Describe the bug
While voting is going on in a budget process, the option show_votes is typically disabled, and vote counts are not publically visible. The intention is that vote counts will only be displayed on the website when the results are officially announced in a later phase. However, users downloading the "open data" archive by clicking on the link in the footer receive a file that contains the current vote counts.
To Reproduce
Add a new budget component, and for some phase leave "show votes" unchecked
Click "Download Open Data files" on a public page. Unzip and open the file try.decidim.org-open-data-projects.csv. The file contains a column confirmed_votes that should not be publically visible.
Expected behavior
confirmed_votes should not appear in the open data.
Screenshots
No response
Stacktrace
No response
Extra data
Additional context
I posted a related proposal on metadecidim two months ago: Export budget votes
There I propose adding a more detailed export option in the admin dashboard, while removing vote counts from the standard export when show_votes is disabled (and thereby also removing it from the open data).
I have implemented my proposal and could open a pull request:
develop...DominikPeters:decidim:feature/budget_projects_and_votes_export
To fix the specific issue with too much data disclosure, only the mini changes from that diff for the files project_serializer.rb and project_serializer_spec.rb are needed.
Describe the bug
While voting is going on in a budget process, the option
show_votesis typically disabled, and vote counts are not publically visible. The intention is that vote counts will only be displayed on the website when the results are officially announced in a later phase. However, users downloading the "open data" archive by clicking on the link in the footer receive a file that contains the current vote counts.To Reproduce
Add a new budget component, and for some phase leave "show votes" unchecked
Click "Download Open Data files" on a public page. Unzip and open the file
try.decidim.org-open-data-projects.csv. The file contains a columnconfirmed_votesthat should not be publically visible.Expected behavior
confirmed_votesshould not appear in the open data.Screenshots
No response
Stacktrace
No response
Extra data
Additional context
I posted a related proposal on metadecidim two months ago: Export budget votes
There I propose adding a more detailed export option in the admin dashboard, while removing vote counts from the standard export when show_votes is disabled (and thereby also removing it from the open data).
I have implemented my proposal and could open a pull request:
develop...DominikPeters:decidim:feature/budget_projects_and_votes_export
To fix the specific issue with too much data disclosure, only the mini changes from that diff for the files
project_serializer.rbandproject_serializer_spec.rbare needed.