A voting app for simulated Student Elections

Hi, forgers,

We are building an on-line app for students and student election committees to hold simulations of real-life elections at their schools. This implies the app has to provide for universal, direct, secret, and equal voting, and an intuitive interface for the committees to count and send the election protocol. The app holds the position of an electronic voting machine, to which voters are admitted after being authenticated by the committee.

The expected numbers of users is approximately 2000 at 5 schools at a time, so over a week, some 10k users should cast their votes.

The current state of the app is here: M3 App 1 (anvil.app)

We are having issues with populating a repeating panel with checkboxes with the correct candidates and collecting the check-box selection, right now the fix is kind of awkward.

We also have no idea how secure the app or how to estimate load before failure.

Last but not least we still haven’t figured out how to set Global variables

So if you’re seeing this, please comment or let us know how to improve on the code!
Thanks!

5 Likes

TableError: More than one row matched this query

I expect you’re getting this error using app_tables..get() instead of app_tables.

.search() - or entries need to be validated before saving to the database, to ensure there are no duplicates.

If you share the clone of your app, community members can potentially help with code suggestions.

2 Likes

Yes, thanks for pointing this issue out:

The clone is available at Anvil | Login

Will be welcoming all suggestions!
As far as the table.search() goes I have a vague idea how to prevent the error by storing the number of times the code has been used and limiting the search to order=1.

for those who have been following, the app is live at https://studentskevolby.anvil.app/
inputting a voter code from a list of codes would successfully guide the user through correct candidate lists through a hierarchy of constituencies/voting districts and record the vote in a table

However, finding out how to split strings and how to count candidates seems out of reach atm.

In other words, the voting machine has also to print results for the given polling station as the other core feature.

1 Like

This is really cool. Thanks for sharing @martin.kustek!

I’d really just welcome having help while figuring out python, you know :smiley:

If you post a Q&A topic specific to your question, with details on what you’re trying to do and what you’ve tried, we’re happy to help.

2 Likes

Thanks! I have: Parse through a column in a data table and count occurrences for each item on a list - Anvil Q&A - Anvil Community Forum

Hi @martin.kustek , I cloned your app from the link where you asked about parsing a column and I just wanted to make you aware that you have both the Ballot and Votes tables as editable directly by forms:

This is insecure and will allow any malicious actor to violate the integrity of the vote information and or modify the ballot information for any potential future users.

Any and all code that changes the actual voted information should be passed through a server function that updates the table information, and that callable function should be properly secured using some kind of user authentication function passed to the @anvil.server.callable() decorator.

I thought it was necessary because the Form object wrote values into the tables.
I most heartily agree it doesn’t sound secure at all.

1 Like

I would write a simple security function that checks if the user is logged in or not in the server module.

If you wanted to make it more complicated, your security function could even disallow voting in the election during invalid times. (AKA before the start of or after the election is over)

You can pass this function directly to the @anvil.server.callable() decorator.

I have a function prepared for the rooms, where the voting station can be open and closed by the committee, upon providing a pre-shared PIN (in Schools table).

Security hangs on the validation of voter codes. The point of the app is to let all holders of valid voter codes to vote, where voter codes are disbursed by a live committee in a physical room. e: from the app’s POV, the vote should be always anonymous.

e: I reckon security would be improved by storing selected checkboxes into Global variables instead of the Ballot table, and have a server function collect the Global variables at end of the vote sequence into the Votes table. In this way, Forms objects wouldn’t use write access to tables at all. Please correct me if wrong.

That is definitely a better way to do it, it follows the entire logic of the virtualization of a ballot imo.

The ballot is in your hand as “the client” until it isn’t. (as “the submission” to a data table)

1 Like

I’ll do it as soon as I resolve the other issue I’m looking at, the counting function from the Committee Form.
There, I need to count individual votes which can each have multiple items (or none).

You’re right and that’s a good way how to look at it.

I have rewritten the code to use global variables and got rid of the Ballot table. All the tables should be read-only from the client - and they’re either public data - constituencies or candidates - or anonymous data - like votes submitted.

I could work on hiding the votes or schools tables from client entirely as improvements after key features are done.