diff --git a/app/controllers/matches_controller.rb b/app/controllers/matches_controller.rb index c226bf9..44423f5 100644 --- a/app/controllers/matches_controller.rb +++ b/app/controllers/matches_controller.rb @@ -1,6 +1,6 @@ class MatchesController < ApplicationController before_action :set_match, only: [:show, :edit, :update, :destroy] - + before_action :check_access, only: [:edit,:update] # GET /matches # GET /matches.json def index @@ -22,10 +22,6 @@ class MatchesController < ApplicationController if params[:match] @match = Match.find (params[:match]) end - if current_user == @match.tournament.user - else - redirect_to root_path - end if @match @w1 = Wrestler.find(@match.w1) @w2 = Wrestler.find(@match.w2) @@ -35,10 +31,6 @@ class MatchesController < ApplicationController # POST /matches # POST /matches.json def create - if user_signed_in? - else - redirect_to root_path - end @match = Match.new(match_params) respond_to do |format| @@ -55,10 +47,6 @@ class MatchesController < ApplicationController # PATCH/PUT /matches/1 # PATCH/PUT /matches/1.json def update - if current_user == @match.tournament.user - else - redirect_to root_path - end respond_to do |format| if @match.update(match_params) format.html { redirect_to root_path, notice: 'Match was successfully updated.' } @@ -94,4 +82,10 @@ class MatchesController < ApplicationController def match_params params.require(:match).permit(:w1, :w2, :g_stat, :r_stat, :winner_id, :win_type, :score, :finished) end + + def check_access + if current_user != @match.tournament.user + redirect_to root_path + end + end end diff --git a/app/controllers/mats_controller.rb b/app/controllers/mats_controller.rb index 88d0dc9..c63ebea 100644 --- a/app/controllers/mats_controller.rb +++ b/app/controllers/mats_controller.rb @@ -1,6 +1,6 @@ class MatsController < ApplicationController before_action :set_mat, only: [:show, :edit, :update, :destroy] - + before_filter :check_access, only: [:new,:create,:update,:destroy] # GET /mats # GET /mats.json def index @@ -18,9 +18,6 @@ class MatsController < ApplicationController if params[:tournament] @tournament_field = params[:tournament] @tournament = Tournament.find(params[:tournament]) - if current_user != @tournament.user - redirect_to root_path - end end end @@ -34,9 +31,6 @@ class MatsController < ApplicationController def create @mat = Mat.new(mat_params) @tournament = Tournament.find(mat_params[:tournament_id]) - if current_user != @tournament.user - redirect_to root_path - end respond_to do |format| if @mat.save format.html { redirect_to @tournament, notice: 'Mat was successfully created.' } @@ -52,9 +46,6 @@ class MatsController < ApplicationController # PATCH/PUT /mats/1.json def update @tournament = Tournament.find(@mat.tournament_id) - if current_user != @tournament.user - redirect_to root_path - end respond_to do |format| if @mat.update(mat_params) format.html { redirect_to @tournament, notice: 'Mat was successfully updated.' } @@ -70,9 +61,6 @@ class MatsController < ApplicationController # DELETE /mats/1.json def destroy @tournament = Tournament.find(@mat.tournament_id) - if current_user != @tournament.user - redirect_to root_path - end @mat.destroy respond_to do |format| format.html { redirect_to @tournament } @@ -90,4 +78,15 @@ class MatsController < ApplicationController def mat_params params.require(:mat).permit(:name, :tournament_id) end + + def check_access + if params[:tournament] + @tournament = params[:tournament] + else + @tournament = @mat.tournament + end + if current_user != @tournament.user + redirect_to root_path + end + end end diff --git a/app/controllers/schools_controller.rb b/app/controllers/schools_controller.rb index 4715e7a..82f64ec 100644 --- a/app/controllers/schools_controller.rb +++ b/app/controllers/schools_controller.rb @@ -1,5 +1,6 @@ class SchoolsController < ApplicationController