true
@@ -49,7 +50,6 @@ class QuestionsController &lt; InheritedResources::Base
   end
  
   def create
-    authenticate
     logger.info "all params are #{params.inspect}"
     logger.info "vi is #{params['question']['visitor_identifier']} and local are #{params['question']['local_identifier']}."
     if @question = current_user.create_question(params['question']['visitor_identifier'], :name => params['question']['name'], :local_identifier => params['question']['local_identifier'], :ideas => (params['question']['ideas'].lines.to_a.delete_if {|i| i.blank?}))
@@ -66,7 +66,6 @@ class QuestionsController &lt; InheritedResources::Base
  
  
   def set_autoactivate_ideas_from_abroad
-    authenticate
     expire_page :action => :index
     logger.info("INSIDE autoactivate ideas")
  
@@ -88,8 +87,6 @@ class QuestionsController &lt; InheritedResources::Base
  
   end
   def export
-    authenticate
-
     type = params[:type]
  
     if type == 'votes'
@@ -104,8 +101,6 @@ class QuestionsController &lt; InheritedResources::Base
   end
  
   def num_votes_by_visitor_id
-    authenticate
-
     @question = current_user.questions.find(params[:id])
     hash = Vote.count(:conditions => "question_id = #{@question.id}", :group => "voter_id")
     visitor_id_hash = {}
-class VisitorsController < ApplicationController
-  # GET /visitors
-  # GET /visitors.xml
-  def index
-    @visitors = Visitor.all
+class VisitorsController < InheritedResources::Base
+        respond_to :xml, :json
+	before_filter :authenticate
+	def votes_by_session_ids
+		session_ids = params[:session_ids]
+
+		visitor_ids = Visitor.find(:all, :conditions => { :identifier => session_ids})
+		votes_by_visitor_id = Vote.with_voter_ids(visitor_ids).count(:group => :voter_id) 
+
+		votes_by_session_id = {}
+		
+		visitor_ids.each do |e| 
+			if votes_by_visitor_id.has_key?(e.id)
+				votes_by_session_id[e.identifier] = votes_by_visitor_id[e.id]
+			end
+		end
+    		
+		respond_to do |format|
+    			format.xml{ render :xml => votes_by_session_id.to_xml and return}
+    		end
+	end
  
-    respond_to do |format|
-      format.html # index.html.erb
-      format.xml  { render :xml => @visitors }
-    end
-  end
-
-  # GET /visitors/1
-  # GET /visitors/1.xml
-  def show
-    @visitor = Visitor.find(params[:id])
-
-    respond_to do |format|
-      format.html # show.html.erb
-      format.xml  { render :xml => @visitor }
-    end
-  end
-
-  # GET /visitors/new
-  # GET /visitors/new.xml
-  def new
-    @visitor = Visitor.new
-
-    respond_to do |format|
-      format.html # new.html.erb
-      format.xml  { render :xml => @visitor }
-    end
-  end
-
-  # GET /visitors/1/edit
-  def edit
-    @visitor = Visitor.find(params[:id])
-  end
-
-  # POST /visitors
-  # POST /visitors.xml
-  def create
-    @visitor = Visitor.new(params[:visitor])
-
-    respond_to do |format|
-      if @visitor.save
-        flash[:notice] = 'Visitor was successfully created.'
-        format.html { redirect_to(@visitor) }
-        format.xml  { render :xml => @visitor, :status => :created, :location => @visitor }
-      else
-        format.html { render :action => "new" }
-        format.xml  { render :xml => @visitor.errors, :status => :unprocessable_entity }
-      end
-    end
-  end
-
-  # PUT /visitors/1
-  # PUT /visitors/1.xml
-  def update
-    @visitor = Visitor.find(params[:id])
-
-    respond_to do |format|
-      if @visitor.update_attributes(params[:visitor])
-        flash[:notice] = 'Visitor was successfully updated.'
-        format.html { redirect_to(@visitor) }
-        format.xml  { head :ok }
-      else
-        format.html { render :action => "edit" }
-        format.xml  { render :xml => @visitor.errors, :status => :unprocessable_entity }
-      end
-    end
-  end
-
-  # DELETE /visitors/1
-  # DELETE /visitors/1.xml
-  def destroy
-    @visitor = Visitor.find(params[:id])
-    @visitor.destroy
-
-    respond_to do |format|
-      format.html { redirect_to(visitors_url) }
-      format.xml  { head :ok }
-    end
-  end
 end
@@ -7,8 +7,10 @@ class Visitor &lt; ActiveRecord::Base
   has_many :clicks
  
