From c9ff63548bb7b729b3cda5290f3ba845a1bf38a3 Mon Sep 17 00:00:00 2001 From: jcwimer Date: Thu, 31 Dec 2015 01:56:10 +0000 Subject: [PATCH] Fixed check_access bug --- app/controllers/matches_controller.rb | 4 ++-- app/controllers/schools_controller.rb | 3 +-- app/controllers/weights_controller.rb | 3 +-- app/controllers/wrestlers_controller.rb | 5 ++--- 4 files changed, 6 insertions(+), 9 deletions(-) diff --git a/app/controllers/matches_controller.rb b/app/controllers/matches_controller.rb index a4123b7..291ad7c 100644 --- a/app/controllers/matches_controller.rb +++ b/app/controllers/matches_controller.rb @@ -47,8 +47,8 @@ class MatchesController < ApplicationController end def check_access - if current_user != @match.tournament.user - redirect_to '/static_pages/not_allowed' + if current_user != @match.tournament.user + redirect_to '/static_pages/not_allowed' end end end diff --git a/app/controllers/schools_controller.rb b/app/controllers/schools_controller.rb index 163ac52..94d2775 100644 --- a/app/controllers/schools_controller.rb +++ b/app/controllers/schools_controller.rb @@ -80,8 +80,7 @@ class SchoolsController < ApplicationController if params[:tournament] @tournament = Tournament.find(params[:tournament]) elsif params[:school] - @school = School.new(school_params) - @tournament = Tournament.find(@school.tournament_id) + @tournament = Tournament.find(params[:school]["tournament_id"]) elsif @school @tournament = @school.tournament end diff --git a/app/controllers/weights_controller.rb b/app/controllers/weights_controller.rb index 9304c31..e3fcf4b 100644 --- a/app/controllers/weights_controller.rb +++ b/app/controllers/weights_controller.rb @@ -87,8 +87,7 @@ class WeightsController < ApplicationController if params[:tournament] @tournament = Tournament.find(params[:tournament]) elsif params[:weight] - @weight = Weight.new(weight_params) - @tournament = Tournament.find(@weight.tournament_id) + @tournament = Tournament.find(params[:weight]["tournament_id"]) elsif @weight @tournament = @weight.tournament end diff --git a/app/controllers/wrestlers_controller.rb b/app/controllers/wrestlers_controller.rb index 87f4add..1cdbd8a 100644 --- a/app/controllers/wrestlers_controller.rb +++ b/app/controllers/wrestlers_controller.rb @@ -82,7 +82,7 @@ class WrestlersController < ApplicationController private # Use callbacks to share common setup or constraints between actions. def set_wrestler - @wrestler = Wrestler.find(params[:id]) + @wrestler = Wrestler.where(:id => params[:id]).includes(:school, :weight, :tournament, :matches).first end # Never trust parameters from the scary internet, only allow the white list through. @@ -94,8 +94,7 @@ class WrestlersController < ApplicationController @school = School.find(params[:school]) @tournament = Tournament.find(@school.tournament.id) elsif params[:wrestler] - @wrestler = Wrestler.new(wrestler_params) - @school = School.find(@wrestler.school_id) + @school = School.find(params[:wrestler]["school_id"]) @tournament = Tournament.find(@school.tournament.id) elsif @wrestler @tournament = @wrestler.tournament