before_action :set_school, only: [:show, :edit, :update, :destroy] + before_filter :check_access, only: [:new,:create,:update,:destroy,:edit] # GET /schools # GET /schools.json @@ -34,9 +35,6 @@ class SchoolsController < ApplicationController def create @school = School.new(school_params) @tournament = Tournament.find(school_params[:tournament_id]) - if current_user != @tournament.user - redirect_to root_path - end respond_to do |format| if @school.save format.html { redirect_to @tournament, notice: 'School was successfully created.' } @@ -52,9 +50,6 @@ class SchoolsController < ApplicationController # PATCH/PUT /schools/1.json def update @tournament = Tournament.find(@school.tournament_id) - if current_user != @tournament.user - redirect_to root_path - end respond_to do |format| if @school.update(school_params) format.html { redirect_to @tournament, notice: 'School was successfully updated.' } @@ -70,9 +65,6 @@ class SchoolsController < ApplicationController # DELETE /schools/1.json def destroy @tournament = Tournament.find(@school.tournament_id) - if current_user != @tournament.user - redirect_to root_path - end @school.destroy respond_to do |format| format.html { redirect_to @tournament } @@ -90,4 +82,16 @@ class SchoolsController < ApplicationController def school_params params.require(:school).permit(:name, :score, :tournament_id) end + + def check_access + if params[:tournament] + @tournament = params[:tournament] + else + @tournament = @school.tournament + end + if current_user != @tournament.user + redirect_to root_path + end + end + end diff --git a/app/controllers/static_pages_controller.rb b/app/controllers/static_pages_controller.rb index 77e45f9..4cb1fe4 100644 --- a/app/controllers/static_pages_controller.rb +++ b/app/controllers/static_pages_controller.rb @@ -1,7 +1,8 @@ class StaticPagesController < ApplicationController + before_filter :check_access, only: [:createCustomWeights,:generate_matches,:weigh_in] def tournaments - @tournaments = Tournament.all + @tournaments = Tournament.all.includes(:user) end def up_matches if params[:tournament] @@ -69,9 +70,6 @@ class StaticPagesController < ApplicationController def createCustomWeights @tournament = Tournament.find(params[:tournament]) - if current_user != @tournament.user - redirect_to root_path - end @custom = params[:customValue].to_s @tournament.createCustomWeights(@custom) @@ -86,33 +84,20 @@ class StaticPagesController < ApplicationController end def generate_matches - if !user_signed_in? - redirect_to root_path - elsif user_signed_in? if params[:tournament] @tournament = Tournament.find(params[:tournament]) - if current_user != @tournament.user - redirect_to root_path - end end if @tournament @tournament.generateMatchups end - end end def weigh_in - if !user_signed_in? - redirect_to root_path - end if params[:wrestler] Wrestler.update(params[:wrestler].keys, params[:wrestler].values) end if params[:tournament] @tournament = Tournament.find(params[:tournament]) - if current_user != @tournament.user - redirect_to root_path - end @tournament_id = @tournament.id @tournament_name = @tournament.name end @@ -130,4 +115,11 @@ class StaticPagesController < ApplicationController end end + + private + def check_access + if params[:tournament] + @tournament = params[:tournament] + end + end end diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 324802b..08b146f 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -1,5 +1,6 @@ class TournamentsController < ApplicationController before_action :set_tournament, only: [:show, :edit, :update, :destroy] + before_filter :check_access, only: [:update,:edit,:destroy] # GET /tournaments # GET /tournaments.json @@ -46,9 +47,6 @@ class TournamentsController < ApplicationController # PATCH/PUT /tournaments/1 # PATCH/PUT /tournaments/1.json def update - if current_user != @tournament.user - redirect_to root_path - end respond_to do |format| if @tournament.update(tournament_params) format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' } @@ -63,9 +61,6 @@ class TournamentsController < ApplicationController # DELETE /tournaments/1 # DELETE /tournaments/1.json def destroy - if current_user != @tournament.user - redirect_to root_path - end @tournament.destroy respond_to do |format| format.html { redirect_to tournaments_url } @@ -81,6 +76,11 @@ class TournamentsController < ApplicationController # Never trust parameters from the scary internet, only allow the white list through. def tournament_params - params.require(:tournament).permit(:name, :address, :director, :director_email, :tournament_type, :weigh_in_ref) + params.require(:tournament).permit(:name, :address, :director, :director_email, :tournament_type, :weigh_in_ref, :user_id) end + def check_access + if current_user != @tournament.user + redirect_to root_path + end + end end diff --git a/app/controllers/weights_controller.rb b/app/controllers/weights_controller.rb index 6fc3f3c..62f78c2 100644 --- a/app/controllers/weights_controller.rb +++ b/app/controllers/weights_controller.rb @@ -1,5 +1,6 @@ class WeightsController < ApplicationController before_action :set_weight, only: [:show, :edit, :update, :destroy] + before_filter :check_access, only: [:new,:create,:update,:destroy] # GET /weights # GET /weights.json @@ -95,4 +96,15 @@ class WeightsController < ApplicationController def weight_params params.require(:weight).permit(:max, :tournament_id, :mat_id) end + def check_access + if params[:tournament] + @tournament = params[:tournament] + else + @tournament = @weight.tournament + end + if current_user != @tournament.user + redirect_to root_path + end + end + end diff --git a/app/controllers/wrestlers_controller.rb b/app/controllers/wrestlers_controller.rb index 8454a32..91b656b 100644 --- a/app/controllers/wrestlers_controller.rb +++ b/app/controllers/wrestlers_controller.rb @@ -1,5 +1,6 @@ class WrestlersController < ApplicationController before_action :set_wrestler, only: [:show, :edit, :update, :destroy] + before_filter :check_access, only: [:new,:create,:update,:destroy] # GET /wrestlers # GET /wrestlers.json @@ -101,4 +102,15 @@ class WrestlersController < ApplicationController def wrestler_params params.require(:wrestler).permit(:name, :school_id, :weight_id, :seed, :original_seed, :season_win, :season_loss,:criteria,:extra,:offical_weight) end + def check_access + if params[:tournament] + @tournament = params[:tournament] + else + @tournament = @wrestler.tournament + end + if current_user != @tournament.user + redirect_to root_path + end + end + end diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index de6be79..f7107c5 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -1,2 +1,14 @@ module ApplicationHelper + def tournament_permissions(tournament) + if user_signed_in? + if tournament.user == current_user + return true + else + return false + end + else + return false + end + end + end diff --git a/app/models/tournament.rb b/app/models/tournament.rb index df4bb9e..09c6dd7 100644 --- a/app/models/tournament.rb +++ b/app/models/tournament.rb @@ -2,13 +2,12 @@ class Tournament < ActiveRecord::Base include GeneratesLoserNames include GeneratesTournamentMatches - + belongs_to :user has_many :schools, dependent: :destroy has_many :weights, dependent: :destroy has_many :mats, dependent: :destroy has_many :wrestlers, through: :weights has_many :matches, dependent: :destroy - belongs_to :user def tournament_types ["Pool to bracket"] @@ -49,5 +48,4 @@ class Tournament < ActiveRecord::Base end end end - end diff --git a/app/views/schools/show.html.erb b/app/views/schools/show.html.erb index 56639f5..b109ad4 100644 --- a/app/views/schools/show.html.erb +++ b/app/views/schools/show.html.erb @@ -1,6 +1,6 @@

