Added a feature to generate uuid links for coaches to submit their school lineups.

app/controllers/wrestlers_controller.rb

@@ -1,9 +1,7 @@
 class WrestlersController < ApplicationController
   before_action :set_wrestler, only: [:show, :edit, :update, :destroy, :update_pool]
-  before_action :check_access, only: [:new,:create,:update,:destroy,:edit,:update_pool]
-
-
-
+  before_action :check_access, only: [:new, :create, :update, :destroy, :edit, :update_pool]
+  before_action :check_read_access, only: [:show]
 
   # GET /wrestlers/1
   # GET /wrestlers/1.json
@@ -16,133 +14,145 @@ class WrestlersController < ApplicationController
   # GET /wrestlers/new
   def new
     @wrestler = Wrestler.new
-    if params[:school]
-      @school = School.find(params[:school])
-    end
-    if @school
-      @tournament = Tournament.find(@school.tournament_id)
-    end
-    if @tournament
-      @weights = Weight.where(tournament_id: @tournament.id).sort_by{|w| w.max}
-    end
-
+    @school = School.find_by(id: params[:school]) if params[:school]
+    # Save the key into an instance variable so the view can use it.
+    @school_permission_key = params[:school_permission_key].presence
+    @tournament = @school.tournament if @school
+    @weights = @tournament.weights.sort_by(&:max) if @tournament
   end
 
   # GET /wrestlers/1/edit
   def edit
     @tournament = @wrestler.tournament
     @weight = @wrestler.weight
-    @weights = @school.tournament.weights.sort_by{|w| w.max}
     @school = @wrestler.school
+    @weights = @school.tournament.weights.sort_by(&:max)
   end
 
   # POST /wrestlers
-  # POST /wrestlers.json
   def create
-    @wrestler = Wrestler.new(wrestler_params)
-    @school = School.find(wrestler_params[:school_id])
-    @weights = @school.tournament.weights
+    @school = School.find_by(id: wrestler_params[:school_id])
+    # IMPORTANT: Get the key from wrestler_params (not from params directly)
+    @school_permission_key = wrestler_params[:school_permission_key].presence
+    @weights = @school.tournament.weights if @school
+
+    # Remove the key from attributes so it isn’t assigned to the model.
+    @wrestler = Wrestler.new(wrestler_params.except(:school_permission_key))
+
     respond_to do |format|
       if @wrestler.save
-        if session[:return_path]
-          format.html { redirect_to session.delete(:return_path), notice: 'Wrestler was successfully created.' }
-        else
-          format.html { redirect_to @school, notice: 'Wrestler was successfully created.' }
-          format.json { render action: 'show', status: :created, location: @wrestler }
-        end
+        redirect_path = session[:return_path] || school_path(@school)
+        format.html { redirect_to append_permission_key(redirect_path), notice: 'Wrestler was successfully created.' }
+        format.json { render :show, status: :created, location: @wrestler }
       else
-        format.html { render action: 'new' }
+        format.html { render :new }
         format.json { render json: @wrestler.errors, status: :unprocessable_entity }
       end
     end
-  end
+  end  
 
   # PATCH/PUT /wrestlers/1
-  # PATCH/PUT /wrestlers/1.json
   def update
     @tournament = @wrestler.tournament
     @weight = @wrestler.weight
-    @weights = @tournament.weights.sort_by{|w| w.max}
     @school = @wrestler.school
+    @weights = @tournament.weights.sort_by(&:max)
+
     respond_to do |format|
-      if @wrestler.update(wrestler_params)
-        if session[:return_path]
-          format.html { redirect_to session.delete(:return_path), notice: 'Wrestler was successfully updated.' }
-        else
-          format.html { redirect_to @school, notice: 'Wrestler was successfully updated.' }
-          format.json { render action: 'show', status: :created, location: @wrestler }
-        end
+      if @wrestler.update(wrestler_params.except(:school_permission_key))
+        redirect_path = session[:return_path] || school_path(@school)
+        format.html { redirect_to append_permission_key(redirect_path), notice: 'Wrestler was successfully updated.' }
+        format.json { render :show, status: :ok, location: @wrestler }
       else
-        format.html { render action: 'edit' }
+        format.html { render :edit }
         format.json { render json: @wrestler.errors, status: :unprocessable_entity }
       end
     end
-  end
-
-  def update_pool
-    @tournament = @wrestler.tournament
-    @weight = @wrestler.weight
-    @weights = @tournament.weights.sort_by{|w| w.max}
-    @school = @wrestler.school
-    if params[:wrestler]['pool']
-      @wrestler.pool = params[:wrestler]['pool']
-      respond_to do |format|
-        message = "Wrestler has successfully been switched to a new pool. Matches for that weight are now in a weird state. Please re-generate matches when you are done with all of your changes."
-        if @wrestler.update(wrestler_params)
-          format.html { redirect_to "/tournaments/#{@tournament.id}/brackets/#{@wrestler.weight.id}/", notice: message }
-          format.json { head :no_content }
-        else
-          format.html { render action: 'edit' }
-          format.json { render json: @wrestler.errors, status: :unprocessable_entity }
-        end
-      end
-    end
-  end
+  end  
 
