School delegates permissions are working

2026-04-02 13:15:27 +00:00 · 2016-01-07 16:08:46 +00:00
parent cbf95ea07b
commit 612902aa91
10 changed files with 92 additions and 12 deletions
--- a/app/controllers/schools_controller.rb
+++ b/app/controllers/schools_controller.rb
@@ -1,6 +1,7 @@
 class SchoolsController < ApplicationController
  before_action :set_school, only: [:show, :edit, :update, :destroy]
-  before_filter :check_access, only: [:new,:create,:update,:destroy,:edit]
+  before_filter :check_access_director, only: [:new,:create,:destroy]
+  before_filter :check_access_delegate, only: [:update,:edit]


  # GET /schools/1
@@ -76,15 +77,21 @@ class SchoolsController < ApplicationController
      params.require(:school).permit(:name, :score, :tournament_id)
    end

-    def check_access
+    def check_access_director
    	if params[:tournament]
    	   @tournament = Tournament.find(params[:tournament])
    	elsif params[:school]
    	   @tournament = Tournament.find(params[:school]["tournament_id"])
    	elsif @school
    	   @tournament = @school.tournament
+    	elsif school_params
+    	   @tournament = Tournament.find(school_params[:tournament_id])
    	end
    	authorize! :manage, @tournament
    end
+    
+    def check_access_delegate
+    	authorize! :manage, @school
+    end

 end
--- a/app/controllers/wrestlers_controller.rb
+++ b/app/controllers/wrestlers_controller.rb
@@ -92,13 +92,16 @@ class WrestlersController < ApplicationController
    def check_access
    	if params[:school]
    	   @school = School.find(params[:school])
-    	   @tournament = Tournament.find(@school.tournament.id)
+    	   #@tournament = Tournament.find(@school.tournament.id)
    	elsif params[:wrestler]
    	   @school = School.find(params[:wrestler]["school_id"])
-    	   @tournament = Tournament.find(@school.tournament.id)
+    	   #@tournament = Tournament.find(@school.tournament.id)
    	elsif @wrestler
-    	   @tournament = @wrestler.tournament
+    	   @school = @wrestler.school
+    	   #@tournament = @wrestler.tournament
+    	elsif wrestler_params
+    	   @school = School.find(wrestler_params[:school_id])
    	end
-    	authorize! :manage, @tournament
+    	authorize! :manage, @school
    end
 end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -40,7 +40,7 @@ class Ability
      end
      #Can manage school if tournament owner
      can :manage, School do |school|
-        school.tournament.map(&:user_id).include? user.id
+        school.tournament.user.id == user.id
      end
      #Can manage school if tournament delegate
      can :manage, School do |school|
--- a/app/views/schools/show.html.erb
+++ b/app/views/schools/show.html.erb
@@ -1,7 +1,7 @@
 
  <p id="notice"><%= notice %></p>
  <%= link_to "Back to #{@tournament.name}", "/tournaments/#{@tournament.id}",:class=>"btn btn-default" %> 
-  <% if can? :manage, @tournament %>
+  <% if can? :manage, @school %>
  | <%= link_to "Edit #{@school.name}", edit_school_path(@school),:class=>"btn btn-primary" %>
  <% end %>

@@ -27,7 +27,7 @@
  
  
  <br>
-  <% if can? :manage, @tournament %>
+  <% if can? :manage, @school %>
    <%= link_to "New #{@school.name} Wrestler" , "/wrestlers/new?school=#{@school.id}", :class=>"btn btn-success"%>
  <% end %>
  <br>
@@ -66,7 +66,7 @@
             <td><%= wrestler.nextMatchBoutNumber %> <%= wrestler.nextMatchMatName %></td>
             <td>
              <%= link_to 'Show', wrestler , :class=>"btn btn-default btn-sm" %>
-              <% if can? :manage, @tournament %>
+              <% if can? :manage, wrestler.school %>
                <%= link_to 'Edit', edit_wrestler_path(wrestler),:class=>"btn btn-primary btn-sm" %>
                <%= link_to 'Destroy', wrestler, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm"  %>
              <% end %>   
--- a/app/views/tournaments/show.html.erb
+++ b/app/views/tournaments/show.html.erb
@@ -53,8 +53,10 @@
      <tr>
        <td><%= school.name %></td>
        <td><%= link_to 'Show', school, :class=>"btn btn-default btn-sm" %>
-          <% if can? :manage, @tournament %>
+          <% if can? :manage, school %>
            <%= link_to 'Edit', edit_school_path(school), :class=>"btn btn-primary btn-sm" %>
+          <% end %>
+          <% if can? :manage, @tournament %>
            <%= link_to 'Destroy', school, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm" %>
          <% end %>
        </td>
--- a/app/views/wrestlers/show.html.erb
+++ b/app/views/wrestlers/show.html.erb
@@ -2,7 +2,7 @@
  <p id="notice"><%= notice %></p>
  
  <%= link_to "Back to #{@school.name}", "/schools/#{@school.id}", :class=>"btn btn-default" %>
-  <% if can? :manage, @tournament %>
+  <% if can? :manage, @school %>
    | <%= link_to "Edit #{@wrestler.name}", edit_wrestler_path(@wrestler), :class=>"btn btn-primary" %>
  <% end %>
 <% cache ["wrestlers", @wrestler] do %>