mirror of
https://github.com/jcwimer/wrestlingApp
synced 2026-03-25 01:14:43 +00:00
School delegates permissions are working
This commit is contained in:
@@ -1,6 +1,7 @@
|
|||||||
class SchoolsController < ApplicationController
|
class SchoolsController < ApplicationController
|
||||||
before_action :set_school, only: [:show, :edit, :update, :destroy]
|
before_action :set_school, only: [:show, :edit, :update, :destroy]
|
||||||
before_filter :check_access, only: [:new,:create,:update,:destroy,:edit]
|
before_filter :check_access_director, only: [:new,:create,:destroy]
|
||||||
|
before_filter :check_access_delegate, only: [:update,:edit]
|
||||||
|
|
||||||
|
|
||||||
# GET /schools/1
|
# GET /schools/1
|
||||||
@@ -76,15 +77,21 @@ class SchoolsController < ApplicationController
|
|||||||
params.require(:school).permit(:name, :score, :tournament_id)
|
params.require(:school).permit(:name, :score, :tournament_id)
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_access
|
def check_access_director
|
||||||
if params[:tournament]
|
if params[:tournament]
|
||||||
@tournament = Tournament.find(params[:tournament])
|
@tournament = Tournament.find(params[:tournament])
|
||||||
elsif params[:school]
|
elsif params[:school]
|
||||||
@tournament = Tournament.find(params[:school]["tournament_id"])
|
@tournament = Tournament.find(params[:school]["tournament_id"])
|
||||||
elsif @school
|
elsif @school
|
||||||
@tournament = @school.tournament
|
@tournament = @school.tournament
|
||||||
|
elsif school_params
|
||||||
|
@tournament = Tournament.find(school_params[:tournament_id])
|
||||||
end
|
end
|
||||||
authorize! :manage, @tournament
|
authorize! :manage, @tournament
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def check_access_delegate
|
||||||
|
authorize! :manage, @school
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -92,13 +92,16 @@ class WrestlersController < ApplicationController
|
|||||||
def check_access
|
def check_access
|
||||||
if params[:school]
|
if params[:school]
|
||||||
@school = School.find(params[:school])
|
@school = School.find(params[:school])
|
||||||
@tournament = Tournament.find(@school.tournament.id)
|
#@tournament = Tournament.find(@school.tournament.id)
|
||||||
elsif params[:wrestler]
|
elsif params[:wrestler]
|
||||||
@school = School.find(params[:wrestler]["school_id"])
|
@school = School.find(params[:wrestler]["school_id"])
|
||||||
@tournament = Tournament.find(@school.tournament.id)
|
#@tournament = Tournament.find(@school.tournament.id)
|
||||||
elsif @wrestler
|
elsif @wrestler
|
||||||
@tournament = @wrestler.tournament
|
@school = @wrestler.school
|
||||||
|
#@tournament = @wrestler.tournament
|
||||||
|
elsif wrestler_params
|
||||||
|
@school = School.find(wrestler_params[:school_id])
|
||||||
end
|
end
|
||||||
authorize! :manage, @tournament
|
authorize! :manage, @school
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ class Ability
|
|||||||
end
|
end
|
||||||
#Can manage school if tournament owner
|
#Can manage school if tournament owner
|
||||||
can :manage, School do |school|
|
can :manage, School do |school|
|
||||||
school.tournament.map(&:user_id).include? user.id
|
school.tournament.user.id == user.id
|
||||||
end
|
end
|
||||||
#Can manage school if tournament delegate
|
#Can manage school if tournament delegate
|
||||||
can :manage, School do |school|
|
can :manage, School do |school|
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
|
|
||||||
<p id="notice"><%= notice %></p>
|
<p id="notice"><%= notice %></p>
|
||||||
<%= link_to "Back to #{@tournament.name}", "/tournaments/#{@tournament.id}",:class=>"btn btn-default" %>
|
<%= link_to "Back to #{@tournament.name}", "/tournaments/#{@tournament.id}",:class=>"btn btn-default" %>
|
||||||
<% if can? :manage, @tournament %>
|
<% if can? :manage, @school %>
|
||||||
| <%= link_to "Edit #{@school.name}", edit_school_path(@school),:class=>"btn btn-primary" %>
|
| <%= link_to "Edit #{@school.name}", edit_school_path(@school),:class=>"btn btn-primary" %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
@@ -27,7 +27,7 @@
|
|||||||
|
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
<% if can? :manage, @tournament %>
|
<% if can? :manage, @school %>
|
||||||
<%= link_to "New #{@school.name} Wrestler" , "/wrestlers/new?school=#{@school.id}", :class=>"btn btn-success"%>
|
<%= link_to "New #{@school.name} Wrestler" , "/wrestlers/new?school=#{@school.id}", :class=>"btn btn-success"%>
|
||||||
<% end %>
|
<% end %>
|
||||||
<br>
|
<br>
|
||||||