   # DELETE /wrestlers/1
-  # DELETE /wrestlers/1.json
   def destroy
     @school = @wrestler.school
     @wrestler.destroy
+    message = "Wrestler was successfully deleted. This action has removed all matches. Please re-generate matches if you already had matches."
+
     respond_to do |format|
-      message = "Wrestler was successfully deleted. This action has removed all matches. Please re-generate matches if you already had matches."
-      if session[:return_path]
-        format.html { redirect_to session.delete(:return_path), notice: message }
-      else
-        format.html { redirect_to @school, notice: message }
-        format.json { head :no_content }
-      end
+      redirect_path = session[:return_path] || school_path(@school)
+      format.html { redirect_to append_permission_key(redirect_path), notice: message }
+      format.json { head :no_content }
     end
   end
 
   private
-    # Use callbacks to share common setup or constraints between actions.
-    def set_wrestler
-      @wrestler = Wrestler.where(:id => params[:id]).includes(:school, :weight, :tournament, :matches).first
+
+  def set_wrestler
+    @wrestler = Wrestler.includes(:school, :weight, :tournament, :matches).find_by(id: params[:id])
+  end
+
+  def wrestler_params
+    params.require(:wrestler).permit(:name, :school_id, :weight_id, :seed, :original_seed, :season_win, 
+                                     :season_loss, :criteria, :extra, :offical_weight, :pool, :school_permission_key)
+  end  
+
+  def check_access
+    if params[:school].present?
+       @school = School.find(params[:school])
+       #@tournament = Tournament.find(@school.tournament.id)
+    elsif params[:wrestler].present?
+      if params[:wrestler]["school_id"].present?
+           @school = School.find(params[:wrestler]["school_id"])
+           if wrestler_params[:school_permission_key].present?
+             @school_permission_key = wrestler_params[:school_permission_key]
+           end
+      else
+          @wrestler = Wrestler.find(params[:wrestler]["id"])
+          @school = @wrestler.school
+      end
+    elsif @wrestler
+       @school = @wrestler.school
     end
 
-    # Never trust parameters from the scary internet, only allow the white list through.
-    def wrestler_params
-      params.require(:wrestler).permit(:name, :school_id, :weight_id, :seed, :original_seed, :season_win, :season_loss,:criteria,:extra,:offical_weight,:pool)
+    # set @school_permission_key for use in ability
+    if params[:school_permission_key].present?
+      @school_permission_key = params[:school_permission_key]
     end
-    def check_access
-    	if params[:school]
-    	   @school = School.find(params[:school])
-    	   #@tournament = Tournament.find(@school.tournament.id)
-    	elsif params[:wrestler]
-        if params[:wrestler]["school_id"]
-             @school = School.find(params[:wrestler]["school_id"])
-        else
-            @wrestler = Wrestler.find(params[:wrestler]["id"])
-            @school = @wrestler.school
-        end
-    	   #@tournament = Tournament.find(@school.tournament.id)
-    	elsif @wrestler
-    	   @school = @wrestler.school
-    	   #@tournament = @wrestler.tournament
-    	elsif wrestler_params
-    	   @school = School.find(wrestler_params[:school_id])
-    	end
-    	authorize! :manage, @school
+    authorize! :manage, @school
+  end  
+
+  def check_read_access
+    if params[:school]
+      @school = School.find(params[:school])
+    elsif params[:wrestler].present?
+      if params[:wrestler]["school_id"].present?
+            @school = School.find(params[:wrestler]["school_id"])
+      else
+          @wrestler = Wrestler.find(params[:wrestler]["id"])
+          @school = @wrestler.school
+      end
+      if wrestler_params[:school_permission_key].present?
+          @school_permission_key = wrestler_params[:school_permission_key]
+      end
+   elsif @wrestler
+      @school = @wrestler.school
     end
+
+    # set @school_permission_key for use in ability
+    if params[:school_permission_key].present?
+      @school_permission_key = params[:school_permission_key]
+    end
+    authorize! :read, @school
+  end
+
+  # Helper method to append school_permission_key to redirects if it exists.
+  def append_permission_key(path)
+    return path unless @school_permission_key.present?
+
+    # If path is an ActiveRecord object, convert to URL.
+    path = school_path(path) if path.is_a?(School)
+    uri = URI.parse(path)
+    query_params = Rack::Utils.parse_nested_query(uri.query || "")
+    query_params["school_permission_key"] = @school_permission_key
+    uri.query = query_params.to_query
+    uri.to_s
+  end  
 end