def mutate(self, info, **kwargs):
session = get_session(info)
election_group_id = kwargs.get('id')
election_group = session.query(
evalg.models.election.ElectionGroup).get(election_group_id)
user = get_current_user(info)
if not election_group:
return PublishElectionGroupResponse(
success=False,
code='election-group-not-found',
message='Election group {} not found'.format(
election_group_id))
if not user:
return PublishElectionGroupResponse(
success=False,
code='user-not-found',
message='Could not find current user')
if not can_manage_election_group(session, user, election_group):
return PublishElectionGroupResponse(
success=False,
code='permission-denied',
message='Not allowed to manage election group '
'group {}'.format(election_group_id))
if not can_publish_election_groups(session, user):
return PublishElectionGroupResponse(
success=False,
code='permission-denied',
message='Not allowed to publish election groups')
if evalg.proc.election.publish_election_group(session, election_group):
return PublishElectionGroupResponse(success=True)
return PublishElectionGroupResponse(
success=False,
code='unkown-error',
message='Could not unpublish election group')
def mutate(self, info, **kwargs):
"""The mutation"""
election_group_id = kwargs['election_group_id']
master_key_id = kwargs['master_key_id']
encrypted_priv_key = kwargs['encrypted_priv_key']
session = get_session(info)
user = get_current_user(info)
election_group = session.query(
evalg.models.election.ElectionGroup).get(election_group_id)
master_key = session.query(
evalg.models.privkeys_backup.MasterKey).get(master_key_id)
if not master_key:
return AddElectionGroupKeyBackupResponse(
success=False,
code='master-key-not-found',
message='Master key {} not found'.format(master_key_id))
if not master_key.active:
# don't just trust the frontend to filter properly
return AddElectionGroupKeyBackupResponse(
success=False,
code='master-key-inactive',
message='Master key {} is not active'.format(master_key_id))
if not election_group:
return AddElectionGroupKeyBackupResponse(
success=False,
code='election-group-not-found',
message='Election group {} not found'.format(
election_group_id))
if not user:
return AddElectionGroupKeyBackupResponse(
success=False,
code='user-not-found',
message='Could not find current user')
if not can_manage_election_group(session, user, election_group):
return AddElectionGroupKeyBackupResponse(
success=False,
code='permission-denied',
message=('Not allowed to set election group key backup for '
'election group {}').format(election_group_id))
egk_backup = evalg.models.privkeys_backup.ElectionGroupKeyBackup(
encrypted_priv_key=encrypted_priv_key,
election_group_id=election_group_id,
master_key_id=master_key_id)
# No apparent errors to be expected. Invalidate all previous backups!
session.query(
evalg.models.privkeys_backup.ElectionGroupKeyBackup).filter_by(
election_group_id=election_group_id,
master_key_id=master_key_id,
active=True).update({'active': False},
synchronize_session=False)
session.commit()
session.add(egk_backup)
session.commit()
return AddElectionGroupKeyBackupResponse(success=True)
def resolve_election_key_meta(_, info, **kwargs):
election_group_id = kwargs['id']
session = get_session(info)
user = get_current_user(info)
el_grp = session.query(
evalg.models.election.ElectionGroup).get(election_group_id)
if not can_manage_election_group(session, user, el_grp):
return None
key_meta = evalg.proc.group.get_election_key_meta(session,
election_group_id)
if key_meta and len(key_meta) > 0:
return ElectionKeyMeta(election_group_id)
raise GraphQLError('No info on key found')
def test_can_manage_election_group_allows(db_session, logged_in_user,
election_group_foo):
principal = get_or_create_principal(db_session,
'person',
person_id=logged_in_user.person.id)
add_election_group_role(db_session,
election_group=election_group_foo,
principal=principal,
role_name='admin')
assert permissions.can_manage_election_group(
session=db_session,
user=logged_in_user,
election_group=election_group_foo)
def mutate(self, info, **kwargs):
"""The mutation function."""
election_group_id = kwargs['id']
public_key = kwargs['public_key']
session = get_session(info)
user = get_current_user(info)
election_group = session.query(
evalg.models.election.ElectionGroup).get(election_group_id)
if not can_manage_election_group(session, user, election_group):
return SetElectionGroupKeyResponse(
success=False,
code='permission-denied',
message='Not allowed to set election group key for election '
'group {}'.format(election_group_id))
if election_group.public_key and election_group.published:
return SetElectionGroupKeyResponse(
success=False,
code='cannot-change-key-if-published',
message=('The public key cannot be changed if '
'an election is published'))
for election in election_group.elections:
if (election_group.public_key and election.active
and election.has_started):
return SetElectionGroupKeyResponse(
success=False,
code='cannot-change-key-if-past-start',
message=('The public key cannot be changed if '
'an election has started'))
else:
count = evalg.proc.vote.get_election_vote_counts(
session, election)
if any(count.values()):
return SetElectionGroupKeyResponse(
success=False,
code='cannot-change-key-if-votes-exist',
message=('The public key cannot be changed if '
'a vote has been cast'))
if not evalg.proc.election.is_valid_public_key(public_key):
return SetElectionGroupKeyResponse(
success=False,
code='invalid-key',
message='The public key given is not a valid key')
election_group.public_key = public_key
session.add(election_group)
session.commit()
return SetElectionGroupKeyResponse(success=True)
def mutate(self, info, **kwargs):
valid_roles = ['admin']
session = get_session(info)
user = get_current_user(info)
election_group_id = kwargs.get('election_group_id')
role_name = kwargs.get('role')
id_type = kwargs.get('id_type')
id_value = kwargs.get('id_value')
election_group = evalg.database.query.lookup_or_none(
session, evalg.models.election.ElectionGroup, id=election_group_id)
if election_group is None:
return AddElectionGroupRoleByIdentifierResponse(
success=False,
code='election-group-not-found',
message='No election group identified by {}'.format(
election_group_id))
if not can_manage_election_group(session, user, election_group):
return AddElectionGroupRoleByIdentifierResponse(
success=False,
code='permission-denied',
message='Not allowed to add roles for election {}'.format(
election_group_id))
if role_name not in valid_roles:
