cody/wrestlingdev.com
1
0
Fork 0
mirror of https://github.com/jcwimer/wrestlingApp synced 2026-03-25 01:14:43 +00:00
Code Issues Releases Wiki Activity

Finished setting owner for tournamenr and protecting paths

Browse Source
This commit is contained in:
Jacob Cody Wimer
2015-10-26 16:31:45 -04:00
parent ad9ea9dc42
commit d18e729012
16 changed files with 109 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
app/controllers/matches_controller.rb
View File

@@ -1,6 +1,6 @@
class MatchesController < ApplicationController
before_action :set_match, only: [:show, :edit, :update, :destroy]
before_action :check_access, only: [:edit,:update]
# GET /matches
# GET /matches.json
def index
@@ -22,10 +22,6 @@ class MatchesController < ApplicationController
if params[:match]
@match = Match.find (params[:match])
end
if current_user == @match.tournament.user
else
redirect_to root_path
end
if @match
@w1 = Wrestler.find(@match.w1)
@w2 = Wrestler.find(@match.w2)
@@ -35,10 +31,6 @@ class MatchesController < ApplicationController
# POST /matches
# POST /matches.json
def create
if user_signed_in?
else
redirect_to root_path
end
@match = Match.new(match_params)
respond_to do |format|
@@ -55,10 +47,6 @@ class MatchesController < ApplicationController
# PATCH/PUT /matches/1
# PATCH/PUT /matches/1.json
def update
if current_user == @match.tournament.user
else
redirect_to root_path
end
respond_to do |format|
if @match.update(match_params)
format.html { redirect_to root_path, notice: 'Match was successfully updated.' }
@@ -94,4 +82,10 @@ class MatchesController < ApplicationController
def match_params
params.require(:match).permit(:w1, :w2, :g_stat, :r_stat, :winner_id, :win_type, :score, :finished)
end
def check_access
if current_user != @match.tournament.user
redirect_to root_path
end
end
end

25
app/controllers/mats_controller.rb
View File

@@ -1,6 +1,6 @@
class MatsController < ApplicationController
before_action :set_mat, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy]
# GET /mats
# GET /mats.json
def index
@@ -18,9 +18,6 @@ class MatsController < ApplicationController
if params[:tournament]
@tournament_field = params[:tournament]
@tournament = Tournament.find(params[:tournament])
if current_user != @tournament.user
redirect_to root_path
end
end
end
@@ -34,9 +31,6 @@ class MatsController < ApplicationController
def create
@mat = Mat.new(mat_params)
@tournament = Tournament.find(mat_params[:tournament_id])
if current_user != @tournament.user
redirect_to root_path
end
respond_to do |format|
if @mat.save
format.html { redirect_to @tournament, notice: 'Mat was successfully created.' }
@@ -52,9 +46,6 @@ class MatsController < ApplicationController
# PATCH/PUT /mats/1.json
def update
@tournament = Tournament.find(@mat.tournament_id)
if current_user != @tournament.user
redirect_to root_path
end
respond_to do |format|
if @mat.update(mat_params)
format.html { redirect_to @tournament, notice: 'Mat was successfully updated.' }
@@ -70,9 +61,6 @@ class MatsController < ApplicationController
# DELETE /mats/1.json
def destroy
@tournament = Tournament.find(@mat.tournament_id)
if current_user != @tournament.user
redirect_to root_path
end
@mat.destroy
respond_to do |format|
format.html { redirect_to @tournament }
@@ -90,4 +78,15 @@ class MatsController < ApplicationController
def mat_params
params.require(:mat).permit(:name, :tournament_id)
end
def check_access
if params[:tournament]
@tournament = params[:tournament]
else
@tournament = @mat.tournament
end
if current_user != @tournament.user
redirect_to root_path
end
end
end