@@ -66,7 +66,7 @@
|
|||||||
<td><%= wrestler.nextMatchBoutNumber %> <%= wrestler.nextMatchMatName %></td>
|
<td><%= wrestler.nextMatchBoutNumber %> <%= wrestler.nextMatchMatName %></td>
|
||||||
<td>
|
<td>
|
||||||
<%= link_to 'Show', wrestler , :class=>"btn btn-default btn-sm" %>
|
<%= link_to 'Show', wrestler , :class=>"btn btn-default btn-sm" %>
|
||||||
<% if can? :manage, @tournament %>
|
<% if can? :manage, wrestler.school %>
|
||||||
<%= link_to 'Edit', edit_wrestler_path(wrestler),:class=>"btn btn-primary btn-sm" %>
|
<%= link_to 'Edit', edit_wrestler_path(wrestler),:class=>"btn btn-primary btn-sm" %>
|
||||||
<%= link_to 'Destroy', wrestler, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm" %>
|
<%= link_to 'Destroy', wrestler, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm" %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|||||||
@@ -53,8 +53,10 @@
|
|||||||
<tr>
|
<tr>
|
||||||
<td><%= school.name %></td>
|
<td><%= school.name %></td>
|
||||||
<td><%= link_to 'Show', school, :class=>"btn btn-default btn-sm" %>
|
<td><%= link_to 'Show', school, :class=>"btn btn-default btn-sm" %>
|
||||||
<% if can? :manage, @tournament %>
|
<% if can? :manage, school %>
|
||||||
<%= link_to 'Edit', edit_school_path(school), :class=>"btn btn-primary btn-sm" %>
|
<%= link_to 'Edit', edit_school_path(school), :class=>"btn btn-primary btn-sm" %>
|
||||||
|
<% end %>
|
||||||
|
<% if can? :manage, @tournament %>
|
||||||
<%= link_to 'Destroy', school, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm" %>
|
<%= link_to 'Destroy', school, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm" %>
|
||||||
<% end %>
|
<% end %>
|
||||||
</td>
|
</td>
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
<p id="notice"><%= notice %></p>
|
<p id="notice"><%= notice %></p>
|
||||||
|
|
||||||
<%= link_to "Back to #{@school.name}", "/schools/#{@school.id}", :class=>"btn btn-default" %>
|
<%= link_to "Back to #{@school.name}", "/schools/#{@school.id}", :class=>"btn btn-default" %>
|
||||||
<% if can? :manage, @tournament %>
|
<% if can? :manage, @school %>
|
||||||
| <%= link_to "Edit #{@wrestler.name}", edit_wrestler_path(@wrestler), :class=>"btn btn-primary" %>
|
| <%= link_to "Edit #{@wrestler.name}", edit_wrestler_path(@wrestler), :class=>"btn btn-primary" %>
|
||||||
<% end %>
|
<% end %>
|
||||||
<% cache ["wrestlers", @wrestler] do %>
|
<% cache ["wrestlers", @wrestler] do %>
|
||||||
|
|||||||
@@ -40,6 +40,10 @@ class SchoolsControllerTest < ActionController::TestCase
|
|||||||
def sign_in_tournament_delegate
|
def sign_in_tournament_delegate
|
||||||
sign_in users(:three)
|
sign_in users(:three)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def sign_in_school_delegate
|
||||||
|
sign_in users(:four)
|
||||||
|
end
|
||||||
|
|
||||||
def success
|
def success
|
||||||
assert_response :success
|
assert_response :success
|
||||||
@@ -60,6 +64,12 @@ class SchoolsControllerTest < ActionController::TestCase
|
|||||||
get_edit
|
get_edit
|
||||||
success
|
success
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "logged in school delegate should get edit school page" do
|
||||||
|
sign_in_school_delegate
|
||||||
|
get_edit
|
||||||
|
success
|
||||||
|
end
|
||||||
|
|
||||||
test "logged in user should not get edit school page if not owner" do
|
test "logged in user should not get edit school page if not owner" do
|
||||||
sign_in_non_owner
|
sign_in_non_owner
|
||||||
@@ -94,6 +104,12 @@ class SchoolsControllerTest < ActionController::TestCase
|
|||||||
post_update
|
post_update
|
||||||
assert_redirected_to tournament_path(@school.tournament_id)
|
assert_redirected_to tournament_path(@school.tournament_id)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "logged in school delegate should post update school" do
|
||||||
|
sign_in_school_delegate
|
||||||
|
post_update
|
||||||
|
assert_redirected_to tournament_path(@school.tournament_id)
|
||||||
|
end
|
||||||
|
|
||||||
test "logged in tournament owner can create a new school" do
|
test "logged in tournament owner can create a new school" do
|
||||||
sign_in_owner
|
sign_in_owner
|
||||||
@@ -110,6 +126,14 @@ class SchoolsControllerTest < ActionController::TestCase
|
|||||||
create
|
create
|
||||||
assert_redirected_to tournament_path(@school.tournament_id)
|
assert_redirected_to tournament_path(@school.tournament_id)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "logged in school delegate cannot create a new school" do
|
||||||
|
sign_in_school_delegate
|
||||||
|
new
|
||||||
|
redirect
|
||||||