<%= notice %>

<%= link_to "Back to #{@tournament.name}", "/tournaments/#{@tournament.id}",:class=>"btn btn-default" %> | -<% if user_signed_in? %> +<% if tournament_permissions(@school.tournament) %> <%= link_to "Edit #{@school.name}", edit_school_path(@school),:class=>"btn btn-primary" %> <% end %>
@@ -25,7 +25,7 @@
-<% if user_signed_in? %> +<% if tournament_permissions(@school.tournament) %> <%= link_to "New #{@school.name} Wrestler" , "/wrestlers/new?school=#{@school.id}", :class=>"btn btn-success"%> <% end %>
@@ -40,7 +40,7 @@ Record Seed Criteria Extra? - <% if user_signed_in? %> + <% if tournament_permissions(@school.tournament) %> Actions <% end %> @@ -60,7 +60,7 @@ <% if wrestler.extra? == true %> Yes <% end %> - <% if user_signed_in? %> + <% if tournament_permissions(@school.tournament) %> <%= link_to 'Show', wrestler , :class=>"btn btn-default" %> <%= link_to 'Edit', edit_wrestler_path(wrestler), :class=>"btn btn-default" %> diff --git a/app/views/static_pages/tournaments.html.erb b/app/views/static_pages/tournaments.html.erb index 5ad3350..2b0e5c2 100644 --- a/app/views/static_pages/tournaments.html.erb +++ b/app/views/static_pages/tournaments.html.erb @@ -23,7 +23,7 @@ <%= tournament.name %> <%= link_to 'Show', tournament, :class=>"btn btn-default" %> - <% if user_signed_in? %> + <% if tournament_permissions(tournament) %> <%= link_to 'Edit', edit_tournament_path(tournament), :class=>"btn btn-primary" %> <%= link_to 'Destroy', tournament, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %> <% end %> diff --git a/app/views/static_pages/weigh_in.html.erb b/app/views/static_pages/weigh_in.html.erb index e845767..ca4ddb9 100644 --- a/app/views/static_pages/weigh_in.html.erb +++ b/app/views/static_pages/weigh_in.html.erb @@ -7,7 +7,7 @@
<% end %>
- <% if user_signed_in? %> + <% if tournament_permissions(@tournament) %> <%= form_for(@tournament) do |f| %>
<%= f.label :weigh_in_ref %>
@@ -56,8 +56,8 @@ <%= hidden_field_tag :tournament, @tournament_id %> - <% if user_signed_in? %> + <% if tournament_permissions(@tournament) %> <%= submit_tag "Save", :class=>"btn btn-success"%> <% end %> <% end %> -<% end %> \ No newline at end of file +<% end %> diff --git a/app/views/tournaments/_form.html.erb b/app/views/tournaments/_form.html.erb index 2f92f85..4d1e8ff 100644 --- a/app/views/tournaments/_form.html.erb +++ b/app/views/tournaments/_form.html.erb @@ -31,9 +31,9 @@ <%= f.label :tournament_type %>
<%= f.select :tournament_type, @tournament.tournament_types %>
+<%= f.hidden_field :user_id, :value => current_user.id %>

- <%= f.hidden_field :user_id, :value => current_user.id %>
<%= f.submit 'Submit',:class=>"btn btn-success" %>
diff --git a/app/views/tournaments/show.html.erb b/app/views/tournaments/show.html.erb index 7b0a121..ce174ec 100644 --- a/app/views/tournaments/show.html.erb +++ b/app/views/tournaments/show.html.erb @@ -1,8 +1,8 @@

<%= notice %>

-<% if user_signed_in? %> +<% if tournament_permissions(@tournament) %> <%= link_to "Edit #{@tournament.name}", edit_tournament_path(@tournament), :class=>"btn btn-primary" %> | <% end %> -<%= link_to 'Back', root_path, :class=>"btn btn-default" %> +<%= link_to 'Back', '/static_pages/tournaments', :class=>"btn btn-default" %>

<%= @tournament.name %> @@ -30,7 +30,7 @@ <%= @tournament.tournament_type %>


-<% if user_signed_in? %> +<% if tournament_permissions(@tournament) %> <%= link_to "Generate Pool Matches" , "/static_pages/generate_matches?tournament=#{@tournament.id}", data: { confirm: 'Are you sure? This will delete all current matches.' }, :class=>"btn btn-success" %>

<%= link_to "Weigh In Page" , "/static_pages/weigh_in?tournament=#{@tournament.id}", :class=>"btn btn-primary" %> @@ -40,7 +40,7 @@

School Lineups


-<% if user_signed_in? %> +<% if tournament_permissions(@tournament) %> <%= link_to "New #{@tournament.name} School" , "/schools/new?tournament=#{@tournament.id}", :class=>"btn btn-success" %>

