cody/wrestlingdev.com
1
0
Fork 0
mirror of https://github.com/jcwimer/wrestlingApp synced 2026-03-25 01:14:43 +00:00
Code Issues Releases Wiki Activity

Added a feature to generate uuid links for coaches to submit their school lineups.

Browse Source
This commit is contained in:
Jacob Cody Wimer
2025-02-18 16:39:10 -05:00
parent 934b34d0b7
commit 91e1939e69
20 changed files with 725 additions and 272 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/controllers/application_controller.rb
View File

@@ -10,14 +10,19 @@ class ApplicationController < ActionController::Base
end end
rescue_from CanCan::AccessDenied do |exception| rescue_from CanCan::AccessDenied do |exception|
# flash[:error] = "Access denied!"
redirect_to '/static_pages/not_allowed' redirect_to '/static_pages/not_allowed'
end end
protected protected
# In Rails 4.2 and above # In Rails 4.2 and above
def verified_request? def verified_request?
super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN']) super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN'])
end end
# Override current_ability to pass school_permission_key
# @school_permission_key needs to be defined on the controller
def current_ability
@current_ability ||= Ability.new(current_user, @school_permission_key)
end
end end

25
app/controllers/schools_controller.rb
View File

@@ -2,7 +2,7 @@ class SchoolsController < ApplicationController
before_action :set_school, only: [:import_baumspage_roster, :show, :edit, :update, :destroy, :stats] before_action :set_school, only: [:import_baumspage_roster, :show, :edit, :update, :destroy, :stats]
before_action :check_access_director, only: [:new,:create,:destroy] before_action :check_access_director, only: [:new,:create,:destroy]
before_action :check_access_delegate, only: [:import_baumspage_roster, :update,:edit] before_action :check_access_delegate, only: [:import_baumspage_roster, :update,:edit]
before_action :check_read_access, only: [:show] before_action :check_read_access, only: [:show, :stats]
def stats def stats
@tournament = @school.tournament @tournament = @school.tournament
@@ -93,24 +93,37 @@ class SchoolsController < ApplicationController
end end
def check_access_director def check_access_director
if params[:tournament] if params[:tournament].present?
@tournament = Tournament.find(params[:tournament]) @tournament = Tournament.find(params[:tournament])
elsif params[:school] elsif params[:school].present?
@tournament = Tournament.find(params[:school]["tournament_id"]) @tournament = Tournament.find(params[:school]["tournament_id"])
elsif @school elsif @school
@tournament = @school.tournament @tournament = @school.tournament
elsif school_params
@tournament = Tournament.find(school_params[:tournament_id])
end end
authorize! :manage, @tournament authorize! :manage, @tournament
end end
def check_access_delegate def check_access_delegate
if params[:school].present?
if school_params[:school_permission_key].present?
@school_permission_key = params[:school_permission_key]
end
end
if params[:school_permission_key].present?
@school_permission_key = params[:school_permission_key]
end
authorize! :manage, @school authorize! :manage, @school
end end
def check_read_access def check_read_access
# set @school_permission_key for use in ability
if params[:school_permission_key].present?
@school_permission_key = params[:school_permission_key]
end
authorize! :read, @school authorize! :read, @school
end end
end end

16
app/controllers/tournaments_controller.rb
View File

@@ -1,6 +1,6 @@
class TournamentsController < ApplicationController class TournamentsController < ApplicationController
before_action :set_tournament, only: [:reset_bout_board,:calculate_team_scores,:bout_sheets,:swap,:weigh_in_sheet,:error,:teampointadjust,:remove_teampointadjust,:remove_school_delegate,:remove_delegate,:school_delegate,:delegate,:matches,:weigh_in,:weigh_in_weight,:create_custom_weights,:show,:edit,:update,:destroy,:up_matches,:no_matches,:team_scores,:brackets,:generate_matches,:bracket,:all_brackets] before_action :set_tournament, only: [:delete_school_keys, :generate_school_keys,:reset_bout_board,:calculate_team_scores,:bout_sheets,:swap,:weigh_in_sheet,:error,:teampointadjust,:remove_teampointadjust,:remove_school_delegate,:remove_delegate,:school_delegate,:delegate,:matches,:weigh_in,:weigh_in_weight,:create_custom_weights,:show,:edit,:update,:destroy,:up_matches,:no_matches,:team_scores,:brackets,:generate_matches,:bracket,:all_brackets]
before_action :check_access_manage, only: [:reset_bout_board,:calculate_team_scores,:swap,:weigh_in_sheet,:teampointadjust,:remove_teampointadjust,:remove_school_delegate,:school_delegate,:weigh_in,:weigh_in_weight,:create_custom_weights,:update,:edit,:generate_matches,:matches] before_action :check_access_manage, only: [:delete_school_keys, :generate_school_keys,:reset_bout_board,:calculate_team_scores,:swap,:weigh_in_sheet,:teampointadjust,:remove_teampointadjust,:remove_school_delegate,:school_delegate,:weigh_in,:weigh_in_weight,:create_custom_weights,:update,:edit,:generate_matches,:matches]
before_action :check_access_destroy, only: [:destroy,:delegate,:remove_delegate] before_action :check_access_destroy, only: [:destroy,:delegate,:remove_delegate]
before_action :check_tournament_errors, only: [:generate_matches] before_action :check_tournament_errors, only: [:generate_matches]
before_action :check_for_matches, only: [:up_matches,:bracket,:all_brackets] before_action :check_for_matches, only: [:up_matches,:bracket,:all_brackets]
@@ -281,6 +281,18 @@ class TournamentsController < ApplicationController
redirect_to tournament_path(@tournament), notice: "Successfully reset the bout board." redirect_to tournament_path(@tournament), notice: "Successfully reset the bout board."
end end
def generate_school_keys
@tournament.schools.each do |school|
school.update(permission_key: SecureRandom.uuid)
end
redirect_to school_delegate_path(@tournament), notice: "School permission keys generated successfully."
end
def delete_school_keys
@tournament.schools.update_all(permission_key: nil)
redirect_to school_delegate_path(@tournament), notice: "All school permission keys have been deleted."
end
private private
# Use callbacks to share common setup or constraints between actions. # Use callbacks to share common setup or constraints between actions.
def set_tournament def set_tournament