   validates_presence_of :site, :on => :create, :message => "can't be blank"
-  validates_uniqueness_of :identifier, :on => :create, :message => "must be unique", :scope => :site_id
-  
+# validates_uniqueness_of :identifier, :on => :create, :message => "must be unique", :scope => :site_id
+
+ named_scope :with_tracking, lambda { |*args| {:include => :votes, :conditions => { :identifier => args.first } }}
+
   def owns?(question)
     questions.include? question
   end
@@ -8,4 +8,5 @@ class Vote &lt; ActiveRecord::Base
  
   named_scope :recent, lambda { |*args| {:conditions => ["created_at > ?", (args.first || Date.today.beginning_of_day)]} }
   named_scope :with_question, lambda { |*args| {:conditions => {:question_id => args.first }} }
+  named_scope :with_voter_ids, lambda { |*args| {:conditions => {:voter_id=> args.first }} }
 end
 ActionController::Routing::Routes.draw do |map|
-  map.resources :clicks
+  #map.resources :clicks
+  map.resources :visitors, :collection => {:votes_by_session_ids => :get}
   map.resources :questions, :member => { :object_info_totals_by_date => :get, :num_votes_by_visitor_id => :get, :export => :post, :set_autoactivate_ideas_from_abroad => :put,  :activate => :put, :suspend => :put}, :collection => {:recent_votes_by_question_id => :get} do |question|
     question.resources :items
     question.resources :prompts, :member => {:vote_left => :post, :vote_right => :post, :skip => :post, :vote => :post}, 
@@ -8,6 +9,7 @@ ActionController::Routing::Routes.draw do |map|
   end
   map.resources :algorithms
   map.connect "/questions/:question_id/prompts/:id/vote/:index", :controller => 'prompts', :action => 'vote'
+
1	1	require 'fastercsv'
2	2
3	3	class QuestionsController < InheritedResources::Base
	4	+ before_filter :authenticate
4	5	respond_to :xml, :json
5	6	respond_to :csv, :only => :export #leave the option for xml export here
6	7	belongs_to :site, :optional => true
...	...	@@ -49,7 +50,6 @@ class QuestionsController < InheritedResources::Base
49	50	end
50	51
51	52	def create
52		- authenticate
53	53	logger.info "all params are #{params.inspect}"
54	54	logger.info "vi is #{params['question']['visitor_identifier']} and local are #{params['question']['local_identifier']}."
55	55	if @question = current_user.create_question(params['question']['visitor_identifier'], :name => params['question']['name'], :local_identifier => params['question']['local_identifier'], :ideas => (params['question']['ideas'].lines.to_a.delete_if {\|i\| i.blank?}))
...	...	@@ -66,7 +66,6 @@ class QuestionsController < InheritedResources::Base
66	66
67	67
68	68	def set_autoactivate_ideas_from_abroad
69		- authenticate
70	69	expire_page :action => :index
71	70	logger.info("INSIDE autoactivate ideas")
72	71
...	...	@@ -88,8 +87,6 @@ class QuestionsController < InheritedResources::Base
88	87
89	88	end
90	89	def export
91		- authenticate
92		-
93	90	type = params[:type]
94	91
95	92	if type == 'votes'
...	...	@@ -104,8 +101,6 @@ class QuestionsController < InheritedResources::Base
104	101	end
105	102
106	103	def num_votes_by_visitor_id
107		- authenticate
108		-
109	104	@question = current_user.questions.find(params[:id])
110	105	hash = Vote.count(:conditions => "question_id = #{@question.id}", :group => "voter_id")
111	106	visitor_id_hash = {}
...	...
1		-class VisitorsController < ApplicationController
2		- # GET /visitors
3		- # GET /visitors.xml
4		- def index
5		- @visitors = Visitor.all
	1	+class VisitorsController < InheritedResources::Base
	2	+ respond_to :xml, :json
	3	+ before_filter :authenticate
	4	+ def votes_by_session_ids
	5	+ session_ids = params[:session_ids]
	6	+
	7	+ visitor_ids = Visitor.find(:all, :conditions => { :identifier => session_ids})
	8	+ votes_by_visitor_id = Vote.with_voter_ids(visitor_ids).count(:group => :voter_id)
	9	+
	10	+ votes_by_session_id = {}
	11	+
	12	+ visitor_ids.each do \|e\|
	13	+ if votes_by_visitor_id.has_key?(e.id)
	14	+ votes_by_session_id[e.identifier] = votes_by_visitor_id[e.id]
	15	+ end
	16	+ end
	17	+
	18	+ respond_to do \|format\|
