cody/wrestlingdev.com
1
0
Fork 0
mirror of https://github.com/jcwimer/wrestlingApp synced 2026-04-07 23:17:25 +00:00
Code Issues Releases Wiki Activity

When delegating, only directly match the email to not expose user emails

Browse Source
This commit is contained in:
Jacob Cody Wimer
2022-02-23 21:25:01 +00:00
parent 2cd62bbbd5
commit cce2e5b5f8
3 changed files with 20 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
app/controllers/tournaments_controller.rb
View File

@@ -92,7 +92,7 @@ class TournamentsController < ApplicationController
def school_delegate def school_delegate
if params[:search] if params[:search]
@users = User.limit(200).search(params[:search]) @user = User.where('email = ?', params[:search]).first
elsif params[:school_delegate] elsif params[:school_delegate]
@delegate = SchoolDelegate.new @delegate = SchoolDelegate.new
@delegate.user_id = params[:school_delegate]["user_id"] @delegate.user_id = params[:school_delegate]["user_id"]
@@ -104,19 +104,18 @@ class TournamentsController < ApplicationController
format.html { redirect_to "/tournaments/#{@tournament.id}/school_delegate", notice: 'There was an issue delegating permissions please try again' } format.html { redirect_to "/tournaments/#{@tournament.id}/school_delegate", notice: 'There was an issue delegating permissions please try again' }
end end
end end
else end
@users_delegates = [] @users_delegates = []
@tournament.schools.each do |s| @tournament.schools.each do |s|
s.delegates.each do |d| s.delegates.each do |d|
@users_delegates << d @users_delegates << d
end
end end
end end
end end
def delegate def delegate
if params[:search] if params[:search]
@users = User.limit(200).search(params[:search]) @user = User.where('email = ?', params[:search]).first
elsif params[:tournament_delegate] elsif params[:tournament_delegate]
@delegate = TournamentDelegate.new @delegate = TournamentDelegate.new
@delegate.user_id = params[:tournament_delegate]["user_id"] @delegate.user_id = params[:tournament_delegate]["user_id"]
@@ -128,9 +127,8 @@ class TournamentsController < ApplicationController
format.html { redirect_to "/tournaments/#{@tournament.id}/delegate", notice: 'There was an issue delegating permissions please try again' } format.html { redirect_to "/tournaments/#{@tournament.id}/delegate", notice: 'There was an issue delegating permissions please try again' }
end end
end end
else
@users_delegates = @tournament.delegates
end end
@users_delegates = @tournament.delegates
end end
def matches def matches
@@ -230,9 +228,9 @@ class TournamentsController < ApplicationController
end end
def show def show
@schools = @tournament.schools.includes(:delegates) @schools = @tournament.schools.includes(:delegates).sort_by{|school|school.name}
@weights = @tournament.weights.sort_by{|x|[x.max]} @weights = @tournament.weights.sort_by{|x|[x.max]}
@mats = @tournament.mats @mats = @tournament.mats.sort_by{|mat|mat.name}
end end
def new def new

