Fix election eligibility inconsistency

Author: alexiri

astra_app/core/elections_eligibility.py

@@ -500,40 +500,44 @@ def _normalized_usernames(values: Iterable[str]) -> list[str]:
     return normalized
 
 
+def start_eligible_voters(
+    *,
+    election: Election,
+    eligible_group_cn: str | None = None,
+    require_fresh: bool = False,
+) -> list[EligibleVoter]:
+    return eligible_voters_from_memberships(
+        election=election,
+        eligible_group_cn=eligible_group_cn,
+        require_fresh=require_fresh,
+    )
+
+
 def eligible_candidate_usernames(
     *,
     election: Election,
     eligible_group_cn: str | None = None,
     require_fresh: bool = False,
 ) -> set[str]:
-    eligible_usernames = {
-        voter.username
-        for voter in eligible_voters_from_memberships(
-            election=election,
-            eligible_group_cn=eligible_group_cn,
-            require_fresh=require_fresh,
-        )
-    }
+    eligible_voters = eligible_voters_from_memberships(
+        election=election,
+        eligible_group_cn=eligible_group_cn,
+        require_fresh=require_fresh,
+    )
+    if not eligible_voters:
+        return set()
 
     disqualified_candidates, _disqualified_nominators = election_committee_disqualification(
-        candidate_usernames=eligible_usernames,
+        candidate_usernames=(voter.username for voter in eligible_voters),
         nominator_usernames=(),
         require_fresh=require_fresh,
     )
     disqualified_lower = {username.lower() for username in disqualified_candidates}
-    filtered = {username for username in eligible_usernames if username.lower() not in disqualified_lower}
-    logger.debug(
-        "Eligible candidate usernames resolved: eligible=%s disqualified=%s filtered=%s",
-        len(eligible_usernames),
-        len(disqualified_candidates),
-        len(filtered),
-    )
-    if disqualified_candidates:
-        logger.debug(
-            "Committee-disqualified candidates filtered from eligibility: %s",
-            sorted(disqualified_candidates, key=str.lower),
-        )
-    return filtered
+    return {
+        voter.username
+        for voter in eligible_voters
+        if voter.username.lower() not in disqualified_lower
+    }
 
 
 def eligible_nominator_usernames(*, election: Election, require_fresh: bool = False) -> set[str]:

astra_app/core/elections_services.py

@@ -18,7 +18,7 @@
 from post_office.models import Email
 
 from core import signals as astra_signals
-from core.elections_eligibility import eligible_voters_from_memberships
+from core.elections_eligibility import start_eligible_voters
 from core.elections_timestamping import get_public_payload, schedule_attestation
 from core.email_context import (
     election_committee_email_context,
@@ -529,7 +529,7 @@ def election_quorum_status(*, election: Election) -> dict[str, int | bool]:
         eligible_voter_count = int(cred_agg.get("voters") or 0)
         eligible_vote_weight_total = int(cred_agg.get("votes") or 0)
     else:
-        eligible = eligible_voters_from_memberships(election=election)
+        eligible = start_eligible_voters(election=election)
         eligible_voter_count = len(eligible)
         eligible_vote_weight_total = sum(v.weight for v in eligible)
 
@@ -860,7 +860,7 @@ def _issue_voting_credentials_from_memberships(
     if AuditLogEntry.objects.filter(election=election, event_type="election_anonymized").exists():
         raise ElectionError("cannot issue credentials for an anonymized election")
 
-    eligible = eligible_voters_from_memberships(
+    eligible = start_eligible_voters(
         election=election,
         require_fresh=True,
     )

astra_app/core/templates/core/election_edit.html

@@ -143,7 +143,7 @@ <h5 class="modal-title" id="start-election-modal-label">Start election?</h5>
             <div class="modal-body">
               <p class="mb-2">This will open the election and email voting credentials to all eligible voters.</p>
               {% if vacant_seats_count > 0 %}
-                <p class="text-warning mb-2">
+                <p class="text-danger mb-2">
                   <strong>Warning:</strong>
                   This election has {{ election.number_of_seats }} seat{{ election.number_of_seats|pluralize }} but only {{ candidate_count }} candidate{{ candidate_count|pluralize }}, so it will finish with {{ vacant_seats_count }} vacant seat{{ vacant_seats_count|pluralize }}.
                 </p>

astra_app/core/tests/test_election_edit_lifecycle.py

@@ -8,6 +8,7 @@
 from django.urls import reverse
 from django.utils import timezone
 