192
app/controllers/wrestlers_controller.rb
View File

@@ -1,9 +1,7 @@
class WrestlersController < ApplicationController class WrestlersController < ApplicationController
before_action :set_wrestler, only: [:show, :edit, :update, :destroy, :update_pool] before_action :set_wrestler, only: [:show, :edit, :update, :destroy, :update_pool]
before_action :check_access, only: [:new,:create,:update,:destroy,:edit,:update_pool] before_action :check_access, only: [:new, :create, :update, :destroy, :edit, :update_pool]
before_action :check_read_access, only: [:show]
# GET /wrestlers/1 # GET /wrestlers/1
# GET /wrestlers/1.json # GET /wrestlers/1.json
@@ -16,133 +14,145 @@ class WrestlersController < ApplicationController
# GET /wrestlers/new # GET /wrestlers/new
def new def new
@wrestler = Wrestler.new @wrestler = Wrestler.new
if params[:school] @school = School.find_by(id: params[:school]) if params[:school]
@school = School.find(params[:school]) # Save the key into an instance variable so the view can use it.
end @school_permission_key = params[:school_permission_key].presence
if @school @tournament = @school.tournament if @school
@tournament = Tournament.find(@school.tournament_id) @weights = @tournament.weights.sort_by(&:max) if @tournament
end
if @tournament
@weights = Weight.where(tournament_id: @tournament.id).sort_by{|w| w.max}
end
end end
# GET /wrestlers/1/edit # GET /wrestlers/1/edit
def edit def edit
@tournament = @wrestler.tournament @tournament = @wrestler.tournament
@weight = @wrestler.weight @weight = @wrestler.weight
@weights = @school.tournament.weights.sort_by{|w| w.max}
@school = @wrestler.school @school = @wrestler.school
@weights = @school.tournament.weights.sort_by(&:max)
end end
# POST /wrestlers # POST /wrestlers
# POST /wrestlers.json
def create def create
@wrestler = Wrestler.new(wrestler_params) @school = School.find_by(id: wrestler_params[:school_id])
@school = School.find(wrestler_params[:school_id]) # IMPORTANT: Get the key from wrestler_params (not from params directly)
@weights = @school.tournament.weights @school_permission_key = wrestler_params[:school_permission_key].presence
@weights = @school.tournament.weights if @school
# Remove the key from attributes so it isnt assigned to the model.
@wrestler = Wrestler.new(wrestler_params.except(:school_permission_key))
respond_to do |format| respond_to do |format|
if @wrestler.save if @wrestler.save
if session[:return_path] redirect_path = session[:return_path] || school_path(@school)
format.html { redirect_to session.delete(:return_path), notice: 'Wrestler was successfully created.' } format.html { redirect_to append_permission_key(redirect_path), notice: 'Wrestler was successfully created.' }
else format.json { render :show, status: :created, location: @wrestler }
format.html { redirect_to @school, notice: 'Wrestler was successfully created.' }
format.json { render action: 'show', status: :created, location: @wrestler }
end
else else
format.html { render action: 'new' } format.html { render :new }
format.json { render json: @wrestler.errors, status: :unprocessable_entity } format.json { render json: @wrestler.errors, status: :unprocessable_entity }
end end
end end
end end
# PATCH/PUT /wrestlers/1 # PATCH/PUT /wrestlers/1
# PATCH/PUT /wrestlers/1.json
def update def update
@tournament = @wrestler.tournament @tournament = @wrestler.tournament
@weight = @wrestler.weight @weight = @wrestler.weight
@weights = @tournament.weights.sort_by{|w| w.max}
@school = @wrestler.school @school = @wrestler.school
@weights = @tournament.weights.sort_by(&:max)
respond_to do |format| respond_to do |format|
if @wrestler.update(wrestler_params) if @wrestler.update(wrestler_params.except(:school_permission_key))
if session[:return_path] redirect_path = session[:return_path] || school_path(@school)
format.html { redirect_to session.delete(:return_path), notice: 'Wrestler was successfully updated.' } format.html { redirect_to append_permission_key(redirect_path), notice: 'Wrestler was successfully updated.' }
else format.json { render :show, status: :ok, location: @wrestler }
format.html { redirect_to @school, notice: 'Wrestler was successfully updated.' }
format.json { render action: 'show', status: :created, location: @wrestler }
end
else else
format.html { render action: 'edit' } format.html { render :edit }
format.json { render json: @wrestler.errors, status: :unprocessable_entity } format.json { render json: @wrestler.errors, status: :unprocessable_entity }
end end
end end
end end
def update_pool
@tournament = @wrestler.tournament
@weight = @wrestler.weight
@weights = @tournament.weights.sort_by{|w| w.max}
@school = @wrestler.school
if params[:wrestler]['pool']
@wrestler.pool = params[:wrestler]['pool']
respond_to do |format|
message = "Wrestler has successfully been switched to a new pool. Matches for that weight are now in a weird state. Please re-generate matches when you are done with all of your changes."
if @wrestler.update(wrestler_params)
format.html { redirect_to "/tournaments/#{@tournament.id}/brackets/#{@wrestler.weight.id}/", notice: message }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: @wrestler.errors, status: :unprocessable_entity }
end
end
end
end
# DELETE /wrestlers/1 # DELETE /wrestlers/1
# DELETE /wrestlers/1.json
def destroy def destroy
@school = @wrestler.school @school = @wrestler.school
@wrestler.destroy @wrestler.destroy
message = "Wrestler was successfully deleted. This action has removed all matches. Please re-generate matches if you already had matches."
respond_to do |format| respond_to do |format|
message = "Wrestler was successfully deleted. This action has removed all matches. Please re-generate matches if you already had matches." redirect_path = session[:return_path] || school_path(@school)
if session[:return_path] format.html { redirect_to append_permission_key(redirect_path), notice: message }
format.html { redirect_to session.delete(:return_path), notice: message } format.json { head :no_content }
else
format.html { redirect_to @school, notice: message }
format.json { head :no_content }
end
end end
end end
private private
# Use callbacks to share common setup or constraints between actions.
def set_wrestler def set_wrestler
@wrestler = Wrestler.where(:id => params[:id]).includes(:school, :weight, :tournament, :matches).first @wrestler = Wrestler.includes(:school, :weight, :tournament, :matches).find_by(id: params[:id])
end
def wrestler_params
params.require(:wrestler).permit(:name, :school_id, :weight_id, :seed, :original_seed, :season_win,
:season_loss, :criteria, :extra, :offical_weight, :pool, :school_permission_key)
end
def check_access
if params[:school].present?
@school = School.find(params[:school])
#@tournament = Tournament.find(@school.tournament.id)
elsif params[:wrestler].present?
if params[:wrestler]["school_id"].present?
@school = School.find(params[:wrestler]["school_id"])
if wrestler_params[:school_permission_key].present?
@school_permission_key = wrestler_params[:school_permission_key]
end
else
@wrestler = Wrestler.find(params[:wrestler]["id"])
@school = @wrestler.school
end
elsif @wrestler
@school = @wrestler.school
end end
# Never trust parameters from the scary internet, only allow the white list through. # set @school_permission_key for use in ability
def wrestler_params if params[:school_permission_key].present?
params.require(:wrestler).permit(:name, :school_id, :weight_id, :seed, :original_seed, :season_win, :season_loss,:criteria,:extra,:offical_weight,:pool) @school_permission_key = params[:school_permission_key]
end end
def check_access authorize! :manage, @school
if params[:school] end
@school = School.find(params[:school])
#@tournament = Tournament.find(@school.tournament.id) def check_read_access
elsif params[:wrestler] if params[:school]
if params[:wrestler]["school_id"] @school = School.find(params[:school])
@school = School.find(params[:wrestler]["school_id"]) elsif params[:wrestler].present?
else if params[:wrestler]["school_id"].present?
@wrestler = Wrestler.find(params[:wrestler]["id"]) @school = School.find(params[:wrestler]["school_id"])
@school = @wrestler.school else
end @wrestler = Wrestler.find(params[:wrestler]["id"])
#@tournament = Tournament.find(@school.tournament.id) @school = @wrestler.school
elsif @wrestler end
@school = @wrestler.school if wrestler_params[:school_permission_key].present?
#@tournament = @wrestler.tournament @school_permission_key = wrestler_params[:school_permission_key]
elsif wrestler_params end
@school = School.find(wrestler_params[:school_id]) elsif @wrestler
end @school = @wrestler.school
authorize! :manage, @school
end end
# set @school_permission_key for use in ability
if params[:school_permission_key].present?
@school_permission_key = params[:school_permission_key]
end
authorize! :read, @school
end
# Helper method to append school_permission_key to redirects if it exists.
def append_permission_key(path)
return path unless @school_permission_key.present?
# If path is an ActiveRecord object, convert to URL.
path = school_path(path) if path.is_a?(School)
uri = URI.parse(path)
query_params = Rack::Utils.parse_nested_query(uri.query || "")
query_params["school_permission_key"] = @school_permission_key
uri.query = query_params.to_query
uri.to_s
end
end end