@@ -59,7 +59,7 @@ <%= school.name %> <%= link_to 'Show', school, :class=>"btn btn-default" %> - <% if user_signed_in? %> + <% if tournament_permissions(@tournament) %> <%= link_to 'Edit', edit_school_path(school), :class=>"btn btn-primary" %> <%= link_to 'Destroy', school, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %> <% end %> @@ -74,7 +74,7 @@

Weight Class Seeds


-<% if user_signed_in? %> +<% if tournament_permissions(@tournament) %> <%= link_to "New #{@tournament.name} Weight" , "/weights/new?tournament=#{@tournament.id}", :class=>"btn btn-success" %>

<%= link_to "Create HS Weights" , "/static_pages/createCustomWeights?tournament=#{@tournament.id}&customValue=hs",data: { confirm: 'Are you sure? This will delete all current weights.' }, :class=>"btn btn-success" %> @@ -96,7 +96,7 @@ <%= weight.max %> <%= weight.bracket_size %> <%= link_to 'Show', weight, :class=>"btn btn-default" %> - <% if user_signed_in? %> + <% if tournament_permissions(@tournament) %> <%= link_to 'Edit', edit_weight_path(weight), :class=>"btn btn-primary" %> <%= link_to 'Destroy', weight, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %> <% end %> @@ -106,7 +106,7 @@ -<% if user_signed_in? %> +<% if tournament_permissions(@tournament) %>

Mats

@@ -127,7 +127,7 @@ <%= mat.name %> - <% if user_signed_in? %> + <% if tournament_permissions(@tournament) %> <%= link_to 'Destroy', mat, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %> <% end %> diff --git a/app/views/weights/show.html.erb b/app/views/weights/show.html.erb index cd5d5c9..691aee0 100644 --- a/app/views/weights/show.html.erb +++ b/app/views/weights/show.html.erb @@ -3,7 +3,7 @@

Weight Class:<%= @weight.max %>

<%= link_to "Back to #{@tournament.name}", "/tournaments/#{@tournament.id}", :class=>"btn btn-default" %> | -<% if user_signed_in? %> +<% if tournament_permissions(@tournament) %> <%= link_to "Edit #{@weight.max} Weight Class", edit_weight_path(@weight), :class=>"btn btn-primary" %> <% end %> @@ -19,7 +19,7 @@ Record Seed Criteria Extra? - <% if user_signed_in? %>Actions for wrestler<% end %> + <% if tournament_permissions(@tournament) %>Actions for wrestler<% end %> @@ -30,7 +30,7 @@ <%= wrestler.name %> <%= School.find(wrestler.school_id).name %> - <% if user_signed_in? %> + <% if tournament_permissions(@tournament) %> <%= fields_for "wrestler[]", wrestler do |w| %> <%= w.text_field :original_seed %> <% end %> @@ -43,7 +43,7 @@ <% if wrestler.extra? == true %> Yes <% end %> - <% if user_signed_in? %> + <% if tournament_permissions(@tournament) %> <%= link_to 'Show', wrestler , :class=>"btn btn-default" %> <%= link_to 'Destroy', wrestler, method: :delete, data: { confirm: 'Are you sure?' } , :class=>"btn btn-danger" %> <% end %> @@ -52,7 +52,7 @@ <% end %> - <% if user_signed_in? %> + <% if tournament_permissions(@tournament) %> <%= submit_tag "Save", :class=>"btn btn-success"%> <% end %> <% end %> diff --git a/app/views/wrestlers/show.html.erb b/app/views/wrestlers/show.html.erb index 08e9eb1..52f3efe 100644 --- a/app/views/wrestlers/show.html.erb +++ b/app/views/wrestlers/show.html.erb @@ -1,7 +1,7 @@

<%= notice %>

<%= link_to "Back to #{@school.name}", "/schools/#{@school.id}" %> | -<% if user_signed_in? %> +<% if tournament_permissions(@wrestler.tournament) %> <%= link_to "Edit #{@wrestler.name}", edit_wrestler_path(@wrestler) %> | <% end %>