Changing voting time after voting has been closed allows the voting results to be manipulated

[ilmartyrk]

Original in fe-old

What is the user story?

Lately I have received feedback from three different users where they suggested that we should not allow to change the voting time after the deadline has arrived if admin user can download voting results. Current flow that many users have discovered is:

1. Admin user starts voting and sets voting time OR chooses to close the voting after all votes are counted
2. When voting time arrives OR all votes are counted, then our system automatically closes the voting
3. Admin user can now download the voting results and see who and how have voted and then reopen the voting again by setting new deadline to the voting (AND this action doesn´t leave any mark to the activity feed)

One user had the issue where he "accidentally" (he didn´t understand what does the "All votes are in" button) opted in this button and invited via email only few people. He shared the topic via share link and topic was closed by the system after those few people who were invited into the topic, voted. That caused a lot of trouble, because people with link couldn´t vote any longer.

Which feature needs to be updated and how?

There are actually two problems in this issue:

1. Admin user can see the voting results by setting earlier voting time and then reopening the voting without leaving any track to activity feed for other people to know;
2. "All votes are in" is closing the voting for all people (inlc. link share) but is counting in only users who have been invited via email invitation.

I propose to solve the first issue so that we only allow to change the voting time until the deadline has arrived -- by that time admin user can bring the voting end closer or extend the voting time. AND during this time user cannot download voting results. But once the deadline has arrived, we close the voting for good and after downloading voting results, admin users cannot reopen voting or set new deadline.

Additionally, our system should leave mark in the Activity feed for all (?) users to notify them that user X was downloading voting results. That would make the voting more transparent IMHO.

So, to make it clearer:

1. I open voting and set voting time by 1.06.2022 at 17:00
2. Until the deadline has arrived I can change the voting deadline -- either bring it earlier or extend it
3. Once 1.06.2022 at 17:00 has arrived, our system closes the voting for good and I cannot reopen voting or set new voting time
4. I will download voting results and all participants will get notification in their activity feed about this action

Additional information. "All votes are in" problem should be discussed in different ticket and I will open new issue for that.

[ilmartyrk]

Triage 66.

Tested that when user downloads eID voting results, then in Activity feed we show that "User has downloaded voting results". Currently this is not being displayed in social log it, but we should show this also in Users activity feed and need to fix this. If the deadline hasn´t arrived yet, then we allow User to change the deadline. After the deadline has arrived, our system automatically sends topic to follow-up status and Admin User can download the results. After that the User cannot change the deadline OR open the topic. Est. dev. time 4 hours. We´ll open new issue to discuss the "All votes are in" issue.

[BeccaMelhuish]

@ssin1901 is it OK to put this to QA for you to check if still relevant, as I have a feeling it was fixed via the redesign? Will do so for now :)