+from core.elections_eligibility import CandidateValidationResult, EligibleVoter
 from core.freeipa.exceptions import FreeIPAMisconfiguredError
 from core.freeipa.group import FreeIPAGroup
 from core.freeipa.user import FreeIPAUser
@@ -700,7 +701,75 @@ def _get_group(*, cn: str, require_fresh: bool = False) -> FreeIPAGroup:
         self.assertEqual(resp.status_code, 200)
         election.refresh_from_db()
         self.assertEqual(election.status, Election.Status.draft)
-        self.assertContains(resp, "No eligible voters")
+
+    def test_start_election_uses_membership_electorate_even_when_committee_filter_is_empty(self) -> None:
+        now = timezone.now()
+        election = Election.objects.create(
+            name="Draft election",
+            description="",
+            url="",
+            start_datetime=now + datetime.timedelta(days=1),
+            end_datetime=now + datetime.timedelta(days=2),
+            number_of_seats=1,
+            status=Election.Status.draft,
+        )
+        Candidate.objects.create(election=election, freeipa_username="alice", nominated_by="nominator")
+
+        self._login_as_freeipa_user("admin")
+        self._grant_manage_elections("admin")
+
+        clean_validation = CandidateValidationResult(
+            eligible_candidates={"alice"},
+            eligible_nominators={"nominator"},
+            disqualified_candidates=set(),
+            disqualified_nominators=set(),
+            ineligible_candidates=set(),
+            ineligible_nominators=set(),
+        )
+
+        start_str = (now + datetime.timedelta(days=1)).strftime("%Y-%m-%dT%H:%M")
+        end_str = (now + datetime.timedelta(days=2)).strftime("%Y-%m-%dT%H:%M")
+
+        with (
+            patch(
+                "core.views_elections.edit.elections_eligibility.eligible_voters_from_memberships",
+                return_value=[EligibleVoter(username="committee-member", weight=1)],
+            ),
+            patch(
+                "core.views_elections.edit.elections_eligibility.start_eligible_voters",
+                return_value=[],
+            ),
+            patch(
+                "core.views_elections.edit.elections_eligibility.validate_candidates_for_election",
+                return_value=clean_validation,
+            ),
+            patch(
+                "core.views_elections.edit.issue_credentials_at_start_transition",
+                return_value=[],
+            ),
+        ):
+            resp = self.client.post(
+                reverse("election-edit", args=[election.id]),
+                data={
+                    "action": "start_election",
+                    "name": election.name,
+                    "description": election.description,
+                    "url": election.url,
+                    "start_datetime": start_str,
+                    "end_datetime": end_str,
+                    "number_of_seats": str(election.number_of_seats),
+                    "quorum": str(election.quorum),
+                    "email_template_id": "",
+                    "subject": "",
+                    "html_content": "",
+                    "text_content": "",
+                },
+                follow=False,
+            )
+
+        self.assertEqual(resp.status_code, 302)
+        election.refresh_from_db()
+        self.assertEqual(election.status, Election.Status.open)
 
     def test_start_election_blocks_ineligible_candidates(self) -> None:
         now = timezone.now()

astra_app/core/tests/test_elections_committee_disqualification.py

@@ -197,6 +197,43 @@ def _get_user(username: str) -> FreeIPAUser:
         self.assertIn("bob", results)
         self.assertNotIn("alice", results)
 
