Skip to content

Fix inconsistent voting permission checks#45

Merged
Ashmita1206 merged 1 commit into
Ashmita1206:mainfrom
RounakChoudhary:fix-consistent-voting-permissions
May 29, 2026
Merged

Fix inconsistent voting permission checks#45
Ashmita1206 merged 1 commit into
Ashmita1206:mainfrom
RounakChoudhary:fix-consistent-voting-permissions

Conversation

@RounakChoudhary

@RounakChoudhary RounakChoudhary commented May 28, 2026

Copy link
Copy Markdown
Contributor

Summary

Refactored and centralized voting logic across question and answer endpoints to ensure consistent validation, reputation handling, and response behavior.

This fixes inconsistencies where newer /upvote and /downvote routes bypassed reputation checks and some routes attempted to call updateReputation() on unpopulated author references.

Changes Made

Centralized voting logic

  • Added shared voting service in server/services/voting.js

  • Moved duplicated vote handling into reusable helpers:

    • voteOnContent
    • applyVoteChange
    • sendVoteResponse

Consistent authorization & validation

  • Enforced req.user.canVote() across all voting endpoints
  • Added validation for allowed vote types (upvote / downvote)
  • Added self-vote prevention

Reputation handling fixes

  • Populated content authors before reputation updates
  • Ensured updateReputation() is only called on populated author documents
  • Fixed reputation delta calculations during vote toggles

Notification improvements

  • Centralized vote notification creation
  • Prevented notifications for self-votes

Route/controller cleanup

  • Removed duplicated voting logic from:

    • server/routes/questions.js
    • server/controllers/answersController.js

  • Unified response format across vote APIs

Tests

Added tests covering:

  • vote toggling behavior
  • low-reputation vote rejection
  • reputation updates on populated author documents

Fixed Issues

  • Low-reputation users could vote through newer endpoints
  • Inconsistent validation across voting APIs
  • Potential runtime errors from calling updateReputation() on ObjectId
  • Duplicate voting logic across routes/controllers

Result

All voting endpoints now:

  • enforce the same authorization rules
  • validate voting consistently
  • safely update reputation
  • return standardized responses

@vercel

vercel Bot commented May 28, 2026

Copy link
Copy Markdown

@RounakChoudhary is attempting to deploy a commit to the anglenobida003-8112's projects Team on Vercel.

A member of the Team first needs to authorize it.

@RounakChoudhary

RounakChoudhary commented May 28, 2026

Copy link
Copy Markdown
Contributor Author

This PR addresses Issue #6 by centralizing voting logic, enforcing consistent vote validation, and fixing reputation update handling across all voting endpoints.

Please review the changes and let me know if any modifications are needed. If everything looks good, kindly consider merging the PR.

@Ashmita1206 Ashmita1206 merged commit c089cef into Ashmita1206:main May 29, 2026
2 of 16 checks passed
@Ashmita1206 Ashmita1206 added bug Something isn't working enhancement New feature or request good first issue Good for newcomers gssoc:approved level:intermediate labels May 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@RounakChoudhary RounakChoudhary

Labels

bug Something isn't working enhancement New feature or request good first issue Good for newcomers gssoc:approved level:intermediate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RounakChoudhary @Ashmita1206