125
app/models/ability.rb
View File

@@ -1,95 +1,74 @@
class Ability class Ability
include CanCan::Ability include CanCan::Ability
def initialize(user) def initialize(user, school_permission_key = nil)
# Define abilities for the passed in user here. For example: if user
# # LOGGED IN USER PERMISSIONS
# user ||= User.new # guest user (not logged in)
# if user.admin? # TOURNAMENT PERMISSIONS
# can :manage, :all
# else # Can manage but cannot destroy tournament if tournament delegate
# can :read, :all
# end
#
# The first argument to `can` is the action you are giving the user
# permission to do.
# If you pass :manage it will apply to every action. Other common actions
# here are :read, :create, :update and :destroy.
#
# The second argument is the resource the user can perform the action on.
# If you pass :all it will apply to every resource. Otherwise pass a Ruby
# class of the resource.
#
# The third argument is an optional hash of conditions to further filter the
# objects.
# For example, here the user can only update published articles.
#
# can :update, Article, :published => true
#
# See the wiki for details:
# https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
if !user.nil?
#Can manage tournament if tournament owner
can :manage, Tournament, :user_id => user.id
#Can manage but cannot destroy tournament if tournament delegate
can :manage, Tournament do |tournament| can :manage, Tournament do |tournament|
tournament.delegates.map(&:user_id).include? user.id tournament.user_id == user.id ||
tournament.delegates.map(&:user_id).include?(user.id)
end end
# can destroy tournament if tournament owner
can :destroy, Tournament do |tournament|
tournament.user_id == user.id
end
# tournament delegates cannot destroy - explicitly deny
cannot :destroy, Tournament do |tournament| cannot :destroy, Tournament do |tournament|
tournament.delegates.map(&:user_id).include? user.id tournament.delegates.map(&:user_id).include?(user.id)
end end
# Can read tournament if tournament owner or tournament delegate
# Can read tournament if tournament.is_public, tournament owner, or tournament delegate
can :read, Tournament do |tournament| can :read, Tournament do |tournament|
if tournament.is_public tournament.is_public ||
true tournament.delegates.map(&:user_id).include?(user.id) ||
elsif tournament.delegates.map(&:user_id).include? user.id or tournament.user_id == user.id tournament.user_id == user.id
true
else
false
end
end end
#Can manage school if tournament owner
# SCHOOL PERMISSIONS
# wrestler permissions are included with school permissions
# Can manage school if is school delegate, is tournament delegate, or is tournament director
can :manage, School do |school| can :manage, School do |school|
school.delegates.map(&:user_id).include?(user.id) ||
school.tournament.delegates.map(&:user_id).include?(user.id) ||
school.tournament.user_id == user.id school.tournament.user_id == user.id
end end
#Can manage school if tournament delegate
can :manage, School do |school| # Can read school if tournament.is_public OR is school delegate, is tournament delegate, or is tournament director
school.tournament.delegates.map(&:user_id).include? user.id
end
#Can manage but cannot destroy school if school delegate
can :manage, School do |school|
school.delegates.map(&:user_id).include? user.id
end
cannot :destroy, School do |school|
school.delegates.map(&:user_id).include? user.id
end
# Can read school if school delegate, tournament delegate, or tournament director
can :read, School do |school| can :read, School do |school|
if school.tournament.is_public school.tournament.is_public ||
true school.delegates.map(&:user_id).include?(user.id) ||
elsif school.delegates.map(&:user_id).include? user.id or school.tournament.delegates.map(&:user_id).include? user.id or school.tournament.user_id == user.id school.tournament.delegates.map(&:user_id).include?(user.id) ||
true school.tournament.user_id == user.id
else
false
end
end end
# Default for non logged in users
else else
# NON LOGGED IN USER PERMISSIONS
# TOURNAMENT PERMISSIONS
# Can read tournament if tournament is public # Can read tournament if tournament is public
can :read, Tournament do |tournament| can :read, Tournament do |tournament|
if tournament.is_public tournament.is_public
true
else
false
end
end end
# Can read school if tournament is public
# SCHOOL PERMISSIONS
# wrestler permissions are included with school permissions
# Can read school if tournament is public or a valid school permission key is provided
can :read, School do |school| can :read, School do |school|
if school.tournament.is_public school.tournament.is_public ||
true (school_permission_key.present? && school.permission_key == school_permission_key)
else end
false
end # Can read school if a valid school permission key is provided
# school_permission_key comes from app/controllers/application_controller.rb
can :manage, School do |school|
(school_permission_key.present? && school.permission_key == school_permission_key)
end end
end end
end end

