cody/wrestlingdev.com
1
0
Fork 0
mirror of https://github.com/jcwimer/wrestlingApp synced 2026-03-25 01:14:43 +00:00
Code Issues Releases Wiki Activity

School delegates permissions are working

Browse Source
This commit is contained in:
Jacob Cody Wimer
2016-01-07 16:08:46 +00:00
parent cbf95ea07b
commit 612902aa91
10 changed files with 92 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/controllers/schools_controller.rb
View File

@@ -1,6 +1,7 @@
class SchoolsController < ApplicationController
before_action :set_school, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy,:edit]
before_filter :check_access_director, only: [:new,:create,:destroy]
before_filter :check_access_delegate, only: [:update,:edit]
# GET /schools/1
@@ -76,15 +77,21 @@ class SchoolsController < ApplicationController
params.require(:school).permit(:name, :score, :tournament_id)
end
def check_access
def check_access_director
if params[:tournament]
@tournament = Tournament.find(params[:tournament])
elsif params[:school]
@tournament = Tournament.find(params[:school]["tournament_id"])
elsif @school
@tournament = @school.tournament
elsif school_params
@tournament = Tournament.find(school_params[:tournament_id])
end
authorize! :manage, @tournament
end
def check_access_delegate
authorize! :manage, @school
end
end

11
app/controllers/wrestlers_controller.rb
View File

@@ -92,13 +92,16 @@ class WrestlersController < ApplicationController
def check_access
if params[:school]
@school = School.find(params[:school])
@tournament = Tournament.find(@school.tournament.id)
#@tournament = Tournament.find(@school.tournament.id)
elsif params[:wrestler]
@school = School.find(params[:wrestler]["school_id"])
@tournament = Tournament.find(@school.tournament.id)
#@tournament = Tournament.find(@school.tournament.id)
elsif @wrestler
@tournament = @wrestler.tournament
@school = @wrestler.school
#@tournament = @wrestler.tournament
elsif wrestler_params
@school = School.find(wrestler_params[:school_id])
end
authorize! :manage, @tournament
authorize! :manage, @school
end
end

2
app/models/ability.rb
View File

@@ -40,7 +40,7 @@ class Ability
end
#Can manage school if tournament owner
can :manage, School do |school|
school.tournament.map(&:user_id).include? user.id
school.tournament.user.id == user.id
end
#Can manage school if tournament delegate
can :manage, School do |school|

6
app/views/schools/show.html.erb
View File

@@ -1,7 +1,7 @@
<p id="notice"><%= notice %></p>
<%= link_to "Back to #{@tournament.name}", "/tournaments/#{@tournament.id}",:class=>"btn btn-default" %>
<% if can? :manage, @tournament %>
<% if can? :manage, @school %>
| <%= link_to "Edit #{@school.name}", edit_school_path(@school),:class=>"btn btn-primary" %>
<% end %>
@@ -27,7 +27,7 @@
<br>
<% if can? :manage, @tournament %>
<% if can? :manage, @school %>
<%= link_to "New #{@school.name} Wrestler" , "/wrestlers/new?school=#{@school.id}", :class=>"btn btn-success"%>
<% end %>
<br>
@@ -66,7 +66,7 @@
<td><%= wrestler.nextMatchBoutNumber %> <%= wrestler.nextMatchMatName %></td>
<td>
<%= link_to 'Show', wrestler , :class=>"btn btn-default btn-sm" %>
<% if can? :manage, @tournament %>
<% if can? :manage, wrestler.school %>
<%= link_to 'Edit', edit_wrestler_path(wrestler),:class=>"btn btn-primary btn-sm" %>
<%= link_to 'Destroy', wrestler, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm" %>
<% end %>

4
app/views/tournaments/show.html.erb
View File

@@ -53,8 +53,10 @@
<tr>
<td><%= school.name %></td>
<td><%= link_to 'Show', school, :class=>"btn btn-default btn-sm" %>
<% if can? :manage, @tournament %>
<% if can? :manage, school %>
<%= link_to 'Edit', edit_school_path(school), :class=>"btn btn-primary btn-sm" %>
<% end %>
<% if can? :manage, @tournament %>
<%= link_to 'Destroy', school, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm" %>
<% end %>
</td>

