Iteration 3 Plan - TAGCH/ku-polls GitHub Wiki

Goal

The goal of Iteration 3 is to enhance the KU Polls application by adding user authentication, ensuring that each user can only vote once per poll question, allowing users to change their vote during the polling period, and displaying the user’s previous vote. This iteration also includes updating the application to require user authentication for voting, while still allowing unauthenticated visitors to view available polls and voting results.

Milestone

  1. User Authentication Implemented: Successfully integrate the User model and add login/logout functionality.
  2. Voting Restrictions Applied: Each user can vote only once per poll question, with the ability to change their vote during the polling period.
  3. Previous Vote Displayed: Users can see their previous vote when viewing a poll.
  4. Security Verified: Ensure that only authenticated users can vote and that no unauthorized actions can bypass the security measures.

Features

  1. User Authentication:

    • Implement the Django User model.
    • Add login and logout functionality.
    • Update page templates to reflect the user’s login status and provide login/logout links.

  2. One Vote Per Poll Question:

    • Implement logic to ensure that each authenticated user can only vote once per poll question.
    • Allow users to change their vote and resubmit it during the polling period.
    • Display the user’s previous vote when they view a poll question.

  3. Visitor Access:

    • Ensure that visitors (unauthenticated users) can view the list of available polls and the current voting results.
    • Enforce authentication requirements for voting.

  4. Update the Domain Model:

    • Revise the domain model to include the User and Vote classes.
    • Modify the Choice class and update the views accordingly.

  5. Security:

    • Prevent unauthorized users from voting or bypassing login checks.
    • Test the application for vulnerabilities, including submitting multiple votes, voting for closed polls, and voting without selecting a choice.

Acceptance Criteria

  1. User Authentication:

    • Users can successfully log in and log out.
    • The application displays the correct login status and provides appropriate login/logout links.

  2. Voting Restrictions:

    • Each user can vote only once per poll question.
    • Users can change and resubmit their vote during the polling period.
    • The application accurately displays the user’s previous vote when viewing a poll question.

  3. Visitor Access:

    • Unauthenticated visitors can view the list of available polls and the voting results without logging in.
    • Authentication is required to vote.

  4. Domain Model Updates:

    • The User and Vote classes are implemented correctly, and the domain model reflects these changes.
    • The Choice class and views are updated and tested to work with the new domain model.

  5. Security:

    • The application prevents multiple votes from the same user.
    • Only authenticated users can vote.
    • All security checks are effective, and attempts to bypass them fail.