cody/wrestlingdev.com
1
0
Fork 0
mirror of https://github.com/jcwimer/wrestlingApp synced 2026-03-25 01:14:43 +00:00
Code Issues Releases Wiki Activity

When delegating, only directly match the email to not expose user emails

Browse Source
This commit is contained in:
Jacob Cody Wimer
2022-02-23 21:25:01 +00:00
parent 2cd62bbbd5
commit cce2e5b5f8
3 changed files with 20 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/views/tournaments/delegate.html.erb
View File

@@ -1,11 +1,11 @@
<% if @users %>
<h1>Search results</h1> <%= form_tag(tournament_delegate_path, :method => "get", id: "search-form") do %>
<%= text_field_tag :search, params[:search], placeholder: "Search users" %>
<%= submit_tag "Search" %>
<% end %>
<p>Search by email address</p>
<p>Search by email address to delegate tournament permissions</p>
</br>
</br>
<% if @user %>
<table class="table table-striped table-bordered table-condensed">
<thead>
<tr>
@@ -14,32 +14,23 @@
</tr>
</thead>
<tbody>
<% @users.each do |user| %>
<tr>
<td><%= user.email %></td>
<td><%= @user.email %></td>
<td>
<%= form_for TournamentDelegate.new, :url => url_for(:controller => 'tournaments', :action => 'delegate', :method => "post") do |f| %>
<%= f.hidden_field :user_id, :value => user.id %>
<%= f.hidden_field :user_id, :value => @user.id %>
<% if can? :manage, @tournament %>
<%= submit_tag "Give permissions", :class=>"btn btn-success"%>
<% end %>
<% end %>
</td>
</tr>
<% end %>
</tbody>
</table>
<% end %>
<% if @users_delegates %>
<h1>Delegated users</h1> <%= form_tag(tournament_delegate_path, :method => "get", id: "search-form") do %>
<%= text_field_tag :search, params[:search], placeholder: "Search users" %>
<%= submit_tag "Search" %>
<% end %>
<p>Search by email address</p>
</br>
</br>
<h1>Delegated users</h1>
<table class="table table-striped table-bordered table-condensed">
<thead>
<tr>

19
app/views/tournaments/school_delegate.html.erb
View File

@@ -1,11 +1,11 @@
<% if @users %>
<h1>Search results</h1> <%= form_tag(school_delegate_path, :method => "get", id: "search-form") do %>
<%= text_field_tag :search, params[:search], placeholder: "Search users" %>
<%= submit_tag "Search" %>
<% end %>
<p>Search by email address</p>
<p>Search by email address to delegate a school to a user</p>
</br>
</br>
<% if @user %>
<table class="table table-striped table-bordered table-condensed">
<thead>
<tr>
@@ -15,34 +15,25 @@
</tr>
</thead>
<tbody>
<% @users.each do |user| %>
<tr>
<td><%= user.email %></td>
<td><%= @user.email %></td>
<%= form_for SchoolDelegate.new, :url => url_for(:controller => 'tournaments', :action => 'school_delegate', :method => "post") do |f| %>
<td><%= f.collection_select :school_id, @tournament.schools, :id, :name %></td>
<td>
<%= f.hidden_field :user_id, :value => user.id %>
<%= f.hidden_field :user_id, :value => @user.id %>
<% if can? :manage, @tournament %>
<%= submit_tag "Give permissions", :class=>"btn btn-success"%>
<% end %>
<% end %>
</td>
</tr>
<% end %>
</tbody>
</table>
<% end %>
<% if @users_delegates %>
<h1>Delegated users schools</h1> <%= form_tag(school_delegate_path, :method => "get", id: "search-form") do %>
<%= text_field_tag :search, params[:search], placeholder: "Search users" %>
<%= submit_tag "Search" %>
<% end %>
<p>Search by email address</p>
</br>
</br>
<h1>Delegated users schools</h1>
<table class="table table-striped table-bordered table-condensed">
<thead>
<tr>