|
create
|
||||||
|
redirect
|
||||||
|
end
|
||||||
|
|
||||||
test "logged in user not tournament owner cannot create a school" do
|
test "logged in user not tournament owner cannot create a school" do
|
||||||
sign_in_non_owner
|
sign_in_non_owner
|
||||||
@@ -130,6 +154,12 @@ class SchoolsControllerTest < ActionController::TestCase
|
|||||||
destroy
|
destroy
|
||||||
assert_redirected_to tournament_path(@tournament.id)
|
assert_redirected_to tournament_path(@tournament.id)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "logged in school delegate can destroy a school" do
|
||||||
|
sign_in_school_delegate
|
||||||
|
destroy
|
||||||
|
redirect
|
||||||
|
end
|
||||||
|
|
||||||
test "logged in user not tournament owner cannot destroy school" do
|
test "logged in user not tournament owner cannot destroy school" do
|
||||||
sign_in_non_owner
|
sign_in_non_owner
|
||||||
|
|||||||
@@ -41,6 +41,10 @@ class WrestlersControllerTest < ActionController::TestCase
|
|||||||
def sign_in_tournament_delegate
|
def sign_in_tournament_delegate
|
||||||
sign_in users(:three)
|
sign_in users(:three)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def sign_in_school_delegate
|
||||||
|
sign_in users(:four)
|
||||||
|
end
|
||||||
|
|
||||||
def success
|
def success
|
||||||
assert_response :success
|
assert_response :success
|
||||||
@@ -61,6 +65,12 @@ class WrestlersControllerTest < ActionController::TestCase
|
|||||||
get_edit
|
get_edit
|
||||||
success
|
success
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "logged in school delegate should get edit wrestler page" do
|
||||||
|
sign_in_school_delegate
|
||||||
|
get_edit
|
||||||
|
success
|
||||||
|
end
|
||||||
|
|
||||||
test "logged in user should not get edit wrestler page if not owner" do
|
test "logged in user should not get edit wrestler page if not owner" do
|
||||||
sign_in_non_owner
|
sign_in_non_owner
|
||||||
@@ -95,6 +105,12 @@ class WrestlersControllerTest < ActionController::TestCase
|
|||||||
post_update
|
post_update
|
||||||
assert_redirected_to school_path(@school.id)
|
assert_redirected_to school_path(@school.id)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "logged in school delegate should post update wrestler" do
|
||||||
|
sign_in_school_delegate
|
||||||
|
post_update
|
||||||
|
assert_redirected_to school_path(@school.id)
|
||||||
|
end
|
||||||
|
|
||||||
test "logged in tournament owner can create a new wrestler" do
|
test "logged in tournament owner can create a new wrestler" do
|
||||||
sign_in_owner
|
sign_in_owner
|
||||||
@@ -111,6 +127,14 @@ class WrestlersControllerTest < ActionController::TestCase
|
|||||||
create
|
create
|
||||||
assert_redirected_to school_path(@school.id)
|
assert_redirected_to school_path(@school.id)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "logged in school delegate can create a new wrestler" do
|
||||||
|
sign_in_school_delegate
|
||||||
|
new
|
||||||
|
success
|
||||||
|
create
|
||||||
|
assert_redirected_to school_path(@school.id)
|
||||||
|
end
|
||||||
|
|
||||||
test "logged in user not tournament owner cannot create a wrestler" do
|
test "logged in user not tournament owner cannot create a wrestler" do
|
||||||
sign_in_non_owner
|
sign_in_non_owner
|
||||||
@@ -131,6 +155,12 @@ class WrestlersControllerTest < ActionController::TestCase
|
|||||||
destroy
|
destroy
|
||||||
assert_redirected_to school_path(@school.id)
|
assert_redirected_to school_path(@school.id)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "logged in school delegate can destroy a wrestler" do
|
||||||
|
sign_in_school_delegate
|
||||||
|
destroy
|
||||||
|
assert_redirected_to school_path(@school.id)
|
||||||
|
end
|
||||||
|
|
||||||
test "logged in user not tournament owner cannot destroy wrestler" do
|
test "logged in user not tournament owner cannot destroy wrestler" do
|
||||||
sign_in_non_owner
|
sign_in_non_owner
|
||||||
|
|||||||
4
test/fixtures/school_delegates.yml
vendored
4
test/fixtures/school_delegates.yml
vendored
@@ -7,3 +7,7 @@
|
|||||||
# two:
|
# two:
|
||||||
# user_id: 1
|
# user_id: 1
|
||||||
# school_id: 1
|
# school_id: 1
|
||||||
|
|
||||||
|
one:
|
||||||
|
user_id: 4
|
||||||
|
school_id: 1
|
||||||
4
test/fixtures/users.yml
vendored
4
test/fixtures/users.yml
vendored
@@ -19,3 +19,7 @@ two:
|
|||||||
three:
|
three:
|
||||||
email: test3@test.com
|
email: test3@test.com
|
||||||
id: 3
|
id: 3
|
||||||
|
|
||||||
|
four:
|
||||||
|
email: test4@test.com
|
||||||
|
id: 4
|
||||||
|
|||||||
Reference in New Issue
Block a user