4
app/views/schools/_form.html.erb
View File

@@ -21,6 +21,10 @@
<% end %> <% end %>
<br> <br>
<% if params[:school_permission_key].present? %>
<%= f.hidden_field :school_permission_key, value: params[:school_permission_key] %>
<% end %>
<div class="actions"> <div class="actions">
<%= f.submit 'Submit', :class=>"btn btn-success" %> <%= f.submit 'Submit', :class=>"btn btn-success" %>
</div> </div>

147
app/views/schools/show.html.erb
View File

@@ -1,68 +1,115 @@
<p> <p>
<strong>Name:</strong> <strong>Name:</strong>
<%= @school.name %> <%= @school.name %>
<% if can? :manage, @school %><%= link_to " Edit", edit_school_path(@school),:class=>"fas fa-edit" %><% end %> <% if can? :manage, @school %>
</p> <% edit_school_path_with_key = edit_school_path(@school) %>
<% edit_school_path_with_key += "?school_permission_key=#{params[:school_permission_key]}" if params[:school_permission_key].present? %>
<%= link_to " Edit", edit_school_path_with_key, class: "fas fa-edit" %>
<% end %>
</p>
<p> <p>
<strong>Team Points Deducted:</strong> <strong>Team Points Deducted:</strong>
<%= @school.total_points_deducted %> <%= @school.total_points_deducted %>
</p> </p>
<p>
<strong>Score:</strong>
<%= @school.score %>
</p>
<p> <p>
<strong>Tournament:</strong> <strong>Score:</strong>
<%= @school.tournament.name %> <%= @school.score %>
</p> </p>
<%= link_to "#{@school.name} Stat Summary", "/schools/#{@school.id}/stats",:class=>"btn btn-sm btn-primary" %>
<br>
<br>
<h3>Roster</h3>
<p>(Click wrestler to see their score breakdown and match list)</p>
<table class="table table-hover table-condensed">
<thead>
<tr>
<th>Name</th>
<th>Weight</th>
<th>Record/Seed Criteria</th>
<th>Seed</th>
<th>Team Points Scored</th>
<th>Extra?</th>
<th>Next Bout/Mat</th>
<% if can? :manage, @school %><th><%= link_to " New Wrestler" , "/wrestlers/new?school=#{@school.id}", :class=>"fas fa-plus"%></th><% end %>
</tr>
</thead>
<tbody> <p>
<% @wrestlers.sort_by{|w| w.weight.max}.each do |wrestler| %> <strong>Tournament:</strong>
<%= @school.tournament.name %>
</p>
<% stat_summary_path_with_key = "/schools/#{@school.id}/stats" %>
<% stat_summary_path_with_key += "?school_permission_key=#{params[:school_permission_key]}" if params[:school_permission_key].present? %>
<%= link_to "#{@school.name} Stat Summary", stat_summary_path_with_key, class: "btn btn-sm btn-primary" %>
<br><br>
<h3>Roster</h3>
<p>(Click wrestler to see their score breakdown and match list)</p>
<table class="table table-hover table-condensed">
<thead>
<tr>
<th>Name</th>
<th>Weight</th>
<th>Record/Seed Criteria</th>
<th>Seed</th>
<th>Team Points Scored</th>
<th>Extra?</th>
<th>Next Bout/Mat</th>
<% new_wrestler_path_with_key = new_wrestler_path(school: @school.id) %>
<% new_wrestler_path_with_key += "&school_permission_key=#{params[:school_permission_key]}" if params[:school_permission_key].present? %>
<% if can? :manage, @school %>
<th><%= link_to " New Wrestler", new_wrestler_path_with_key, class: "fas fa-plus" %></th>
<% end %>
</tr>
</thead>
<tbody>
<% @wrestlers.sort_by { |w| w.weight.max }.each do |wrestler| %>
<% if params[:school_permission_key].present? %>
<!-- No caching when school_permission_key is present -->
<tr>
<td>
<% wrestler_path_with_key = wrestler_path(wrestler) %>
<% wrestler_path_with_key += "?school_permission_key=#{params[:school_permission_key]}" if params[:school_permission_key].present? %>
<%= link_to wrestler.name, wrestler_path_with_key %>
</td>
<td><%= wrestler.weight.max %></td>
<td><%= wrestler.season_win %>-<%= wrestler.season_loss %> <%= wrestler.criteria %></td>
<td><%= wrestler.original_seed %></td>
<td><%= wrestler.total_team_points - wrestler.total_points_deducted %></td>
<td><%= "Yes" if wrestler.extra? %></td>
<td><%= wrestler.next_match_bout_number %> <%= wrestler.next_match_mat_name %></td>
<% if can? :manage, wrestler.school %>
<td>
<% edit_wrestler_path_with_key = edit_wrestler_path(wrestler) %>
<% edit_wrestler_path_with_key += "?school_permission_key=#{params[:school_permission_key]}" if params[:school_permission_key].present? %>
<% delete_wrestler_path_with_key = wrestler_path(wrestler) %>
<% delete_wrestler_path_with_key += "?school_permission_key=#{params[:school_permission_key]}" if params[:school_permission_key].present? %>
<%= link_to '', edit_wrestler_path_with_key, class: "fas fa-edit" %>
<%= link_to '', delete_wrestler_path_with_key, method: :delete, data: { confirm: "Are you sure you want to delete #{wrestler.name}? This will delete all of his matches." }, class: "fas fa-trash-alt" %>
</td>
<% end %>
</tr>
<% else %>
<!-- Use caching only when school_permission_key is NOT present -->
<% cache ["#{wrestler.id}_school_show", @school] do %> <% cache ["#{wrestler.id}_school_show", @school] do %>
<tr> <tr>
<td><%= link_to "#{wrestler.name}", wrestler %></td> <td><%= link_to wrestler.name, wrestler_path(wrestler) %></td>
<td><%= wrestler.weight.max %></td> <td><%= wrestler.weight.max %></td>
<td><%= wrestler.season_win %>-<%= wrestler.season_loss %> <%= wrestler.criteria %></td> <td><%= wrestler.season_win %>-<%= wrestler.season_loss %> <%= wrestler.criteria %></td>
<td> <td><%= wrestler.original_seed %></td>
<%= wrestler.original_seed %>
</td>
<td><%= wrestler.total_team_points - wrestler.total_points_deducted %></td> <td><%= wrestler.total_team_points - wrestler.total_points_deducted %></td>
<td><% if wrestler.extra? == true %> <td><%= "Yes" if wrestler.extra? %></td>
Yes <td><%= wrestler.next_match_bout_number %> <%= wrestler.next_match_mat_name %></td>
<% end %>
</td>
<% end %> <% end %>
<td><%= wrestler.next_match_bout_number %> <%= wrestler.next_match_mat_name %></td>
<% if can? :manage, wrestler.school %> <% if can? :manage, wrestler.school %>
<td> <td>
<%= link_to '', edit_wrestler_path(wrestler),:class=>"fas fa-edit" %> <% edit_wrestler_path_with_key = edit_wrestler_path(wrestler) %>
<%= link_to '', wrestler, method: :delete, data: { confirm: "Are you sure you want to delete #{wrestler.name}? This will delete all of his matches." }, :class=>"fas fa-trash-alt" %> <% edit_wrestler_path_with_key += "?school_permission_key=#{params[:school_permission_key]}" if params[:school_permission_key].present? %>
<% delete_wrestler_path_with_key = wrestler_path(wrestler) %>
<% delete_wrestler_path_with_key += "?school_permission_key=#{params[:school_permission_key]}" if params[:school_permission_key].present? %>
<%= link_to '', edit_wrestler_path_with_key, class: "fas fa-edit" %>
<%= link_to '', delete_wrestler_path_with_key, method: :delete, data: { confirm: "Are you sure you want to delete #{wrestler.name}? This will delete all of his matches." }, class: "fas fa-trash-alt" %>
</td> </td>
<% end %> <% end %>
</tr> </tr>
<% end %> <% end %>
</tbody> <% end %>
</table> </tbody>
</table>
<% if can? :manage, @school %> <% if can? :manage, @school %>
<%= render 'baums_roster_import' %> <%= render 'baums_roster_import' %>

