fix: evoting groups

coodos · coodos · commit 759b77123076 · 2025-08-25T03:07:44.000+05:30
diff --git a/platforms/eVoting/src/app/(app)/page.tsx b/platforms/eVoting/src/app/(app)/page.tsx
@@ -153,6 +153,11 @@ export default function Home() {
                                             >
                                                 Visibility {getSortIcon("visibility")}
                                             </th>
+                                            <th 
+                                                className="text-left py-3 px-4 font-medium text-gray-700 cursor-pointer hover:bg-gray-50"
+                                            >
+                                                Group
+                                            </th>
                                             <th 
                                                 className="text-left py-3 px-4 font-medium text-gray-700 cursor-pointer hover:bg-gray-50"
                                                 onClick={() => handleSort("status")}
@@ -196,6 +201,15 @@ export default function Home() {
                                                             )}
                                                         </Badge>
                                                     </td>
+                                                    <td className="py-3 px-4">
+                                                        {poll.group ? (
+                                                            <Badge variant="outline" className="text-xs">
+                                                                {poll.group.name}
+                                                            </Badge>
+                                                        ) : (
+                                                            <span className="text-xs text-gray-400">No group</span>
+                                                        )}
+                                                    </td>
                                                     <td className="py-3 px-4">
                                                         <Badge variant={isActive ? "success" : "warning"}>
                                                             {isActive ? "Active" : "Ended"}
diff --git a/platforms/evoting-api/src/controllers/PollController.ts b/platforms/evoting-api/src/controllers/PollController.ts
@@ -35,11 +35,12 @@ export class PollController {
     getPollById = async (req: Request, res: Response) => {
         try {
             const { id } = req.params;
+            const userId = (req as any).user?.id; // Get user ID from auth middleware
 
-            const poll = await this.pollService.getPollById(id);
+            const poll = await this.pollService.getPollByIdWithAccessCheck(id, userId);
 
             if (!poll) {
-                return res.status(404).json({ error: "Poll not found" });
+                return res.status(404).json({ error: "Poll not found or access denied" });
             }
 
             res.json(poll);
diff --git a/platforms/evoting-api/src/services/PollService.ts b/platforms/evoting-api/src/services/PollService.ts
@@ -52,10 +52,24 @@ export class PollService {
             }
         });
 
+        // Get group information for polls that have groupId
+        const pollsWithGroups = await Promise.all(
+            allPolls.map(async (poll) => {
+                if (poll.groupId) {
+                    const group = await this.groupRepository.findOne({
+                        where: { id: poll.groupId },
+                        select: ['id', 'name', 'description']
+                    });
+                    return { ...poll, group };
+                }
+                return poll;
+            })
+        );
+
         // Filter polls based on user's group memberships
-        let filteredPolls = allPolls;
+        let filteredPolls = pollsWithGroups;
         if (userId && userGroupIds.length > 0) {
-            filteredPolls = allPolls.filter(poll => {
+            filteredPolls = filteredPolls.filter(poll => {
                 // Show polls that:
                 // 1. Have no groupId (public polls)
                 // 2. Belong to groups where user is a member/admin/participant
@@ -66,7 +80,7 @@ export class PollService {
             });
         } else if (userId) {
             // If user has no group memberships, only show their own polls and public polls
-            filteredPolls = allPolls.filter(poll => !poll.groupId || poll.creatorId === userId);
+            filteredPolls = filteredPolls.filter(poll => !poll.groupId || poll.creatorId === userId);
         }
 
         // Custom sorting based on sortField and sortDirection
@@ -140,6 +154,47 @@ export class PollService {
         });
     }
 
+    /**
+     * Get poll by ID with group information and check if user can access it
+     */
+    async getPollByIdWithAccessCheck(id: string, userId?: string): Promise<Poll | null> {
+        const poll = await this.pollRepository.findOne({
+            where: { id },
+            relations: ["creator"]
+        });
+
+        if (!poll) {
+            return null;
+        }
+
+        // If poll has no group, it's public - anyone can access
+        if (!poll.groupId) {
+            return poll;
+        }
+
+        // If no userId provided, don't show group polls
+        if (!userId) {
+            return null;
+        }
+
+        // Check if user is a member, admin, or participant of the group
+        const group = await this.groupRepository
+            .createQueryBuilder('group')
+            .leftJoin('group.members', 'member')
+            .leftJoin('group.admins', 'admin')
+            .leftJoin('group.participants', 'participant')
+            .where('group.id = :groupId', { groupId: poll.groupId })
+            .andWhere('(member.id = :userId OR admin.id = :userId OR participant.id = :userId)', { userId })
+            .getOne();
+
+        // If user is not in the group, don't show the poll
+        if (!group) {
+            return null;
+        }
+
+        return poll;
+    }
+
     async createPoll(pollData: {
         title: string;
         mode: string;
diff --git a/platforms/evoting-api/src/services/VoteService.ts b/platforms/evoting-api/src/services/VoteService.ts
@@ -3,12 +3,14 @@ import { AppDataSource } from "../database/data-source";
 import { Vote, VoteDataByMode, NormalVoteData, PointVoteData, RankVoteData } from "../database/entities/Vote";
 import { Poll } from "../database/entities/Poll";
 import { User } from "../database/entities/User";
+import { Group } from "../database/entities/Group";
 import { VotingSystem, VoteData } from 'blindvote';
 
 export class VoteService {
   private voteRepository: Repository<Vote>;
   private pollRepository: Repository<Poll>;
   private userRepository: Repository<User>;
+  private groupRepository: Repository<Group>;
   
