cody/wrestlingdev.com
1
0
Fork 0
mirror of https://github.com/jcwimer/wrestlingApp synced 2026-04-05 06:07:20 +00:00
Code Issues Releases Wiki Activity

Finished setting owner for tournamenr and protecting paths

Browse Source
This commit is contained in:
Jacob Cody Wimer
2015-10-26 16:31:45 -04:00
parent ad9ea9dc42
commit d18e729012
16 changed files with 109 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
app/controllers/matches_controller.rb
View File

@@ -1,6 +1,6 @@
class MatchesController < ApplicationController
before_action :set_match, only: [:show, :edit, :update, :destroy]
before_action :check_access, only: [:edit,:update]
# GET /matches
# GET /matches.json
def index
@@ -22,10 +22,6 @@ class MatchesController < ApplicationController
if params[:match]
@match = Match.find (params[:match])
end
if current_user == @match.tournament.user
else
redirect_to root_path
end
if @match
@w1 = Wrestler.find(@match.w1)
@w2 = Wrestler.find(@match.w2)
@@ -35,10 +31,6 @@ class MatchesController < ApplicationController
# POST /matches
# POST /matches.json
def create
if user_signed_in?
else
redirect_to root_path
end
@match = Match.new(match_params)
respond_to do |format|
@@ -55,10 +47,6 @@ class MatchesController < ApplicationController
# PATCH/PUT /matches/1
# PATCH/PUT /matches/1.json
def update
if current_user == @match.tournament.user
else
redirect_to root_path
end
respond_to do |format|
if @match.update(match_params)
format.html { redirect_to root_path, notice: 'Match was successfully updated.' }
@@ -94,4 +82,10 @@ class MatchesController < ApplicationController
def match_params
params.require(:match).permit(:w1, :w2, :g_stat, :r_stat, :winner_id, :win_type, :score, :finished)
end
def check_access
if current_user != @match.tournament.user
redirect_to root_path
end
end
end

25
app/controllers/mats_controller.rb
View File

@@ -1,6 +1,6 @@
class MatsController < ApplicationController
before_action :set_mat, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy]
# GET /mats
# GET /mats.json
def index
@@ -18,9 +18,6 @@ class MatsController < ApplicationController
if params[:tournament]
@tournament_field = params[:tournament]
@tournament = Tournament.find(params[:tournament])
if current_user != @tournament.user
redirect_to root_path
end
end
end
@@ -34,9 +31,6 @@ class MatsController < ApplicationController
def create
@mat = Mat.new(mat_params)
@tournament = Tournament.find(mat_params[:tournament_id])
if current_user != @tournament.user
redirect_to root_path
end
respond_to do |format|
if @mat.save
format.html { redirect_to @tournament, notice: 'Mat was successfully created.' }
@@ -52,9 +46,6 @@ class MatsController < ApplicationController
# PATCH/PUT /mats/1.json
def update
@tournament = Tournament.find(@mat.tournament_id)
if current_user != @tournament.user
redirect_to root_path
end
respond_to do |format|
if @mat.update(mat_params)
format.html { redirect_to @tournament, notice: 'Mat was successfully updated.' }
@@ -70,9 +61,6 @@ class MatsController < ApplicationController
# DELETE /mats/1.json
def destroy
@tournament = Tournament.find(@mat.tournament_id)
if current_user != @tournament.user
redirect_to root_path
end
@mat.destroy
respond_to do |format|
format.html { redirect_to @tournament }
@@ -90,4 +78,15 @@ class MatsController < ApplicationController
def mat_params
params.require(:mat).permit(:name, :tournament_id)
end
def check_access
if params[:tournament]
@tournament = params[:tournament]
else
@tournament = @mat.tournament
end
if current_user != @tournament.user
redirect_to root_path
end
end
end

