Election 'Managers' can't manage elections, only creator.
JeremiahInMN opened this issue · 1 comments
Perhaps I'm not understanding what the Managers are supposed to do. My assumption is that they should be able to edit an election, add voters, etc... Currently only the election.created_by is able to manage their own elections. Also, currently any user that is auth.user and auth.user.is_manager can see the start page for any election in the system by just modifying the url. I would think this would be a security issue as only Managers and Voters should be able to see the contents of a ballot on any election.
PS.... Elections page only shows elections you created, not that you are set as Manager for. Tried to fix this but not able to figure out the query. Was thinking something like elections = db(auth.user.email in db.election.managers).select(orderby=~db.election.created_on) but that's not it.