Players can vote on cards game time/before/after completed rounds/finished game

[khushal-winner]

Describe the bug
Players can vote on any dealt_card by guessing/submitting its ID *(from the console) — even before the game starts, or after it ends. Backend toggle_vote handler lacks validation and even in completed rounds just from card id. Player can manipulate the data by voting or unvoting the cards after the game ends, if player partner with another player they can share their car ids and manipulate the data later or even before the game starts

Expected behavior
Voting must be allowed only when the game is active (started_at is set and finished_at is nil).

Desktop (please complete the following information):
OS: any
Browser: any
Version: any

Additional context
Critical missing server-side checks in handle_event("toggle_vote", …):

• No check of game lifecycle (started_at / !finished_at)

Are you going to work on fixing this?

• Yes
• No

[Adarshkumar0509]

@khushal-winner This is a duplicate of #2520 which I raised . A fix is already submitted in PR #2523.

[khushal-winner]

@khushal-winner This is a duplicate of #2520 which I raised . A fix is already submitted in PR #2523.

@Adarshkumar0509 , okay but that was for "player can vote in any game" i will fix the remaining that is " player should not be able to vote before the game starts and after the game ends" also i will try to implement " player can only vote for the current round not for previous or next rounds", thanks for letting me know :)) i will modify the issue shortly

[pranitaurlam]

Hi @khushal-winner, I've submitted a fix for the game lifecycle validation in PR #2589. The handle_event("toggle_vote", ...) handler now rejects votes when started_at is nil (game not started) or finished_at is not nil (game already ended). Let me know if you'd like me to also add the round-level check you mentioned!

[khushal-winner]

Hi @khushal-winner, I've submitted a fix for the game lifecycle validation in PR #2589. The handle_event("toggle_vote", ...) handler now rejects votes when started_at is nil (game not started) or finished_at is not nil (game already ended). Let me know if you'd like me to also add the round-level check you mentioned!

@pranitaurlam , Great effort showed but iam already working on this issue and you should be assigned first to work on someone's issue and i had already mentioned that iam going to work on this issue, Please Close this PR and ask before working on the issue

[sydseter]

@khushal-winner I have assigned you. Try to focus on what you have going so far.