Added a feature to generate uuid links for coaches to submit their school lineups.

app/models/ability.rb

@@ -1,95 +1,74 @@
 class Ability
   include CanCan::Ability
 
-  def initialize(user)
-    # Define abilities for the passed in user here. For example:
-    #
-    #   user ||= User.new # guest user (not logged in)
-    #   if user.admin?
-    #     can :manage, :all
-    #   else
-    #     can :read, :all
-    #   end
-    #
-    # The first argument to `can` is the action you are giving the user
-    # permission to do.
-    # If you pass :manage it will apply to every action. Other common actions
-    # here are :read, :create, :update and :destroy.
-    #
-    # The second argument is the resource the user can perform the action on.
-    # If you pass :all it will apply to every resource. Otherwise pass a Ruby
-    # class of the resource.
-    #
-    # The third argument is an optional hash of conditions to further filter the
-    # objects.
-    # For example, here the user can only update published articles.
-    #
-    #   can :update, Article, :published => true
-    #
-    # See the wiki for details:
-    # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
-    if !user.nil?
-      #Can manage tournament if tournament owner
-      can :manage, Tournament, :user_id => user.id
-      #Can manage but cannot destroy tournament if tournament delegate
+  def initialize(user, school_permission_key = nil)
+    if user
+      # LOGGED IN USER PERMISSIONS
+      
+      # TOURNAMENT PERMISSIONS
+
+      # Can manage but cannot destroy tournament if tournament delegate
       can :manage, Tournament do |tournament|
-        tournament.delegates.map(&:user_id).include? user.id
+        tournament.user_id == user.id ||
+        tournament.delegates.map(&:user_id).include?(user.id)
       end
+
+      # can destroy tournament if tournament owner
+      can :destroy, Tournament do |tournament|
+        tournament.user_id == user.id
+      end
+      # tournament delegates cannot destroy - explicitly deny
       cannot :destroy, Tournament do |tournament|
-        tournament.delegates.map(&:user_id).include? user.id
+        tournament.delegates.map(&:user_id).include?(user.id)
       end
-      # Can read tournament if tournament owner or tournament delegate
+
+      # Can read tournament if tournament.is_public, tournament owner, or tournament delegate
       can :read, Tournament do |tournament|
-        if tournament.is_public
-          true
-        elsif tournament.delegates.map(&:user_id).include? user.id or tournament.user_id == user.id
-          true
-        else
-          false
-        end
+        tournament.is_public ||
+        tournament.delegates.map(&:user_id).include?(user.id) ||
+        tournament.user_id == user.id
       end
-      #Can manage school if tournament owner
+
+      # SCHOOL PERMISSIONS
+      # wrestler permissions are included with school permissions
+
+      # Can manage school if is school delegate, is tournament delegate, or is tournament director
       can :manage, School do |school|
+        school.delegates.map(&:user_id).include?(user.id) ||
+        school.tournament.delegates.map(&:user_id).include?(user.id) ||
         school.tournament.user_id == user.id
       end
-      #Can manage school if tournament delegate
-      can :manage, School do |school|
-        school.tournament.delegates.map(&:user_id).include? user.id
-      end
-      #Can manage but cannot destroy school if school delegate
-      can :manage, School do |school|
-        school.delegates.map(&:user_id).include? user.id
-      end
-      cannot :destroy, School do |school|
-        school.delegates.map(&:user_id).include? user.id
-      end
-      # Can read school if school delegate, tournament delegate, or tournament director
+
+      # Can read school if tournament.is_public OR is school delegate, is tournament delegate, or is tournament director
       can :read, School do |school|
-        if school.tournament.is_public
-          true
-        elsif school.delegates.map(&:user_id).include? user.id or school.tournament.delegates.map(&:user_id).include? user.id or school.tournament.user_id == user.id
-          true
-        else
-          false
-        end
+        school.tournament.is_public ||
+        school.delegates.map(&:user_id).include?(user.id) ||
+        school.tournament.delegates.map(&:user_id).include?(user.id) ||
+        school.tournament.user_id == user.id
       end
-    # Default for non logged in users
     else
+      # NON LOGGED IN USER PERMISSIONS
+
+      # TOURNAMENT PERMISSIONS
+
       # Can read tournament if tournament is public
       can :read, Tournament do |tournament|
-        if tournament.is_public
-          true
-        else
-          false
-        end
+        tournament.is_public
       end
-      # Can read school if tournament is public
+
+      # SCHOOL PERMISSIONS
+      # wrestler permissions are included with school permissions 
+
+      # Can read school if tournament is public or a valid school permission key is provided
       can :read, School do |school|
-        if school.tournament.is_public
-          true
-        else
-          false
-        end
+        school.tournament.is_public ||
+        (school_permission_key.present? && school.permission_key == school_permission_key)
+      end
+
+      # Can read school if a valid school permission key is provided
+      # school_permission_key comes from app/controllers/application_controller.rb
+      can :manage, School do |school|
+        (school_permission_key.present? && school.permission_key == school_permission_key)
       end
     end
   end