+    def test_eligible_voter_count_includes_committee_members(self) -> None:
+        now = timezone.now()
+        self._create_membership(username="alice", now=now)
+        self._create_membership(username="bob", now=now)
+
+        election = Election.objects.create(
+            name="Draft election",
+            description="",
+            url="",
+            start_datetime=now + datetime.timedelta(days=5),
+            end_datetime=now + datetime.timedelta(days=6),
+            number_of_seats=1,
+            status=Election.Status.draft,
+        )
+
+        self._login_as_freeipa_user("admin")
+        self._grant_manage_permission("admin")
+
+        committee_group = FreeIPAGroup(
+            settings.FREEIPA_ELECTION_COMMITTEE_GROUP,
+            {"member_user": ["alice"]},
+        )
+
+        def _get_group(*, cn: str, require_fresh: bool = False) -> FreeIPAGroup:
+            if cn != committee_group.cn:
+                raise FreeIPAMisconfiguredError("Unknown group")
+            return committee_group
+
+        with patch("core.elections_eligibility.get_freeipa_group_for_elections", side_effect=_get_group):
+            resp = self.client.get(
+                reverse("election-eligible-users-search", args=[election.id]),
+                {"count_only": "1"},
+            )
+
+        self.assertEqual(resp.status_code, 200)
+        self.assertEqual(resp.json(), {"count": 2})
+
     def test_nomination_search_excludes_committee_members(self) -> None:
         now = timezone.now()
         self._create_membership(username="alice", now=now)

astra_app/core/tests/test_elections_edit_ui.py

@@ -226,6 +226,44 @@ def _login_as_freeipa_user(self, username: str) -> None:
         session["_freeipa_username"] = username
         session.save()
 
+    def test_draft_edit_page_eligible_voters_count_uses_membership_electorate(self) -> None:
+        self._login_as_freeipa_user("admin")
+        FreeIPAPermissionGrant.objects.create(
+            principal_type=FreeIPAPermissionGrant.PrincipalType.user,
+            principal_name="admin",
+            permission=ASTRA_ADD_ELECTION,
+        )
+
+        now = timezone.now()
+        election = Election.objects.create(
+            name="Draft start count",
+            description="",
+            url="",
+            start_datetime=now + datetime.timedelta(days=10),
+            end_datetime=now + datetime.timedelta(days=11),
+            number_of_seats=1,
+            status=Election.Status.draft,
+        )
+
+        with (
+            patch(
+                "core.views_elections.edit.elections_eligibility.start_eligible_voters",
+                return_value=[SimpleNamespace(username="eligible", weight=1)],
+            ),
+            patch(
+                "core.views_elections.edit.elections_eligibility.eligible_voters_from_memberships",
+                return_value=[
+                    SimpleNamespace(username="eligible", weight=1),
+                    SimpleNamespace(username="committee-member", weight=1),
+                ],
+            ),
+        ):
+            resp = self.client.get(reverse("election-edit", args=[election.id]))
+
+        self.assertEqual(resp.status_code, 200)
+        self.assertEqual(resp.context["eligible_voters_count"], 2)
+        self.assertEqual(resp.context["nomination_eligible_voters_count"], 2)
+
     def test_draft_election_is_deletable(self) -> None:
         self._login_as_freeipa_user("admin")
         FreeIPAPermissionGrant.objects.create(

astra_app/core/tests/test_elections_flow.py

@@ -31,6 +31,7 @@
     submit_ballot,
     tally_election,
 )
+from core.freeipa.group import FreeIPAGroup
 from core.freeipa.user import FreeIPAUser
 from core.models import AuditLogEntry, Ballot, Candidate, Election, Membership, MembershipType, VotingCredential
 from core.tests.ballot_chain import compute_chain_hash
@@ -607,6 +608,46 @@ def test_issue_credentials_at_start_transition_is_public_start_entrypoint(self)
         credential = VotingCredential.objects.get(election=election, freeipa_username="alice")
         self.assertEqual(credential.weight, 2)
 
