From 7ea1bd1262475aa77157c19552c10dcbf07af14d Mon Sep 17 00:00:00 2001
From: David Ernst <git@dsernst.com>
Date: Thu, 26 Sep 2024 23:04:01 -0700
Subject: [PATCH] Begin adding /api/revert-finalized-ballot-design endpoint

---
 .../admin/finalize-ballot-design.ts           |  5 ++--
 .../admin/revert-finalized-ballot-design.ts   | 24 +++++++++++++++++++
 2 files changed, 26 insertions(+), 3 deletions(-)
 create mode 100644 pages/api/election/[election_id]/admin/revert-finalized-ballot-design.ts

diff --git a/pages/api/election/[election_id]/admin/finalize-ballot-design.ts b/pages/api/election/[election_id]/admin/finalize-ballot-design.ts
index 92d98ef8..fdf5092d 100644
--- a/pages/api/election/[election_id]/admin/finalize-ballot-design.ts
+++ b/pages/api/election/[election_id]/admin/finalize-ballot-design.ts
@@ -1,8 +1,7 @@
+import { firebase } from 'api/_services'
+import { checkJwtOwnsElection } from 'api/validate-admin-jwt'
 import { NextApiRequest, NextApiResponse } from 'next'
 
-import { firebase } from '../../../_services'
-import { checkJwtOwnsElection } from '../../../validate-admin-jwt'
-
 export default async (req: NextApiRequest, res: NextApiResponse) => {
   const { election_id } = req.query as { election_id: string }
 
diff --git a/pages/api/election/[election_id]/admin/revert-finalized-ballot-design.ts b/pages/api/election/[election_id]/admin/revert-finalized-ballot-design.ts
new file mode 100644
index 00000000..216433a0
--- /dev/null
+++ b/pages/api/election/[election_id]/admin/revert-finalized-ballot-design.ts
@@ -0,0 +1,24 @@
+import { firebase } from 'api/_services'
+import { checkJwtOwnsElection } from 'api/validate-admin-jwt'
+import { NextApiRequest, NextApiResponse } from 'next'
+
+export default async (req: NextApiRequest, res: NextApiResponse) => {
+  const { election_id } = req.query as { election_id: string }
+
+  // Confirm they're a valid admin that created this election
+  const jwt = await checkJwtOwnsElection(req, res, election_id)
+  if (!jwt.valid) return
+
+  // TODO: Confirm there are no votes cast already
+
+  // TODO: We probably want better accountability here to be extra sure election admins aren't maliciously flipping ballot designs in misleading ways. See https://github.com/siv-org/siv/issues/85
+
+  // TODO: Notify admin this feature is being used
+
+  // TODO: Store the previously- finalized version, to ensure this feature isn't being used maliciously
+
+  // Unset `ballot_design_finalized` in db
+  await firebase.firestore().collection('elections').doc(election_id).update({ ballot_design_finalized: false })
+
+  return res.status(201).json({ message: 'Reverted finalized ballot design' })
+}