2
app/views/wrestlers/show.html.erb
View File

@@ -2,7 +2,7 @@
<p id="notice"><%= notice %></p>
<%= link_to "Back to #{@school.name}", "/schools/#{@school.id}", :class=>"btn btn-default" %>
<% if can? :manage, @tournament %>
<% if can? :manage, @school %>
| <%= link_to "Edit #{@wrestler.name}", edit_wrestler_path(@wrestler), :class=>"btn btn-primary" %>
<% end %>
<% cache ["wrestlers", @wrestler] do %>

30
test/controllers/schools_controller_test.rb
View File

@@ -40,6 +40,10 @@ class SchoolsControllerTest < ActionController::TestCase
def sign_in_tournament_delegate
sign_in users(:three)
end
def sign_in_school_delegate
sign_in users(:four)
end
def success
assert_response :success
@@ -60,6 +64,12 @@ class SchoolsControllerTest < ActionController::TestCase
get_edit
success
end
test "logged in school delegate should get edit school page" do
sign_in_school_delegate
get_edit
success
end
test "logged in user should not get edit school page if not owner" do
sign_in_non_owner
@@ -94,6 +104,12 @@ class SchoolsControllerTest < ActionController::TestCase
post_update
assert_redirected_to tournament_path(@school.tournament_id)
end
test "logged in school delegate should post update school" do
sign_in_school_delegate
post_update
assert_redirected_to tournament_path(@school.tournament_id)
end
test "logged in tournament owner can create a new school" do
sign_in_owner
@@ -110,6 +126,14 @@ class SchoolsControllerTest < ActionController::TestCase
create
assert_redirected_to tournament_path(@school.tournament_id)
end
test "logged in school delegate cannot create a new school" do
sign_in_school_delegate
new
redirect
create
redirect
end
test "logged in user not tournament owner cannot create a school" do
sign_in_non_owner
@@ -130,6 +154,12 @@ class SchoolsControllerTest < ActionController::TestCase
destroy
assert_redirected_to tournament_path(@tournament.id)
end
test "logged in school delegate can destroy a school" do
sign_in_school_delegate
destroy
redirect
end
test "logged in user not tournament owner cannot destroy school" do
sign_in_non_owner

30
test/controllers/wrestlers_controller_test.rb
View File

@@ -41,6 +41,10 @@ class WrestlersControllerTest < ActionController::TestCase
def sign_in_tournament_delegate
sign_in users(:three)
end
def sign_in_school_delegate
sign_in users(:four)
end
def success
assert_response :success
@@ -61,6 +65,12 @@ class WrestlersControllerTest < ActionController::TestCase
get_edit
success
end
test "logged in school delegate should get edit wrestler page" do
sign_in_school_delegate
get_edit
success
end
test "logged in user should not get edit wrestler page if not owner" do
sign_in_non_owner
@@ -95,6 +105,12 @@ class WrestlersControllerTest < ActionController::TestCase
post_update
assert_redirected_to school_path(@school.id)
end
test "logged in school delegate should post update wrestler" do
sign_in_school_delegate
post_update
assert_redirected_to school_path(@school.id)
end
test "logged in tournament owner can create a new wrestler" do
sign_in_owner
@@ -111,6 +127,14 @@ class WrestlersControllerTest < ActionController::TestCase
create
assert_redirected_to school_path(@school.id)
end
test "logged in school delegate can create a new wrestler" do
sign_in_school_delegate
new
success
create
assert_redirected_to school_path(@school.id)
end
test "logged in user not tournament owner cannot create a wrestler" do
sign_in_non_owner
@@ -131,6 +155,12 @@ class WrestlersControllerTest < ActionController::TestCase
destroy
assert_redirected_to school_path(@school.id)
end
test "logged in school delegate can destroy a wrestler" do
sign_in_school_delegate
destroy
assert_redirected_to school_path(@school.id)
end
test "logged in user not tournament owner cannot destroy wrestler" do
sign_in_non_owner

4
test/fixtures/school_delegates.yml vendored
View File

@@ -7,3 +7,7 @@
# two:
# user_id: 1
# school_id: 1
one:
user_id: 4
school_id: 1

4
test/fixtures/users.yml vendored
View File

@@ -19,3 +19,7 @@ two:
three:
email: test3@test.com
id: 3
four:
email: test4@test.com
id: 4