22
app/controllers/schools_controller.rb
View File

@@ -1,5 +1,6 @@
class SchoolsController < ApplicationController
before_action :set_school, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy,:edit]
# GET /schools
# GET /schools.json
@@ -34,9 +35,6 @@ class SchoolsController < ApplicationController
def create
@school = School.new(school_params)
@tournament = Tournament.find(school_params[:tournament_id])
if current_user != @tournament.user
redirect_to root_path
end
respond_to do |format|
if @school.save
format.html { redirect_to @tournament, notice: 'School was successfully created.' }
@@ -52,9 +50,6 @@ class SchoolsController < ApplicationController
# PATCH/PUT /schools/1.json
def update
@tournament = Tournament.find(@school.tournament_id)
if current_user != @tournament.user
redirect_to root_path
end
respond_to do |format|
if @school.update(school_params)
format.html { redirect_to @tournament, notice: 'School was successfully updated.' }
@@ -70,9 +65,6 @@ class SchoolsController < ApplicationController
# DELETE /schools/1.json
def destroy
@tournament = Tournament.find(@school.tournament_id)
if current_user != @tournament.user
redirect_to root_path
end
@school.destroy
respond_to do |format|
format.html { redirect_to @tournament }
@@ -90,4 +82,16 @@ class SchoolsController < ApplicationController
def school_params
params.require(:school).permit(:name, :score, :tournament_id)
end
def check_access
if params[:tournament]
@tournament = params[:tournament]
else
@tournament = @school.tournament
end
if current_user != @tournament.user
redirect_to root_path
end
end
end

26
app/controllers/static_pages_controller.rb
View File

@@ -1,7 +1,8 @@
class StaticPagesController < ApplicationController
before_filter :check_access, only: [:createCustomWeights,:generate_matches,:weigh_in]
def tournaments
@tournaments = Tournament.all
@tournaments = Tournament.all.includes(:user)
end
def up_matches
if params[:tournament]
@@ -69,9 +70,6 @@ class StaticPagesController < ApplicationController
def createCustomWeights
@tournament = Tournament.find(params[:tournament])
if current_user != @tournament.user
redirect_to root_path
end
@custom = params[:customValue].to_s
@tournament.createCustomWeights(@custom)
@@ -86,33 +84,20 @@ class StaticPagesController < ApplicationController
end
def generate_matches
if !user_signed_in?
redirect_to root_path
elsif user_signed_in?
if params[:tournament]
@tournament = Tournament.find(params[:tournament])
if current_user != @tournament.user
redirect_to root_path
end
end
if @tournament
@tournament.generateMatchups
end
end
end
def weigh_in
if !user_signed_in?
redirect_to root_path
end
if params[:wrestler]
Wrestler.update(params[:wrestler].keys, params[:wrestler].values)
end
if params[:tournament]
@tournament = Tournament.find(params[:tournament])
if current_user != @tournament.user
redirect_to root_path
end
@tournament_id = @tournament.id
@tournament_name = @tournament.name
end
@@ -130,4 +115,11 @@ class StaticPagesController < ApplicationController
end
end
private
def check_access
if params[:tournament]
@tournament = params[:tournament]
end
end
end

14
app/controllers/tournaments_controller.rb
View File

@@ -1,5 +1,6 @@
class TournamentsController < ApplicationController
before_action :set_tournament, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:update,:edit,:destroy]
# GET /tournaments
# GET /tournaments.json
@@ -46,9 +47,6 @@ class TournamentsController < ApplicationController
# PATCH/PUT /tournaments/1
# PATCH/PUT /tournaments/1.json
def update
if current_user != @tournament.user
redirect_to root_path
end
respond_to do |format|
if @tournament.update(tournament_params)
format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' }
@@ -63,9 +61,6 @@ class TournamentsController < ApplicationController
# DELETE /tournaments/1
# DELETE /tournaments/1.json
def destroy
if current_user != @tournament.user
redirect_to root_path
end
@tournament.destroy
respond_to do |format|
format.html { redirect_to tournaments_url }
@@ -81,6 +76,11 @@ class TournamentsController < ApplicationController
# Never trust parameters from the scary internet, only allow the white list through.
def tournament_params
params.require(:tournament).permit(:name, :address, :director, :director_email, :tournament_type, :weigh_in_ref)
params.require(:tournament).permit(:name, :address, :director, :director_email, :tournament_type, :weigh_in_ref, :user_id)
end
def check_access
if current_user != @tournament.user
redirect_to root_path
end
end
end

12
app/controllers/weights_controller.rb
View File

@@ -1,5 +1,6 @@
class WeightsController < ApplicationController
before_action :set_weight, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy]
# GET /weights
# GET /weights.json
@@ -95,4 +96,15 @@ class WeightsController < ApplicationController
def weight_params
params.require(:weight).permit(:max, :tournament_id, :mat_id)
end
def check_access
if params[:tournament]
@tournament = params[:tournament]
else
@tournament = @weight.tournament
end
if current_user != @tournament.user
redirect_to root_path
end
end
end