	19	+ format.xml{ render :xml => votes_by_session_id.to_xml and return}
	20	+ end
	21	+ end
6	22
7		- respond_to do \|format\|
8		- format.html # index.html.erb
9		- format.xml { render :xml => @visitors }
10		- end
11		- end
12		-
13		- # GET /visitors/1
14		- # GET /visitors/1.xml
15		- def show
16		- @visitor = Visitor.find(params[:id])
17		-
18		- respond_to do \|format\|
19		- format.html # show.html.erb
20		- format.xml { render :xml => @visitor }
21		- end
22		- end
23		-
24		- # GET /visitors/new
25		- # GET /visitors/new.xml
26		- def new
27		- @visitor = Visitor.new
28		-
29		- respond_to do \|format\|
30		- format.html # new.html.erb
31		- format.xml { render :xml => @visitor }
32		- end
33		- end
34		-
35		- # GET /visitors/1/edit
36		- def edit
37		- @visitor = Visitor.find(params[:id])
38		- end
39		-
40		- # POST /visitors
41		- # POST /visitors.xml
42		- def create
43		- @visitor = Visitor.new(params[:visitor])
44		-
45		- respond_to do \|format\|
46		- if @visitor.save
47		- flash[:notice] = 'Visitor was successfully created.'
48		- format.html { redirect_to(@visitor) }
49		- format.xml { render :xml => @visitor, :status => :created, :location => @visitor }
50		- else
51		- format.html { render :action => "new" }
52		- format.xml { render :xml => @visitor.errors, :status => :unprocessable_entity }
53		- end
54		- end
55		- end
56		-
57		- # PUT /visitors/1
58		- # PUT /visitors/1.xml
59		- def update
60		- @visitor = Visitor.find(params[:id])
61		-
62		- respond_to do \|format\|
63		- if @visitor.update_attributes(params[:visitor])
64		- flash[:notice] = 'Visitor was successfully updated.'
65		- format.html { redirect_to(@visitor) }
66		- format.xml { head :ok }
67		- else
68		- format.html { render :action => "edit" }
69		- format.xml { render :xml => @visitor.errors, :status => :unprocessable_entity }
70		- end
71		- end
72		- end
73		-
74		- # DELETE /visitors/1
75		- # DELETE /visitors/1.xml
76		- def destroy
77		- @visitor = Visitor.find(params[:id])
78		- @visitor.destroy
79		-
80		- respond_to do \|format\|
81		- format.html { redirect_to(visitors_url) }
82		- format.xml { head :ok }
83		- end
84		- end
85	23	end
...	...
...	...	@@ -7,8 +7,10 @@ class Visitor < ActiveRecord::Base
7	7	has_many :clicks
8	8
9	9	validates_presence_of :site, :on => :create, :message => "can't be blank"
10		- validates_uniqueness_of :identifier, :on => :create, :message => "must be unique", :scope => :site_id
11		-
	10	+# validates_uniqueness_of :identifier, :on => :create, :message => "must be unique", :scope => :site_id
	11	+
	12	+ named_scope :with_tracking, lambda { \|*args\| {:include => :votes, :conditions => { :identifier => args.first } }}
	13	+
12	14	def owns?(question)
13	15	questions.include? question
14	16	end
...	...
...	...	@@ -8,4 +8,5 @@ class Vote < ActiveRecord::Base
8	8
9	9	named_scope :recent, lambda { \|*args\| {:conditions => ["created_at > ?", (args.first \|\| Date.today.beginning_of_day)]} }
10	10	named_scope :with_question, lambda { \|*args\| {:conditions => {:question_id => args.first }} }
	11	+ named_scope :with_voter_ids, lambda { \|*args\| {:conditions => {:voter_id=> args.first }} }
11	12	end
...	...
1	1	ActionController::Routing::Routes.draw do \|map\|
2		- map.resources :clicks
	2	+ #map.resources :clicks
	3	+ map.resources :visitors, :collection => {:votes_by_session_ids => :get}
3	4	map.resources :questions, :member => { :object_info_totals_by_date => :get, :num_votes_by_visitor_id => :get, :export => :post, :set_autoactivate_ideas_from_abroad => :put, :activate => :put, :suspend => :put}, :collection => {:recent_votes_by_question_id => :get} do \|question\|
4	5	question.resources :items
5	6	question.resources :prompts, :member => {:vote_left => :post, :vote_right => :post, :skip => :post, :vote => :post},
...	...	@@ -8,6 +9,7 @@ ActionController::Routing::Routes.draw do \|map\|
8	9	end
9	10	map.resources :algorithms
10	11	map.connect "/questions/:question_id/prompts/:id/vote/:index", :controller => 'prompts', :action => 'vote'
	12	+
11	13
12	14
13	15
...	...