cody/wrestlingdev.com
1
0
Fork 0
mirror of https://github.com/jcwimer/wrestlingApp synced 2026-03-25 01:14:43 +00:00
Code Issues Releases Wiki Activity

When delegating, only directly match the email to not expose user emails

Browse Source
This commit is contained in:
Jacob Cody Wimer
2022-02-23 21:25:01 +00:00
parent 2cd62bbbd5
commit cce2e5b5f8
3 changed files with 20 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
app/controllers/tournaments_controller.rb
View File

@@ -92,7 +92,7 @@ class TournamentsController < ApplicationController
def school_delegate
if params[:search]
@users = User.limit(200).search(params[:search])
@user = User.where('email = ?', params[:search]).first
elsif params[:school_delegate]
@delegate = SchoolDelegate.new
@delegate.user_id = params[:school_delegate]["user_id"]
@@ -104,19 +104,18 @@ class TournamentsController < ApplicationController
format.html { redirect_to "/tournaments/#{@tournament.id}/school_delegate", notice: 'There was an issue delegating permissions please try again' }
end
end
else
@users_delegates = []
@tournament.schools.each do |s|
s.delegates.each do |d|
@users_delegates << d
end
end
@users_delegates = []
@tournament.schools.each do |s|
s.delegates.each do |d|
@users_delegates << d
end
end
end
def delegate
if params[:search]
@users = User.limit(200).search(params[:search])
@user = User.where('email = ?', params[:search]).first
elsif params[:tournament_delegate]
@delegate = TournamentDelegate.new
@delegate.user_id = params[:tournament_delegate]["user_id"]
@@ -128,9 +127,8 @@ class TournamentsController < ApplicationController
format.html { redirect_to "/tournaments/#{@tournament.id}/delegate", notice: 'There was an issue delegating permissions please try again' }
end
end
else
@users_delegates = @tournament.delegates
end
@users_delegates = @tournament.delegates
end
def matches
@@ -230,9 +228,9 @@ class TournamentsController < ApplicationController
end
def show
@schools = @tournament.schools.includes(:delegates)
@schools = @tournament.schools.includes(:delegates).sort_by{|school|school.name}
@weights = @tournament.weights.sort_by{|x|[x.max]}
@mats = @tournament.mats
@mats = @tournament.mats.sort_by{|mat|mat.name}
end
def new

19
app/views/tournaments/delegate.html.erb
View File

@@ -1,11 +1,11 @@
<% if @users %>
<h1>Search results</h1> <%= form_tag(tournament_delegate_path, :method => "get", id: "search-form") do %>
<%= text_field_tag :search, params[:search], placeholder: "Search users" %>
<%= submit_tag "Search" %>
<% end %>
<p>Search by email address</p>
<p>Search by email address to delegate tournament permissions</p>
</br>
</br>
<% if @user %>
<table class="table table-striped table-bordered table-condensed">
<thead>
<tr>
@@ -14,32 +14,23 @@
</tr>
</thead>
<tbody>
<% @users.each do |user| %>
<tr>
<td><%= user.email %></td>
<td><%= @user.email %></td>
<td>
<%= form_for TournamentDelegate.new, :url => url_for(:controller => 'tournaments', :action => 'delegate', :method => "post") do |f| %>
<%= f.hidden_field :user_id, :value => user.id %>
<%= f.hidden_field :user_id, :value => @user.id %>
<% if can? :manage, @tournament %>
<%= submit_tag "Give permissions", :class=>"btn btn-success"%>
<% end %>
<% end %>
</td>
</tr>
<% end %>
</tbody>
</table>
<% end %>
<% if @users_delegates %>
<h1>Delegated users</h1> <%= form_tag(tournament_delegate_path, :method => "get", id: "search-form") do %>
<%= text_field_tag :search, params[:search], placeholder: "Search users" %>
<%= submit_tag "Search" %>
<% end %>
<p>Search by email address</p>
</br>
</br>
<h1>Delegated users</h1>
<table class="table table-striped table-bordered table-condensed">
<thead>
<tr>

19
app/views/tournaments/school_delegate.html.erb
View File

@@ -1,11 +1,11 @@
<% if @users %>
<h1>Search results</h1> <%= form_tag(school_delegate_path, :method => "get", id: "search-form") do %>
<%= text_field_tag :search, params[:search], placeholder: "Search users" %>
<%= submit_tag "Search" %>
<% end %>
<p>Search by email address</p>
<p>Search by email address to delegate a school to a user</p>
</br>
</br>
<% if @user %>
<table class="table table-striped table-bordered table-condensed">
<thead>
<tr>
@@ -15,34 +15,25 @@
</tr>
</thead>
<tbody>
<% @users.each do |user| %>
<tr>
<td><%= user.email %></td>
<td><%= @user.email %></td>
<%= form_for SchoolDelegate.new, :url => url_for(:controller => 'tournaments', :action => 'school_delegate', :method => "post") do |f| %>
<td><%= f.collection_select :school_id, @tournament.schools, :id, :name %></td>
<td>
<%= f.hidden_field :user_id, :value => user.id %>
<%= f.hidden_field :user_id, :value => @user.id %>
<% if can? :manage, @tournament %>
<%= submit_tag "Give permissions", :class=>"btn btn-success"%>
<% end %>
<% end %>
</td>
</tr>
<% end %>
</tbody>
</table>
<% end %>
<% if @users_delegates %>
<h1>Delegated users schools</h1> <%= form_tag(school_delegate_path, :method => "get", id: "search-form") do %>
<%= text_field_tag :search, params[:search], placeholder: "Search users" %>
<%= submit_tag "Search" %>
<% end %>
<p>Search by email address</p>
</br>
</br>
<h1>Delegated users schools</h1>
<table class="table table-striped table-bordered table-condensed">
<thead>
<tr>