12
app/controllers/wrestlers_controller.rb
View File

@@ -1,5 +1,6 @@
class WrestlersController < ApplicationController
before_action :set_wrestler, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy]
# GET /wrestlers
# GET /wrestlers.json
@@ -101,4 +102,15 @@ class WrestlersController < ApplicationController
def wrestler_params
params.require(:wrestler).permit(:name, :school_id, :weight_id, :seed, :original_seed, :season_win, :season_loss,:criteria,:extra,:offical_weight)
end
def check_access
if params[:tournament]
@tournament = params[:tournament]
else
@tournament = @wrestler.tournament
end
if current_user != @tournament.user
redirect_to root_path
end
end
end

12
app/helpers/application_helper.rb
View File

@@ -1,2 +1,14 @@
module ApplicationHelper
def tournament_permissions(tournament)
if user_signed_in?
if tournament.user == current_user
return true
else
return false
end
else
return false
end
end
end

4
app/models/tournament.rb
View File

@@ -2,13 +2,12 @@ class Tournament < ActiveRecord::Base
include GeneratesLoserNames
include GeneratesTournamentMatches
belongs_to :user
has_many :schools, dependent: :destroy
has_many :weights, dependent: :destroy
has_many :mats, dependent: :destroy
has_many :wrestlers, through: :weights
has_many :matches, dependent: :destroy
belongs_to :user
def tournament_types
["Pool to bracket"]
@@ -49,5 +48,4 @@ class Tournament < ActiveRecord::Base
end
end
end
end

8
app/views/schools/show.html.erb
View File

@@ -1,6 +1,6 @@
<p id="notice"><%= notice %></p>
<%= link_to "Back to #{@tournament.name}", "/tournaments/#{@tournament.id}",:class=>"btn btn-default" %> |
<% if user_signed_in? %>
<% if tournament_permissions(@school.tournament) %>
<%= link_to "Edit #{@school.name}", edit_school_path(@school),:class=>"btn btn-primary" %>
<% end %>
<br>
@@ -25,7 +25,7 @@
<br>
<% if user_signed_in? %>
<% if tournament_permissions(@school.tournament) %>
<%= link_to "New #{@school.name} Wrestler" , "/wrestlers/new?school=#{@school.id}", :class=>"btn btn-success"%>
<% end %>
<br>
@@ -40,7 +40,7 @@
<th>Record</th>
<th>Seed Criteria</th>
<th>Extra?</th>
<% if user_signed_in? %>
<% if tournament_permissions(@school.tournament) %>
<th>Actions</th>
<% end %>
</tr>
@@ -60,7 +60,7 @@
<td><% if wrestler.extra? == true %>
Yes
<% end %></td>
<% if user_signed_in? %>
<% if tournament_permissions(@school.tournament) %>
<td>
<%= link_to 'Show', wrestler , :class=>"btn btn-default" %>
<%= link_to 'Edit', edit_wrestler_path(wrestler), :class=>"btn btn-default" %>

2
app/views/static_pages/tournaments.html.erb
View File

@@ -23,7 +23,7 @@
<tr>
<td><%= tournament.name %></td>
<td><%= link_to 'Show', tournament, :class=>"btn btn-default" %>
<% if user_signed_in? %>
<% if tournament_permissions(tournament) %>
<%= link_to 'Edit', edit_tournament_path(tournament), :class=>"btn btn-primary" %>
<%= link_to 'Destroy', tournament, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %>
<% end %>

6
app/views/static_pages/weigh_in.html.erb
View File

@@ -7,7 +7,7 @@
<br>
<% end %>
<br>
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<%= form_for(@tournament) do |f| %>
<div class="field">
<%= f.label :weigh_in_ref %><br>
@@ -56,8 +56,8 @@
</tbody>
</table>
<%= hidden_field_tag :tournament, @tournament_id %>
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<%= submit_tag "Save", :class=>"btn btn-success"%>
<% end %>
<% end %>
<% end %>
<% end %>

2
app/views/tournaments/_form.html.erb
View File

@@ -31,9 +31,9 @@
<%= f.label :tournament_type %><br>
<%= f.select :tournament_type, @tournament.tournament_types %>
</div>
<%= f.hidden_field :user_id, :value => current_user.id %>
<br>
<br>
<%= f.hidden_field :user_id, :value => current_user.id %>
<div class="actions">
<%= f.submit 'Submit',:class=>"btn btn-success" %>
</div>

