diff --git a/app/controllers/mats_controller.rb b/app/controllers/mats_controller.rb index 5165910..b1880f6 100644 --- a/app/controllers/mats_controller.rb +++ b/app/controllers/mats_controller.rb @@ -1,6 +1,6 @@ class MatsController < ApplicationController before_action :set_mat, only: [:show, :edit, :update, :destroy] - before_filter :check_access, only: [:new,:create,:update,:destroy] + before_filter :check_access, only: [:new,:create,:update,:destroy,:edit] # GET /mats/1 # GET /mats/1.json @@ -76,12 +76,15 @@ class MatsController < ApplicationController def check_access if params[:tournament] - @tournament = params[:tournament] - else + @tournament = Tournament.find(params[:tournament]) + elsif params[:mat] + @mat = Mat.new(mat_params) + @tournament = Tournament.find(@mat.tournament_id) + elsif @mat @tournament = @mat.tournament end if current_user != @tournament.user - redirect_to root_path + redirect_to '/static_pages/not_allowed' end end end diff --git a/app/controllers/schools_controller.rb b/app/controllers/schools_controller.rb index 91903e1..9a4d942 100644 --- a/app/controllers/schools_controller.rb +++ b/app/controllers/schools_controller.rb @@ -80,12 +80,15 @@ class SchoolsController < ApplicationController def check_access if params[:tournament] - @tournament = params[:tournament] - else + @tournament = Tournament.find(params[:tournament]) + elsif params[:school] + @school = School.new(school_params) + @tournament = Tournament.find(@school.tournament_id) + elsif @school @tournament = @school.tournament end if current_user != @tournament.user - redirect_to root_path + redirect_to '/static_pages/not_allowed' end end diff --git a/app/controllers/weights_controller.rb b/app/controllers/weights_controller.rb index e80ffc0..513c83a 100644 --- a/app/controllers/weights_controller.rb +++ b/app/controllers/weights_controller.rb @@ -1,6 +1,6 @@ class WeightsController < ApplicationController before_action :set_weight, only: [:show, :edit, :update, :destroy] - before_filter :check_access, only: [:new,:create,:update,:destroy] + before_filter :check_access, only: [:new,:create,:update,:destroy,:edit] # GET /weights/1 @@ -91,15 +91,19 @@ class WeightsController < ApplicationController def weight_params params.require(:weight).permit(:max, :tournament_id, :mat_id) end - def check_access + def check_access if params[:tournament] - @tournament = params[:tournament] - else + @tournament = Tournament.find(params[:tournament]) + elsif params[:weight] + @weight = Weight.new(weight_params) + @tournament = Tournament.find(@weight.tournament_id) + elsif @weight @tournament = @weight.tournament end if current_user != @tournament.user - redirect_to root_path + redirect_to '/static_pages/not_allowed' end end + end diff --git a/app/controllers/wrestlers_controller.rb b/app/controllers/wrestlers_controller.rb index 1bb39cd..4c0d227 100644 --- a/app/controllers/wrestlers_controller.rb +++ b/app/controllers/wrestlers_controller.rb @@ -1,6 +1,6 @@ class WrestlersController < ApplicationController before_action :set_wrestler, only: [:show, :edit, :update, :destroy] - before_filter :check_access, only: [:new,:create,:update,:destroy] + before_filter :check_access, only: [:new,:create,:update,:destroy,:edit] # GET /wrestlers/1 @@ -39,9 +39,6 @@ class WrestlersController < ApplicationController # POST /wrestlers.json def create @wrestler = Wrestler.new(wrestler_params) - if current_user != @wrestler.tournament.user - redirect_to root_path - end @school = School.find(wrestler_params[:school_id]) respond_to do |format| if @wrestler.save @@ -57,9 +54,6 @@ class WrestlersController < ApplicationController # PATCH/PUT /wrestlers/1 # PATCH/PUT /wrestlers/1.json def update - if current_user != @wrestler.tournament.user - redirect_to root_path - end @school = School.find(@wrestler.school_id) respond_to do |format| if @wrestler.update(wrestler_params) @@ -75,9 +69,6 @@ class WrestlersController < ApplicationController # DELETE /wrestlers/1 # DELETE /wrestlers/1.json def destroy - if current_user != @wrestler.tournament.user - redirect_to root_path - end @school = School.find(@wrestler.school_id) @wrestler.destroy respond_to do |format| @@ -97,14 +88,18 @@ class WrestlersController < ApplicationController params.require(:wrestler).permit(:name, :school_id, :weight_id, :seed, :original_seed, :season_win, :season_loss,:criteria,:extra,:offical_weight) end def check_access - if params[:tournament] - @tournament = params[:tournament] - else + if params[:school] + @school = School.find(params[:school]) + @tournament = Tournament.find(@school.tournament.id) + elsif params[:wrestler] + @wrestler = Wrestler.new(wrestler_params) + @school = School.find(@wrestler.school_id) + @tournament = Tournament.find(@school.tournament.id) + elsif @wrestler @tournament = @wrestler.tournament end if current_user != @tournament.user - redirect_to root_path + redirect_to '/static_pages/not_allowed' end end - end diff --git a/test/controllers/mats_controller_test.rb