# TODO improve this at some point.
# We need to check this to stop someone from adding a
# publisher or global_admin role.
return AddElectionGroupRoleByIdentifierResponse(
success=False,
code='permission-denied',
message='Not allowed to add role of type {}'.format(role_name))
principal = get_or_create_principal(session=session,
principal_type='person_identifier',
id_type=id_type,
id_value=id_value)
add_election_group_role(session=session,
election_group=election_group,
principal=principal,
role_name=role_name)
session.commit()
return AddElectionGroupRoleByIdentifierResponse(success=True,
code='role-added')
def mutate(self, info, **kwargs):
session = get_session(info)
user = get_current_user(info)
grant_id = kwargs.get('grant_id')
role = evalg.proc.authz.get_role_by_grant_id(session, grant_id)
if role is None:
return RemoveElectionGroupRoleByGrantResponse(
success=False,
code='grant-not-found',
message='No election group role grant identified by {}'.format(
grant_id))
if not can_manage_election_group(session, user, role.group):
return RemoveElectionGroupRoleByGrantResponse(
success=False,
code='permission-denied',
message='Not allowed to remove roles for election {}'.format(
role.group.id))
delete_role(session, role)
session.commit()
return RemoveElectionGroupRoleByGrantResponse(success=True,
code='role-removed')
def mutate(self, info, **kwargs):
# TODO:
# Is there any particular reason why the ElectionGroup settings and
# Election settings are bound together in a single mutation?
session = get_session(info)
user = get_current_user(info)
election_group_id = kwargs.get('id')
el_grp = session.query(
evalg.models.election.ElectionGroup).get(election_group_id)
if not can_manage_election_group(session, user, el_grp):
return UpdateBaseSettings(ok=False)
el_grp.meta['candidate_rules']['candidate_gender'] = kwargs.get(
'has_gender_quota')
session.add(el_grp)
for e in kwargs.get('elections'):
election = session.query(evalg.models.election.Election).get(
e['id'])
election.meta['candidate_rules']['seats'] = e.seats
election.meta['candidate_rules']['substitutes'] = e.substitutes
election.active = e.active
session.add(election)
session.commit()
return UpdateBaseSettings(ok=True)
def resolve_persons_with_multiple_verified_voters(_, info, **kwargs):
election_group_id = kwargs.get('id')
session = get_session(info)
user = get_current_user(info)
el_grp = session.query(
evalg.models.election.ElectionGroup).get(election_group_id)
if not can_manage_election_group(session, user, el_grp):
return None
query = evalg.proc.pollbook.get_persons_with_multiple_verified_voters(
session, election_group_id)
class PersonWithVoters:
def __init__(self, person, voter):
self.person = person
self.voters = [voter]
person_id2person_with_voters = {}
for person, voter in query.all():
if person.id in person_id2person_with_voters.keys():
person_id2person_with_voters[person.id].voters.append(voter)
else:
person_id2person_with_voters[person.id] = PersonWithVoters(
person, voter)
return person_id2person_with_voters.values()
def mutate(self, info, **kwargs):
session = get_session(info)
user = get_current_user(info)
election_group_id = kwargs['id']
election_key = kwargs['election_key']
election_group_counter = evalg.proc.count.ElectionGroupCounter(
session, election_group_id, election_key)
if not can_manage_election_group(session, user,
election_group_counter.group):
return CountElectionGroupResponse(
success=False,
code='permission-denied',
message='Not allowed to count election group {}'.format(
election_group_id))
if evalg.proc.pollbook.get_persons_with_multiple_verified_voters(
session, election_group_id).all():
return CountElectionGroupResponse(
success=False,
code='persons-with-multiple-votes',
message='There are person(s) who have multiple verified votes')
if evalg.proc.pollbook.get_voters_in_election_group(
session, election_group_id, self_added=True,
reviewed=False).all():
return CountElectionGroupResponse(
success=False,
code='unreviewed-self-added-voters',
message='All self added voters must be reviewed')
if not election_group_counter.ballot_serializer:
return CountElectionGroupResponse(
success=False,
code='invalid-election-key-wrong-format',
message='The given election key is invalid')
if not election_group_counter.verify_election_key():
return CountElectionGroupResponse(
success=False,
code='invalid-election-key',
message='The given election key is invalid')
if not election_group_counter.group.status == 'closed':
return CountElectionGroupResponse(
success=False,
code='cannot-count-before-all-elections-are-closed',
message='All of the elections in an election group must be'
' closed to count votes')
# Creating an election_group_count entry in the db
count = election_group_counter.log_start_count()
election_group_counter.deserialize_ballots()
election_group_counter.process_for_count()
if info.context['user'].person:
election_group_counter.generate_results(
count,
getattr(info.context['user'].person, 'display_name', None))
else:
election_group_counter.generate_results(count)
count = election_group_counter.log_finalize_count(count)
return CountElectionGroupResponse(success=True,
election_group_count_id=count.id)
def test_can_manage_election_group_denies(db_session, logged_in_user,
election_group_baz):
assert not permissions.can_manage_election_group(
session=db_session,
user=logged_in_user,
election_group=election_group_baz)