5
app/views/schools/stats.html.erb
View File

@@ -1,4 +1,7 @@
<%= link_to "Back to #{@school.name}", "/schools/#{@school.id}", :class=>"btn btn-default" %> <% back_to_school_path = school_path(@school) %>
<% back_to_school_path += "?school_permission_key=#{params[:school_permission_key]}" if params[:school_permission_key].present? %>
<%= link_to "Back to #{@school.name}", back_to_school_path, class: "btn btn-default" %>
<% cache ["#{@school.id}_Stats", @school] do %> <% cache ["#{@school.id}_Stats", @school] do %>
<br> <br>
<br> <br>

6
app/views/tournaments/_double_elimination_bracket.html.erb
View File

@@ -17,6 +17,7 @@
<% @winner_place = "1st" %> <% @winner_place = "1st" %>
<%= render 'bracket_final' %> <%= render 'bracket_final' %>
</div> </div>
<! -- Only use a 2nd page for consolation bracket if bracket is bigger than 16 -->
<% if @weight.wrestlers.size > 16 %> <% if @weight.wrestlers.size > 16 %>
</div> </div>
</div> </div>
@@ -24,6 +25,7 @@
<div class="page"> <div class="page">
<div class="bracket-container"> <div class="bracket-container">
<% end %> <% end %>
<! -- End if for only use a 2nd page for consolation bracket if bracket is bigger than 16 -->
<h4><%= @tournament.name %> - <%= @weight.max %> Bracket</h4> <h4><%= @tournament.name %> - <%= @weight.max %> Bracket</h4>
<h4>Consolation Bracket</h4> <h4>Consolation Bracket</h4>
<div class="bracket"> <div class="bracket">
@@ -41,13 +43,15 @@
<% @winner_place = "3rd" %> <% @winner_place = "3rd" %>
<%= render 'bracket_final' %> <%= render 'bracket_final' %>
</div> </div>
<% if @weight.wrestlers.size >= 6 && @tournament.number_of_placers >= 6 %>
<h4>5/6 place match</h4> <h4>5/6 place match</h4>
<div class="bracket"> <div class="bracket">
<% @final_match = @matches.select{|m|m.bracket_position == "5/6"} %> <% @final_match = @matches.select{|m|m.bracket_position == "5/6"} %>
<% @winner_place = "5th" %> <% @winner_place = "5th" %>
<%= render 'bracket_final' %> <%= render 'bracket_final' %>
</div> </div>
<% if @tournament.number_of_placers >= 8 %> <% end %>
<% if @weight.wrestlers.size >= 8 && @tournament.number_of_placers >= 8 %>
<h4>7/8 place match</h4> <h4>7/8 place match</h4>
<div class="bracket"> <div class="bracket">
<% @final_match = @matches.select{|m|m.bracket_position == "7/8"} %> <% @final_match = @matches.select{|m|m.bracket_position == "7/8"} %>

37
app/views/tournaments/school_delegate.html.erb
View File

@@ -1,4 +1,35 @@
<h1>Search results</h1> <%= form_tag(school_delegate_path, :method => "get", id: "search-form") do %> <h1>School Lineup Permission Links</h1>
<p>Instead of forcing coaches to log into the app, you can generate links for their school that you can email them to submit their lineups. Be sure to delete these after the deadline for lineup submissions.</p>
<%= button_to "Generate School Permission Key Links", generate_school_keys_tournament_path(@tournament), method: :post, class: "btn btn-success" %>
<%= button_to "Delete School Permission Key Links", delete_school_keys_tournament_path(@tournament), method: :post, class: "btn btn-danger" %>
<br><br>
<% if @tournament.schools.where.not(permission_key: nil).exists? %>
<h2>Links for Schools with Permission Keys</h2>
<table class="table table-striped">
<thead>
<tr>
<th>School Name</th>
<th>Permission Link</th>
</tr>
</thead>
<tbody>
<% @tournament.schools.where.not(permission_key: nil).each do |school| %>
<tr>
<td><%= school.name %></td>
<td>
<% full_url = "#{request.base_url}/schools/#{school.id}?school_permission_key=#{school.permission_key}" %>
<a href="<%= full_url %>"><%= full_url %></a>
</td>
</tr>
<% end %>
</tbody>
</table>
<% end %>
<br><br>
<h1>School Delegation for User Accounts</h1>
<p>If you'd like coaches to have to log into the app, you can have them create an account first then search for that account here and assign their account to a school for lineup submission. Be sure to delete these after the deadline for lineup submissions.</p>
<h2>Search results</h2> <%= form_tag(school_delegate_path, :method => "get", id: "search-form") do %>
<%= text_field_tag :search, params[:search], placeholder: "Search users" %> <%= text_field_tag :search, params[:search], placeholder: "Search users" %>
<%= submit_tag "Search" %> <%= submit_tag "Search" %>
<% end %> <% end %>
@@ -33,7 +64,7 @@
<% end %> <% end %>
<% if @users_delegates %> <% if @users_delegates %>
<h1>Delegated users schools</h1> <h2>Delegated users schools</h2>
<table class="table table-striped table-bordered table-condensed"> <table class="table table-striped table-bordered table-condensed">
<thead> <thead>
<tr> <tr>
@@ -53,4 +84,4 @@
<% end %> <% end %>
</tbody> </tbody>
</table> </table>
<% end %> <% end %>