   // Store VotingSystem instances per poll
   private votingSystems = new Map<string, VotingSystem>();
@@ -17,11 +19,50 @@ export class VoteService {
     this.voteRepository = AppDataSource.getRepository(Vote);
     this.pollRepository = AppDataSource.getRepository(Poll);
     this.userRepository = AppDataSource.getRepository(User);
+    this.groupRepository = AppDataSource.getRepository(Group);
+  }
+
+  /**
+   * Check if a user can vote on a poll based on group membership
+   */
+  private async canUserVote(pollId: string, userId: string): Promise<boolean> {
+    const poll = await this.pollRepository.findOne({
+      where: { id: pollId },
+      relations: ['creator']
+    });
+
+    if (!poll) {
+      throw new Error('Poll not found');
+    }
+
+    // If poll has no group, it's a public poll - anyone can vote
+    if (!poll.groupId) {
+      return true;
+    }
+
+    // If poll has a group, check if user is a member, admin, or participant
+    const group = await this.groupRepository
+      .createQueryBuilder('group')
+      .leftJoin('group.members', 'member')
+      .leftJoin('group.admins', 'admin')
+      .leftJoin('group.participants', 'participant')
+      .where('group.id = :groupId', { groupId: poll.groupId })
+      .andWhere('(member.id = :userId OR admin.id = :userId OR participant.id = :userId)', { userId })
+      .getOne();
+
+    if (!group) {
+      throw new Error('User is not a member, admin, or participant of the group associated with this poll');
+    }
+
+    return true;
   }
 
   // ===== NON-BLIND VOTING METHODS (for normal/point/rank modes) =====
 
   async createVote(pollId: string, userId: string, voteData: VoteData, mode: "normal" | "point" | "rank" = "normal"): Promise<Vote> {
+    // First check if user can vote on this poll
+    await this.canUserVote(pollId, userId);
+
     const poll = await this.pollRepository.findOne({
       where: { id: pollId }
     });
@@ -313,6 +354,15 @@ export class VoteService {
 
   async submitBlindVote(pollId: string, voterId: string, voteData: any) {
     try {
+      // First check if user can vote on this poll (group membership check)
+      const user = await this.userRepository.findOne({ where: { ename: voterId } });
+      if (!user) {
+        throw new Error(`User with ename ${voterId} not found. User must exist before submitting blind vote.`);
+      }
+
+      // Check group membership using the existing method
+      await this.canUserVote(pollId, user.id);
+
       const votingSystem = this.getVotingSystemForPoll(pollId);
       
       // Get poll to find options
@@ -374,12 +424,7 @@ export class VoteService {
         revealed: false
       };
 
-      // For blind voting, look up the user by their ename (W3ID)
-      const user = await this.userRepository.findOne({ where: { ename: voterId } });
-      if (!user) {
-        throw new Error(`User with ename ${voterId} not found. User must exist before submitting blind vote.`);
-      }
-
+      // User is already fetched from the group membership check above
       const vote = this.voteRepository.create({
         poll: { id: pollId },
         user: { id: user.id },
@@ -515,6 +560,15 @@ export class VoteService {
 
   async registerBlindVoteVoter(pollId: string, voterId: string) {
     try {
+      // First check if user can vote on this poll (group membership check)
+      const user = await this.userRepository.findOne({ where: { ename: voterId } });
+      if (!user) {
+        throw new Error(`User with ename ${voterId} not found. User must exist before registering for blind voting.`);
+      }
+
+      // Check group membership using the existing method
+      await this.canUserVote(pollId, user.id);
+
       const votingSystem = this.getVotingSystemForPoll(pollId);
       
       // Get poll details  
@@ -561,6 +615,15 @@ export class VoteService {
   // Generate vote data for a voter (used by eID wallet)
   async generateVoteData(pollId: string, voterId: string, chosenOptionId: string) {
     try {
+      // First check if user can vote on this poll (group membership check)
+      const user = await this.userRepository.findOne({ where: { ename: voterId } });
+      if (!user) {
+        throw new Error(`User with ename ${voterId} not found. User must exist before generating vote data.`);
+      }
+
+      // Check group membership using the existing method
+      await this.canUserVote(pollId, user.id);
+
       const votingSystem = this.getVotingSystemForPoll(pollId);
       
       // Get poll details