+    def test_issue_credentials_at_start_transition_includes_committee_members(self) -> None:
+        now = timezone.now()
+        election = Election.objects.create(
+            name="Committee eligible start election",
+            description="",
+            start_datetime=now,
+            end_datetime=now + datetime.timedelta(days=1),
+            number_of_seats=1,
+            status=Election.Status.open,
+        )
+
+        voter = MembershipType.objects.create(
+            code="voter_committee_filtered",
+            name="Voter",
+            votes=1,
+            category_id="individual",
+            enabled=True,
+        )
+        eligible_created_at = election.start_datetime - datetime.timedelta(days=200)
+        alice_membership = Membership.objects.create(target_username="alice", membership_type=voter, expires_at=None)
+        bob_membership = Membership.objects.create(target_username="bob", membership_type=voter, expires_at=None)
+        Membership.objects.filter(pk=alice_membership.pk).update(created_at=eligible_created_at)
+        Membership.objects.filter(pk=bob_membership.pk).update(created_at=eligible_created_at)
+
+        committee_group = FreeIPAGroup(
+            settings.FREEIPA_ELECTION_COMMITTEE_GROUP,
+            {"member_user": ["alice"]},
+        )
+
+        with patch(
+            "core.elections_eligibility.get_freeipa_group_for_elections",
+            return_value=committee_group,
+        ):
+            issued = issue_credentials_at_start_transition(election=election)
+
+        self.assertEqual({credential.freeipa_username for credential in issued}, {"alice", "bob"})
+        self.assertTrue(
+            VotingCredential.objects.filter(election=election, freeipa_username="alice").exists()
+        )
+
     def test_credential_creation_only_at_start_transition(self) -> None:
         now = timezone.now()
         election = Election.objects.create(

astra_app/core/tests/test_elections_quorum_and_extensions.py

@@ -1,5 +1,6 @@
 
 import datetime
+from types import SimpleNamespace
 from unittest.mock import patch
 
 from django.test import TestCase
@@ -255,6 +256,29 @@ def _create_ballot(self, *, election: Election, credential_public_id: str, weigh
             chain_hash=chain_hash,
         )
 
+    def test_draft_quorum_status_uses_start_eligible_voters_count(self) -> None:
+        now = timezone.now()
+        election = Election.objects.create(
+            name="Draft start electorate",
+            description="",
+            start_datetime=now + datetime.timedelta(days=1),
+            end_datetime=now + datetime.timedelta(days=2),
+            number_of_seats=1,
+            quorum=50,
+            status=Election.Status.draft,
+        )
+
+        with patch(
+            "core.elections_services.start_eligible_voters",
+            return_value=[SimpleNamespace(username="eligible", weight=3)],
+        ):
+            status = election_quorum_status(election=election)
+
+        self.assertEqual(status.get("eligible_voter_count"), 1)
+        self.assertEqual(status.get("eligible_vote_weight_total"), 3)
+        self.assertEqual(status.get("required_participating_voter_count"), 1)
+        self.assertEqual(status.get("required_participating_vote_weight_total"), 2)
+
     def test_quorum_requires_weight_and_count_thresholds(self) -> None:
         now = timezone.now()
         election = Election.objects.create(

astra_app/core/views_elections/edit.py

@@ -360,14 +360,11 @@ def _handle_start_election(
         return None
 
     try:
-        eligible_voter_usernames = {
-            v.username
-            for v in elections_eligibility.eligible_voters_from_memberships(
-                election=election,
-                require_fresh=True,
-            )
-        }
-        no_eligible_voters = not eligible_voter_usernames
+        start_eligible_voters = elections_eligibility.eligible_voters_from_memberships(
+            election=election,
+            require_fresh=True,
+        )
+        no_eligible_voters = not start_eligible_voters
         validation = elections_eligibility.validate_candidates_for_election(
             election=election,
             candidate_usernames=candidate_usernames,
@@ -524,7 +521,8 @@ def election_edit(request, election_id: int):
     def _membership_eligibility_sets(for_election: Election) -> tuple[set[str], set[str]]:
         try:
             eligible_usernames = {
-                v.username for v in elections_eligibility.eligible_voters_from_memberships(election=for_election)
+                v.username
+                for v in elections_eligibility.eligible_voters_from_memberships(election=for_election)
             }
             nomination_usernames = {
                 v.username