46
app/views/wrestlers/_form.html.erb
View File

@@ -1,13 +1,11 @@
<%= form_for(@wrestler) do |f| %> <%= form_for(@wrestler) do |f| %>
<% if @wrestler.errors.any? %> <% if @wrestler.errors.any? %>
<div id="error_explanation"> <div id="error_explanation">
<h2><%= pluralize(@wrestler.errors.count, "error") %> prohibited this wrestler from being saved:</h2> <h2><%= pluralize(@wrestler.errors.count, "error") %> prohibited this wrestler from being saved:</h2>
<ul> <ul>
<% @wrestler.errors.full_messages.each do |msg| %> <% @wrestler.errors.full_messages.each do |msg| %>
<li><%= msg %></li> <li><%= msg %></li>
<% end %> <% end %>
</ul> </ul>
</div> </div>
<% end %> <% end %>
@@ -16,43 +14,37 @@
<%= f.label :name %><br> <%= f.label :name %><br>
<%= f.text_field :name %> <%= f.text_field :name %>
</div> </div>
<% if can? :manage, @wrestler.tournament %>
<div class="field"> <% if can? :manage, @wrestler.tournament %>
<%= f.label 'School' %><br> <div class="field">
<%= f.collection_select :school_id, @school.tournament.schools, :id, :name %> <%= f.label 'School' %><br>
</div> <%= f.collection_select :school_id, @school.tournament.schools, :id, :name %>
</div>
<% else %> <% else %>
<%= f.hidden_field :school_id, :value => @school.id %> <%= f.hidden_field :school_id, value: @school.id %>
<% end %> <% end %>
<div class="field"> <div class="field">
<%= f.label 'Weight Class' %><br> <%= f.label 'Weight Class' %><br>
<%= f.collection_select :weight_id, @weights, :id, :max %> <%= f.collection_select :weight_id, @weights, :id, :max %>
</div> </div>
<div class="field"> <div class="field">
<%= f.label "Season Wins" %><br> <%= f.label "Season Wins" %><br>
<%= f.number_field :season_win %> <%= f.number_field :season_win %>
</div> </div>
<div class="field"> <div class="field">
<%= f.label "Season Losses" %><br> <%= f.label "Season Losses" %><br>
<%= f.number_field :season_loss %> <%= f.number_field :season_loss %>
</div> </div>
<div class="field"> <!-- Render the hidden field if a permission key is present -->
<%= f.label "Seed Criteria" %><br> <% if @school_permission_key.present? %>
<%= f.text_field :criteria %> <%= f.hidden_field :school_permission_key, value: @school_permission_key %>
</div> <% end %>
<div class="field">
<%= f.label "Check box if extra" %> <%= f.check_box :extra %>
</div>
</br>
</br>
<div class="actions"> <div class="actions">
<%= f.submit :class=>"btn btn-success"%> <%= f.submit class: "btn btn-success" %>
</div> </div>
<% end %> <% end %>

5
app/views/wrestlers/edit.html.erb
View File

@@ -1,4 +1,7 @@
<%= link_to "Back to #{@school.name}", "/schools/#{@school.id}", :class=>"btn btn-default" %> <% back_to_school_path = school_path(@school) %>
<% back_to_school_path += "?school_permission_key=#{params[:school_permission_key]}" if params[:school_permission_key].present? %>
<%= link_to "Back to #{@school.name}", back_to_school_path, class: "btn btn-default" %>
<br> <br>
<br> <br>
<h1>Editing wrestler</h1> <h1>Editing wrestler</h1>

5
app/views/wrestlers/new.html.erb
View File

@@ -1,4 +1,7 @@
<%= link_to "Back to #{@school.name}", "/schools/#{@school.id}", :class=>"btn btn-default" %> <% back_to_school_path = school_path(@school) %>
<% back_to_school_path += "?school_permission_key=#{params[:school_permission_key]}" if params[:school_permission_key].present? %>
<%= link_to "Back to #{@school.name}", back_to_school_path, class: "btn btn-default" %>
<br> <br>
<br> <br>
<h1>New wrestler</h1> <h1>New wrestler</h1>

5
app/views/wrestlers/show.html.erb
View File

@@ -1,4 +1,7 @@
<%= link_to "Back to #{@school.name}", "/schools/#{@school.id}", :class=>"btn btn-sm btn-default" %> <% back_to_school_path = school_path(@wrestler.school) %>
<% back_to_school_path += "?school_permission_key=#{params[:school_permission_key]}" if params[:school_permission_key].present? %>
<%= link_to "Back to #{@wrestler.school.name}", back_to_school_path, class: "btn btn-default" %>
<br> <br>
<br> <br>
<p> <p>

7
config/routes.rb
View File

@@ -81,6 +81,13 @@ Wrestling::Application.routes.draw do
get "/matches/:id/stat" => "matches#stat", :as => :stat_match_path get "/matches/:id/stat" => "matches#stat", :as => :stat_match_path
resources :tournaments do
member do
post :generate_school_keys
post :delete_school_keys
end
end
# Example of regular route: # Example of regular route:
# get 'products/:id' => 'catalog#view' # get 'products/:id' => 'catalog#view'

6
db/migrate/20250130172404_add_uuid_to_schools.rb Normal file
View File

@@ -0,0 +1,6 @@
class AddUuidToSchools < ActiveRecord::Migration[7.2]
def change
add_column :schools, :permission_key, :string
add_index :schools, :permission_key, unique: true
end
end

4
db/schema.rb
View File

@@ -10,7 +10,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema[7.2].define(version: 2025_01_26_004721) do ActiveRecord::Schema[7.2].define(version: 2025_01_30_172404) do
create_table "delayed_jobs", force: :cascade do |t| create_table "delayed_jobs", force: :cascade do |t|
t.integer "priority", default: 0, null: false t.integer "priority", default: 0, null: false
t.integer "attempts", default: 0, null: false t.integer "attempts", default: 0, null: false
@@ -88,6 +88,8 @@ ActiveRecord::Schema[7.2].define(version: 2025_01_26_004721) do
t.datetime "updated_at", precision: nil t.datetime "updated_at", precision: nil
t.integer "tournament_id" t.integer "tournament_id"
t.decimal "score", precision: 15, scale: 1 t.decimal "score", precision: 15, scale: 1
t.string "permission_key"
t.index ["permission_key"], name: "index_schools_on_permission_key", unique: true
t.index ["tournament_id"], name: "index_schools_on_tournament_id" t.index ["tournament_id"], name: "index_schools_on_tournament_id"
end end