18
app/views/tournaments/show.html.erb
View File

@@ -1,8 +1,8 @@
<p id="notice"><%= notice %></p>
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<%= link_to "Edit #{@tournament.name}", edit_tournament_path(@tournament), :class=>"btn btn-primary" %> |
<% end %>
<%= link_to 'Back', root_path, :class=>"btn btn-default" %>
<%= link_to 'Back', '/static_pages/tournaments', :class=>"btn btn-default" %>
<h1>
<%= @tournament.name %>
@@ -30,7 +30,7 @@
<%= @tournament.tournament_type %>
</p>
<br>
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<%= link_to "Generate Pool Matches" , "/static_pages/generate_matches?tournament=#{@tournament.id}", data: { confirm: 'Are you sure? This will delete all current matches.' }, :class=>"btn btn-success" %>
<br><br>
<%= link_to "Weigh In Page" , "/static_pages/weigh_in?tournament=#{@tournament.id}", :class=>"btn btn-primary" %>
@@ -40,7 +40,7 @@
<br>
<h3>School Lineups</h3>
<br>
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<%= link_to "New #{@tournament.name} School" , "/schools/new?tournament=#{@tournament.id}", :class=>"btn btn-success" %>
<br>
<br>
@@ -59,7 +59,7 @@
<tr>
<td><%= school.name %></td>
<td><%= link_to 'Show', school, :class=>"btn btn-default" %>
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<%= link_to 'Edit', edit_school_path(school), :class=>"btn btn-primary" %>
<%= link_to 'Destroy', school, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %>
<% end %>
@@ -74,7 +74,7 @@
<h3>Weight Class Seeds</h3>
<br>
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<%= link_to "New #{@tournament.name} Weight" , "/weights/new?tournament=#{@tournament.id}", :class=>"btn btn-success" %>
<br><br>
<%= link_to "Create HS Weights" , "/static_pages/createCustomWeights?tournament=#{@tournament.id}&customValue=hs",data: { confirm: 'Are you sure? This will delete all current weights.' }, :class=>"btn btn-success" %>
@@ -96,7 +96,7 @@
<td><%= weight.max %></td>
<td><%= weight.bracket_size %></td>
<td><%= link_to 'Show', weight, :class=>"btn btn-default" %>
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<%= link_to 'Edit', edit_weight_path(weight), :class=>"btn btn-primary" %>
<%= link_to 'Destroy', weight, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %>
<% end %>
@@ -106,7 +106,7 @@
</tbody>
</table>
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<br>
<br>
<h3>Mats</h3>
@@ -127,7 +127,7 @@
<tr>
<td><%= mat.name %></td>
<td>
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<%= link_to 'Destroy', mat, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %>
<% end %>
</td>

10
app/views/weights/show.html.erb
View File

@@ -3,7 +3,7 @@
<h1>Weight Class:<%= @weight.max %></h1>
<%= link_to "Back to #{@tournament.name}", "/tournaments/#{@tournament.id}", :class=>"btn btn-default" %> |
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<%= link_to "Edit #{@weight.max} Weight Class", edit_weight_path(@weight), :class=>"btn btn-primary" %>
<% end %>
@@ -19,7 +19,7 @@
<th>Record</th>
<th>Seed Criteria</th>
<th>Extra?</th>
<% if user_signed_in? %><th>Actions for wrestler</th><% end %>
<% if tournament_permissions(@tournament) %><th>Actions for wrestler</th><% end %>
</tr>
</thead>
<tbody>
@@ -30,7 +30,7 @@
<td><%= wrestler.name %></td>
<td><%= School.find(wrestler.school_id).name %></td>
<td>
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<%= fields_for "wrestler[]", wrestler do |w| %>
<%= w.text_field :original_seed %>
<% end %>
@@ -43,7 +43,7 @@
<td><% if wrestler.extra? == true %>
Yes
<% end %></td>
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<td><%= link_to 'Show', wrestler , :class=>"btn btn-default" %>
<%= link_to 'Destroy', wrestler, method: :delete, data: { confirm: 'Are you sure?' } , :class=>"btn btn-danger" %></td>
<% end %>
@@ -52,7 +52,7 @@
<% end %>
</tbody>
</table>
<% if user_signed_in? %>
<% if tournament_permissions(@tournament) %>
<%= submit_tag "Save", :class=>"btn btn-success"%>
<% end %>
<% end %>

2
app/views/wrestlers/show.html.erb
View File

@@ -1,7 +1,7 @@
<p id="notice"><%= notice %></p>
<%= link_to "Back to #{@school.name}", "/schools/#{@school.id}" %> |
<% if user_signed_in? %>
<% if tournament_permissions(@wrestler.tournament) %>
<%= link_to "Edit #{@wrestler.name}", edit_wrestler_path(@wrestler) %> |
<% end %>