19
app/views/tournaments/delegate.html.erb
View File

@@ -1,11 +1,11 @@
<% if @users %>
<h1>Search results</h1> <%= form_tag(tournament_delegate_path, :method => "get", id: "search-form") do %> <h1>Search results</h1> <%= form_tag(tournament_delegate_path, :method => "get", id: "search-form") do %>
<%= text_field_tag :search, params[:search], placeholder: "Search users" %> <%= text_field_tag :search, params[:search], placeholder: "Search users" %>
<%= submit_tag "Search" %> <%= submit_tag "Search" %>
<% end %> <% end %>
<p>Search by email address</p> <p>Search by email address to delegate tournament permissions</p>
</br> </br>
</br> </br>
<% if @user %>
<table class="table table-striped table-bordered table-condensed"> <table class="table table-striped table-bordered table-condensed">
<thead> <thead>
<tr> <tr>
@@ -14,32 +14,23 @@
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<% @users.each do |user| %>
<tr> <tr>
<td><%= user.email %></td> <td><%= @user.email %></td>
<td> <td>
<%= form_for TournamentDelegate.new, :url => url_for(:controller => 'tournaments', :action => 'delegate', :method => "post") do |f| %> <%= form_for TournamentDelegate.new, :url => url_for(:controller => 'tournaments', :action => 'delegate', :method => "post") do |f| %>
<%= f.hidden_field :user_id, :value => user.id %> <%= f.hidden_field :user_id, :value => @user.id %>
<% if can? :manage, @tournament %> <% if can? :manage, @tournament %>
<%= submit_tag "Give permissions", :class=>"btn btn-success"%> <%= submit_tag "Give permissions", :class=>"btn btn-success"%>
<% end %> <% end %>
<% end %> <% end %>
</td> </td>
</tr> </tr>
<% end %>
</tbody> </tbody>
</table> </table>
<% end %> <% end %>
<% if @users_delegates %> <% if @users_delegates %>
<h1>Delegated users</h1> <%= form_tag(tournament_delegate_path, :method => "get", id: "search-form") do %> <h1>Delegated users</h1>
<%= text_field_tag :search, params[:search], placeholder: "Search users" %>
<%= submit_tag "Search" %>
<% end %>
<p>Search by email address</p>
</br>
</br>
<table class="table table-striped table-bordered table-condensed"> <table class="table table-striped table-bordered table-condensed">
<thead> <thead>
<tr> <tr>

19
app/views/tournaments/school_delegate.html.erb
View File

@@ -1,11 +1,11 @@
<% if @users %>
<h1>Search results</h1> <%= form_tag(school_delegate_path, :method => "get", id: "search-form") do %> <h1>Search results</h1> <%= form_tag(school_delegate_path, :method => "get", id: "search-form") do %>
<%= text_field_tag :search, params[:search], placeholder: "Search users" %> <%= text_field_tag :search, params[:search], placeholder: "Search users" %>
<%= submit_tag "Search" %> <%= submit_tag "Search" %>
<% end %> <% end %>
<p>Search by email address</p> <p>Search by email address to delegate a school to a user</p>
</br> </br>
</br> </br>
<% if @user %>
<table class="table table-striped table-bordered table-condensed"> <table class="table table-striped table-bordered table-condensed">
<thead> <thead>
<tr> <tr>
@@ -15,34 +15,25 @@
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<% @users.each do |user| %>
<tr> <tr>
<td><%= user.email %></td> <td><%= @user.email %></td>
<%= form_for SchoolDelegate.new, :url => url_for(:controller => 'tournaments', :action => 'school_delegate', :method => "post") do |f| %> <%= form_for SchoolDelegate.new, :url => url_for(:controller => 'tournaments', :action => 'school_delegate', :method => "post") do |f| %>
<td><%= f.collection_select :school_id, @tournament.schools, :id, :name %></td> <td><%= f.collection_select :school_id, @tournament.schools, :id, :name %></td>
<td> <td>
<%= f.hidden_field :user_id, :value => user.id %> <%= f.hidden_field :user_id, :value => @user.id %>
<% if can? :manage, @tournament %> <% if can? :manage, @tournament %>
<%= submit_tag "Give permissions", :class=>"btn btn-success"%> <%= submit_tag "Give permissions", :class=>"btn btn-success"%>
<% end %> <% end %>
<% end %> <% end %>
</td> </td>
</tr> </tr>
<% end %>
</tbody> </tbody>
</table> </table>
<% end %> <% end %>
<% if @users_delegates %> <% if @users_delegates %>
<h1>Delegated users schools</h1> <%= form_tag(school_delegate_path, :method => "get", id: "search-form") do %> <h1>Delegated users schools</h1>
<%= text_field_tag :search, params[:search], placeholder: "Search users" %>
<%= submit_tag "Search" %>
<% end %>
<p>Search by email address</p>
</br>
</br>
<table class="table table-striped table-bordered table-condensed"> <table class="table table-striped table-bordered table-condensed">
<thead> <thead>
<tr> <tr>