b/test/controllers/mats_controller_test.rb index 3c5346a..d67b2f5 100644 --- a/test/controllers/mats_controller_test.rb +++ b/test/controllers/mats_controller_test.rb @@ -1,11 +1,109 @@ require 'test_helper' class MatsControllerTest < ActionController::TestCase - # setup do - # @mat = mats(:one) - # end + include Devise::TestHelpers - test "the truth" do - assert true - end + setup do + @tournament = Tournament.find(1) + @tournament.generateMatchups + @mat = mats(:one) + end + + def create + post :create, mat: {name: 'Mat100', tournament_id: 1} + end + + def new + get :new, tournament: @tournament.id + end + + def post_update + patch :update, id: @mat.id, mat: {name: @mat.name, tournament_id: @mat.tournament_id} + end + + def destroy + delete :destroy, id: @mat.id + end + + def get_edit + get :edit, id: @mat.id + end + + def sign_in_owner + sign_in users(:one) + end + + def sign_in_non_owner + sign_in users(:two) + end + + def success + assert_response :success + end + + def redirect + assert_redirected_to '/static_pages/not_allowed' + end + + test "logged in tournament owner should get edit mat page" do + sign_in_owner + get_edit + success + end + + test "logged in user should not get edit mat page if not owner" do + sign_in_non_owner + get_edit + redirect + end + + test "non logged in user should not get edit mat page" do + get_edit + redirect + end + + test "non logged in user should get post update mat" do + post_update + redirect + end + + test "logged in user should not post update mat if not owner" do + sign_in_non_owner + post_update + redirect + end + + test "logged in tournament owner should post update mat" do + sign_in_owner + post_update + assert_redirected_to tournament_path(@mat.tournament_id) + end + + test "logged in tournament owner can create a new mat" do + sign_in_owner + new + success + create + assert_redirected_to tournament_path(@mat.tournament_id) + end + + test "logged in user not tournament owner cannot create a mat" do + sign_in_non_owner + new + redirect + create + redirect + end + + test "logged in tournament owner can destroy a mat" do + sign_in_owner + destroy + assert_redirected_to tournament_path(@tournament.id) + end + + test "logged in user not tournament owner cannot destroy mat" do + sign_in_non_owner + destroy + redirect + end end diff --git a/test/controllers/schools_controller_test.rb b/test/controllers/schools_controller_test.rb index ac8a1cb..d64f79c 100644 --- a/test/controllers/schools_controller_test.rb +++ b/test/controllers/schools_controller_test.rb @@ -1,11 +1,110 @@ require 'test_helper' class SchoolsControllerTest < ActionController::TestCase - # setup do - # @school = schools(:one) - # end + include Devise::TestHelpers + + setup do + @tournament = Tournament.find(1) + @tournament.generateMatchups + @school = @tournament.schools.first + end + + def create + post :create, school: {name: 'Testaasdf', tournament_id: 1} + end + + def new + get :new, tournament: @tournament.id + end + + def post_update + patch :update, id: @school.id, school: {name: @school.name, tournament_id: @school.tournament_id} + end + + def destroy + delete :destroy, id: @school.id + end + + def get_edit + get :edit, id: @school.id + end + + def sign_in_owner + sign_in users(:one) + end + + def sign_in_non_owner + sign_in users(:two) + end + + def success + assert_response :success + end + + def redirect + assert_redirected_to '/static_pages/not_allowed' + end + + test "logged in tournament owner should get edit school page" do + sign_in_owner + get_edit + success + end + + test "logged in user should not get edit school page if not owner" do + sign_in_non_owner + get_edit + redirect + end + + test "non logged in user should not get edit school page" do + get_edit + redirect + end + + test "non logged in user should get post update school" do + post_update + redirect + end + + test "logged in user should not post update school if not owner" do + sign_in_non_owner + post_update + redirect + end + + test "logged in tournament owner should post update school" do + sign_in_owner + post_update + assert_redirected_to tournament_path(@school.tournament_id) + end + + test "logged in tournament owner can create a new school" do + sign_in_owner + new + success + create + assert_redirected_to tournament_path(@school.tournament_id) + end + + test "logged in user not tournament owner cannot create a school" do + sign_in_non_owner + new + redirect + create + redirect + end + + test "logged in tournament owner can destroy a school" do + sign_in_owner + destroy + assert_redirected_to tournament_path(@tournament.id) + end + + test "logged in user not tournament owner cannot destroy school" do + sign_in_non_owner + destroy + redirect + end - test "the truth" do - assert true - end end diff --git a/test/controllers/weights_controller_test.rb b/test/controllers/weights_controller_test.rb index d8cb46f..dbb80cc 100644 --- a/test/controllers/weights_controller_test.rb +++ b/test/controllers/weights_controller_test.rb @@ -1,11 +1,111 @@ require 'test_helper' class WeightsControllerTest < ActionController::TestCase - # setup do - # @weight = weights(:one) - # end + include Devise::TestHelpers + + setup do + @tournament = Tournament.find(1) + @tournament.generateMatchups + @weight = @tournament.weights.first + end + + def create + post :create, weight: {max: 60000, tournament_id: 1} + end + + def new + get :new, tournament: @tournament.id + end + + def post_update + patch :update, id: @weight.id, weight: {name: @weight.max, tournament_id: @weight.tournament_id} + end + + def destroy + delete :destroy, id: @weight.id + end + + def get_edit + get :edit, id: @weight.id + end + + def sign_in_owner + sign_in users(:one) + end + + def sign_in_non_owner + sign_in users(:two) + end + + def success + assert_response :success + end + + def redirect + assert_redirected_to '/static_pages/not_allowed' + end + + test "logged in tournament owner should get edit weight page" do + sign_in_owner + get_edit + success + end + + test "logged in user should not get edit weight page if not owner" do + sign_in_non_owner + get_edit + redirect + end + + test "non logged in user should not get edit weight page" do + get_edit + redirect + end + + test "non logged in user should get post update weight" do + post_update + redirect + end + + test "logged in user should not post update weight if not owner" do + sign_in_non_owner + post_update + redirect + end + + test "logged in tournament owner should post update weight" do + sign_in_owner + post_update + assert_redirected_to tournament_path(@weight.tournament_id) + end + + test "logged in tournament owner can create a new weight" do + sign_in_owner + new + success + create + assert_redirected_to tournament_path(@weight.tournament_id) + end + + test "logged in user not tournament owner cannot create a weight" do + sign_in_non_owner + new + redirect + create + redirect + end + + test "logged in tournament owner can destroy a weight" do + sign_in_owner + destroy + assert_redirected_to tournament_path(@tournament.id) + end + + test "logged in user not tournament owner cannot destroy weight" do + sign_in_non_owner + destroy + redirect + end + - test "the truth" do - assert true - end end diff --git a/test/controllers/wrestlers_controller_test.rb b/test/controllers/wrestlers_controller_test.rb index 30c068e..73f6200 100644 --- a/test/controllers/wrestlers_controller_test.rb +++ b/test/controllers/wrestlers_controller_test.rb @@ -1,11 +1,113 @@ require 'test_helper' class WrestlersControllerTest < ActionController::TestCase - # setup do - # @wrestler = wrestlers(:one) - # end + include Devise::TestHelpers + + setup do + @tournament = Tournament.find(1) + @tournament.generateMatchups + @school = @tournament.schools.first + @wrestler = @school.wrestlers.first + end + + def create + post :create, wrestler: {name: 'Testaasdf', weight_id: 1, school_id: 1} + end + + def new + get :new, school: @wrestler.school.id + end + + def post_update + patch :update, id: @wrestler.id, wrestler: {name: @wrestler.name, weight_id: 1, school_id: 1} + end + + def destroy + delete :destroy, id: @wrestler.id + end + + def get_edit + get :edit, id: @wrestler.id + end + + def sign_in_owner + sign_in users(:one) + end + + def sign_in_non_owner + sign_in users(:two) + end + + def success + assert_response :success + end + + def redirect + assert_redirected_to '/static_pages/not_allowed' + end + + test "logged in tournament owner should get edit wrestler page" do + sign_in_owner + get_edit + success + end + + test "logged in user should not get edit wrestler page if not owner" do + sign_in_non_owner + get_edit + redirect + end + + test "non logged in user should not get edit wrestler page" do + get_edit + redirect + end + + test "non logged in user should get post update wrestler" do + post_update + redirect + end + + test "logged in user should not post update wrestler if not owner" do + sign_in_non_owner + post_update + redirect + end + + test "logged in tournament owner should post update wrestler" do + sign_in_owner + post_update + assert_redirected_to school_path(@school.id) + end + + test "logged in tournament owner can create a new wrestler" do + sign_in_owner + new + success + create + assert_redirected_to school_path(@school.id) + end + + test "logged in user not tournament owner cannot create a wrestler" do + sign_in_non_owner + new + redirect + create + redirect + end + + test "logged in tournament owner can destroy a wrestler" do + sign_in_owner + destroy + assert_redirected_to school_path(@school.id) + end + + test "logged in user not tournament owner cannot destroy wrestler" do + sign_in_non_owner + destroy + redirect + end + + - test "the truth" do - assert true - end end diff --git a/test/fixtures/mats.yml b/test/fixtures/mats.yml index dbb97d2..f398820 100644 --- a/test/fixtures/mats.yml +++ b/test/fixtures/mats.yml @@ -9,4 +9,5 @@ # tournament_id: 1 one: name: Mat1 - tournament_id: 1 \ No newline at end of file + tournament_id: 1 + id: 1