166
test/controllers/schools_controller_test.rb
View File

@@ -4,9 +4,11 @@ class SchoolsControllerTest < ActionController::TestCase
include Devise::Test::ControllerHelpers include Devise::Test::ControllerHelpers
setup do setup do
@tournament = Tournament.find(1) @tournament = Tournament.find(1)
# @tournament.generateMatchups # @tournament.generateMatchups
@school = @tournament.schools.first @school = @tournament.schools.first
@school.update(permission_key: SecureRandom.uuid) # Generate a valid school_permission_key
@school_permission_key = @school.permission_key
end end
def create def create
@@ -17,20 +19,20 @@ class SchoolsControllerTest < ActionController::TestCase
get :new, params: { tournament: @tournament.id } get :new, params: { tournament: @tournament.id }
end end
def get_show def get_show(extra_params = {})
get :show, params: { id: @school.id } get :show, params: { id: @school.id }.merge(extra_params)
end end
def post_update def post_update(extra_params = {})
patch :update, params: { id: @school.id, school: {name: @school.name, tournament_id: @school.tournament_id} } patch :update, params: { id: @school.id, school: { name: @school.name, tournament_id: @school.tournament_id } }.merge(extra_params)
end end
def destroy def destroy(extra_params = {})
delete :destroy, params: { id: @school.id } delete :destroy, params: { id: @school.id }.merge(extra_params)
end end
def get_edit def get_edit(extra_params = {})
get :edit, params: { id: @school.id } get :edit, params: { id: @school.id }.merge(extra_params)
end end
def sign_in_owner def sign_in_owner
@@ -288,6 +290,150 @@ Some Guy
get_show get_show
success success
end end
test "non logged in user can get stats page when tournament is public" do
@tournament.is_public = true
@tournament.save
get :stats, params: { id: @school.id }
success
end
test "logged in school delegate can get stats page when tournament is not public" do
@tournament.is_public = false
@tournament.save
sign_in_school_delegate
get :stats, params: { id: @school.id }
success
end
test "logged in tournament owner can get stats page when tournament is not public" do
@tournament.is_public = false
@tournament.save
sign_in_owner
get :stats, params: { id: @school.id }
success
end
test "logged in tournament delegate can get stats page when tournament is not public" do
@tournament.is_public = false
@tournament.save
sign_in_tournament_delegate
get :stats, params: { id: @school.id }
success
end
test "logged in non owner cannot get stats page when tournament is not public" do
@tournament.is_public = false
@tournament.save
sign_in_non_owner
get :stats, params: { id: @school.id }
redirect
end
test "non logged in user cannot get stats page when tournament is not public" do
@tournament.is_public = false
@tournament.save
sign_in_non_owner
get :stats, params: { id: @school.id }
redirect
end
test "stats page without school_permission_key does not include it in 'Back to School' link" do
get :stats, params: { id: @school.id }
success
# The link is typically: /schools/:id?school_permission_key=valid_key
# 'Back to Central Crossing' or similar text
assert_select "a[href=?]", school_path(id: @school.id), text: /Back to/
end
test "wrestler links do not contain school_permission_key when not used" do
@tournament.update(is_public: false)
sign_in_owner
get_show
assert_select "a[href=?]", new_wrestler_path(school: @school.id), text: "New Wrestler"
@school.wrestlers.each do |wrestler|
# Check only for the DELETE link, specifying 'data-method="delete"' to exclude profile links
assert_select "a[href=?][data-method=delete]", wrestler_path(wrestler), count: 1
# Check edit link
assert_select "a[href=?]", edit_wrestler_path(wrestler), count: 1
end
end
# END SHOW PAGE PERMISSIONS # END SHOW PAGE PERMISSIONS
# School permission key tests
test "non logged in user can get show page when using valid school_permission_key" do
@tournament.update(is_public: false)
get_show(school_permission_key: @school_permission_key)
success
end
test "non logged in user cannot get show page when using invalid school_permission_key" do
@tournament.update(is_public: false)
get_show(school_permission_key: "invalid-key")
redirect
end
test "non logged in user can edit school with valid school_permission_key" do
@tournament.update(is_public: false)
get_edit(school_permission_key: @school_permission_key)
success
end
test "non logged in user cannot edit school with invalid school_permission_key" do
@tournament.update(is_public: false)
get_edit(school_permission_key: "invalid-key")
redirect
end
test "non logged in user can update school with valid school_permission_key" do
@tournament.update(is_public: false)
post_update(school_permission_key: @school_permission_key)
assert_redirected_to tournament_path(@school.tournament_id)
end
test "non logged in user cannot update school with invalid school_permission_key" do
@tournament.update(is_public: false)
post_update(school_permission_key: "invalid-key")
redirect
end
test "non logged in user cannot delete school with invalid school_permission_key" do
@tournament.update(is_public: false)
destroy(school_permission_key: "invalid-key")
redirect
end
test "non logged in user cannot delete school with valid school_permission_key" do
@tournament.update(is_public: false)
destroy(school_permission_key: @school_permission_key)
redirect
end
# Ensure school_permission_key is used in wrestler links
test "wrestler links contain school_permission_key when used" do
@tournament.update(is_public: false)
get_show(school_permission_key: @school_permission_key)
assert_select "a[href=?]", new_wrestler_path(school: @school.id, school_permission_key: @school_permission_key), text: "New Wrestler"
@school.wrestlers.each do |wrestler|
assert_select "a[href=?]", edit_wrestler_path(wrestler, school_permission_key: @school_permission_key)
assert_select "a[href=?]", wrestler_path(wrestler, school_permission_key: @school_permission_key), method: :delete
end
end
test "stats page with school_permission_key includes it in 'Back to School' link" do
get :stats, params: { id: @school.id, school_permission_key: @school_permission_ke }
success
# The link is typically: /schools/:id?school_permission_key=valid_key
# 'Back to Central Crossing' or similar text
assert_select "a[href=?]", school_path(id: @school.id, school_permission_key: @school_permission_ke), text: /Back to/
end
# End school permission key tests
end end

53
test/controllers/tournaments_controller_test.rb
View File

@@ -800,4 +800,57 @@ class TournamentsControllerTest < ActionController::TestCase
get :generate_matches, params: { id: @tournament.id } get :generate_matches, params: { id: @tournament.id }
success success
end end
test "tournament owner can create school keys" do
sign_in_owner
post :generate_school_keys, params: { id: @tournament.id }
assert_redirected_to school_delegate_path(@tournament)
assert_equal "School permission keys generated successfully.", flash[:notice]
end
test "tournament owner can delete school keys" do
sign_in_owner
post :delete_school_keys, params: { id: @tournament.id }
# Update this path/notices if your controller redirects differently
assert_redirected_to school_delegate_path(@tournament)
assert_equal "All school permission keys have been deleted.", flash[:notice]
end
test "tournament delegate can create school keys" do
sign_in_delegate
post :generate_school_keys, params: { id: @tournament.id }
assert_redirected_to school_delegate_path(@tournament)
assert_equal "School permission keys generated successfully.", flash[:notice]
end
test "tournament delegate can delete school keys" do
sign_in_delegate
post :delete_school_keys, params: { id: @tournament.id }
assert_redirected_to school_delegate_path(@tournament)
assert_equal "All school permission keys have been deleted.", flash[:notice]
end
test "logged in non-owner cannot create school keys" do
sign_in_non_owner
post :generate_school_keys, params: { id: @tournament.id }
redirect
end
test "logged in non-owner cannot delete school keys" do
sign_in_non_owner
post :delete_school_keys, params: { id: @tournament.id }
redirect
end
test "non logged in user cannot create school keys" do
# no sign_in
post :generate_school_keys, params: { id: @tournament.id }
redirect
end
test "non logged in user cannot delete school keys" do
# no sign_in
post :delete_school_keys, params: { id: @tournament.id }
redirect
end
end end

134
test/controllers/wrestlers_controller_test.rb
View File

@@ -5,8 +5,9 @@ class WrestlersControllerTest < ActionController::TestCase
setup do setup do
@tournament = Tournament.find(1) @tournament = Tournament.find(1)
# @tournament.generateMatchups @tournament.update(is_public: true)
@school = @tournament.schools.first @school = @tournament.schools.first
@school.update(permission_key: SecureRandom.uuid)
@wrestler = @school.wrestlers.first @wrestler = @school.wrestlers.first
end end
@@ -168,10 +169,139 @@ class WrestlersControllerTest < ActionController::TestCase
redirect redirect
end end
test "view wrestler" do # View wrestler based on tournament.is_public
test "a non logged in user can view wrestler when tournament is_public is true" do
get :show, params: { id: @wrestler.id } get :show, params: { id: @wrestler.id }
success success
end end
test "a non logged in user cannot view wrestler when tournament is_public is false" do
@tournament.update(is_public: false)
get :show, params: { id: @wrestler.id }
redirect
end
test "a logged in user non tournament owner cannot view wrestler when tournament is_public is false" do
@tournament.update(is_public: false)
sign_in_non_owner
get :show, params: { id: @wrestler.id }
redirect
end
test "a logged in user tournament owner can view wrestler when tournament is_public is false" do
@tournament.update(is_public: false)
sign_in_owner
get :show, params: { id: @wrestler.id }
success
end
test "a logged in user school delgate can view wrestler when tournament is_public is false" do
@tournament.update(is_public: false)
sign_in_school_delegate
get :show, params: { id: @wrestler.id }
success
end
test "a logged in user tournament delgate can view wrestler when tournament is_public is false" do
@tournament.update(is_public: false)
sign_in_tournament_delegate
get :show, params: { id: @wrestler.id }
success
end
# school permission key tests
test "a non logged in user with VALID school permission key can view wrestler when tournament is_public is false" do
valid_key = @school.permission_key
@tournament.update(is_public: false)
get :show, params: { id: @wrestler.id, school_permission_key: valid_key }
success
end
test "a non logged in user with INVALID school permission key cannot view wrestler when tournament is_public is false" do
@tournament.update(is_public: false)
get :show, params: { id: @wrestler.id, school_permission_key: "INVALID-KEY" }
redirect
end
test "non logged in user with VALID key can get edit wrestler page" do
valid_key = @school.permission_key
get :edit, params: { id: @wrestler.id, school_permission_key: valid_key }
success
end
test "non logged in user with INVALID key cannot get edit wrestler page" do
get :edit, params: { id: @wrestler.id, school_permission_key: "INVALID-KEY" }
redirect
end
test "non logged in user with VALID key can post update wrestler" do
valid_key = @school.permission_key
# The form includes school_permission_key as part of wrestler_params
patch :update, params: { id: @wrestler.id, wrestler: { name: "New Name", school_id: @school.id, school_permission_key: valid_key } }
assert_redirected_to school_path(@school.id, school_permission_key: valid_key)
end
test "non logged in user with INVALID key cannot post update wrestler" do
patch :update, params: { id: @wrestler.id, wrestler: { name: "New Name", school_id: @school.id }, school_permission_key: "INVALID-KEY" }
redirect
end
test "non logged in user with VALID key can create a new wrestler" do
valid_key = @school.permission_key
get :new, params: { school: @school.id, school_permission_key: valid_key }
success
# The form includes school_permission_key as part of wrestler_params
post :create, params: { wrestler: { name: "Test from Key", weight_id: 1, school_id: @school.id, school_permission_key: valid_key }}
assert_redirected_to school_path(@school.id, school_permission_key: valid_key)
end
test "non logged in user with INVALID key cannot create a new wrestler" do
get :new, params: { school: @school.id, school_permission_key: "INVALID-KEY" }
redirect
post :create, params: { wrestler: { name: "Test from Key", weight_id: 1, school_id: @school.id }, school_permission_key: "INVALID-KEY" }
redirect
end
test "non logged in user with VALID key can destroy a wrestler" do
valid_key = @school.permission_key
delete :destroy, params: { id: @wrestler.id, school_permission_key: valid_key }
assert_redirected_to school_path(@school.id, school_permission_key: valid_key)
end
test "non logged in user with INVALID key cannot destroy a wrestler" do
delete :destroy, params: { id: @wrestler.id, school_permission_key: "INVALID-KEY" }
redirect
end
test "non logged in user with VALID key can view a wrestler" do
valid_key = @school.permission_key
get :show, params: { id: @wrestler.id, school_permission_key: valid_key }
success
end
test "non logged in user with INVALID key cannot view a wrestler" do
@tournament.update(is_public: false)
get :show, params: { id: @wrestler.id, school_permission_key: "INVALID-KEY" }
redirect
end
test "show page with valid school_permission_key includes it in 'Back to School' link" do
valid_key = @school.permission_key
get :show, params: { id: @wrestler.id, school_permission_key: valid_key }
success
# The link is typically: /schools/:id?school_permission_key=valid_key
# 'Back to Central Crossing' or similar text
assert_select "a[href=?]", school_path(@school, school_permission_key: valid_key), text: /Back to/
end
test "show page with NO key does not include it in 'Back to School' link" do
get :show, params: { id: @wrestler.id }
success
assert_select "a[href=?]", school_path(@school), text: /Back to/
end
end end