22
app/controllers/schools_controller.rb
View File

@@ -1,5 +1,6 @@
class SchoolsController < ApplicationController
before_action :set_school, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy,:edit]
# GET /schools
# GET /schools.json
@@ -34,9 +35,6 @@ class SchoolsController < ApplicationController
def create
@school = School.new(school_params)
@tournament = Tournament.find(school_params[:tournament_id])
if current_user != @tournament.user
redirect_to root_path
end
respond_to do |format|
if @school.save
format.html { redirect_to @tournament, notice: 'School was successfully created.' }
@@ -52,9 +50,6 @@ class SchoolsController < ApplicationController
# PATCH/PUT /schools/1.json
def update
@tournament = Tournament.find(@school.tournament_id)
if current_user != @tournament.user
redirect_to root_path
end
respond_to do |format|
if @school.update(school_params)
format.html { redirect_to @tournament, notice: 'School was successfully updated.' }
@@ -70,9 +65,6 @@ class SchoolsController < ApplicationController
# DELETE /schools/1.json
def destroy
@tournament = Tournament.find(@school.tournament_id)
if current_user != @tournament.user
redirect_to root_path
end
@school.destroy
respond_to do |format|
format.html { redirect_to @tournament }
@@ -90,4 +82,16 @@ class SchoolsController < ApplicationController
def school_params
params.require(:school).permit(:name, :score, :tournament_id)
end
def check_access
if params[:tournament]
@tournament = params[:tournament]
else
@tournament = @school.tournament
end
if current_user != @tournament.user
redirect_to root_path
end
end
end

26
app/controllers/static_pages_controller.rb
View File

@@ -1,7 +1,8 @@
class StaticPagesController < ApplicationController
before_filter :check_access, only: [:createCustomWeights,:generate_matches,:weigh_in]
def tournaments
@tournaments = Tournament.all
@tournaments = Tournament.all.includes(:user)
end
def up_matches
if params[:tournament]
@@ -69,9 +70,6 @@ class StaticPagesController < ApplicationController
def createCustomWeights
@tournament = Tournament.find(params[:tournament])
if current_user != @tournament.user
redirect_to root_path
end
@custom = params[:customValue].to_s
@tournament.createCustomWeights(@custom)
@@ -86,33 +84,20 @@ class StaticPagesController < ApplicationController
end
def generate_matches
if !user_signed_in?
redirect_to root_path
elsif user_signed_in?
if params[:tournament]
@tournament = Tournament.find(params[:tournament])
if current_user != @tournament.user
redirect_to root_path
end
end
if @tournament
@tournament.generateMatchups
end
end
end
def weigh_in
if !user_signed_in?
redirect_to root_path
end
if params[:wrestler]
Wrestler.update(params[:wrestler].keys, params[:wrestler].values)
end
if params[:tournament]
@tournament = Tournament.find(params[:tournament])
if current_user != @tournament.user
redirect_to root_path
end
@tournament_id = @tournament.id
@tournament_name = @tournament.name
end
@@ -130,4 +115,11 @@ class StaticPagesController < ApplicationController
end
end
private
def check_access
if params[:tournament]
@tournament = params[:tournament]
end
end
end

14
app/controllers/tournaments_controller.rb
View File

@@ -1,5 +1,6 @@
class TournamentsController < ApplicationController
before_action :set_tournament, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:update,:edit,:destroy]
# GET /tournaments
# GET /tournaments.json
@@ -46,9 +47,6 @@ class TournamentsController < ApplicationController
# PATCH/PUT /tournaments/1
# PATCH/PUT /tournaments/1.json
def update
if current_user != @tournament.user
redirect_to root_path
end
respond_to do |format|
if @tournament.update(tournament_params)
format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' }
@@ -63,9 +61,6 @@ class TournamentsController < ApplicationController
# DELETE /tournaments/1
# DELETE /tournaments/1.json
def destroy
if current_user != @tournament.user
redirect_to root_path
end
@tournament.destroy
respond_to do |format|
format.html { redirect_to tournaments_url }
@@ -81,6 +76,11 @@ class TournamentsController < ApplicationController
# Never trust parameters from the scary internet, only allow the white list through.
def tournament_params
params.require(:tournament).permit(:name, :address, :director, :director_email, :tournament_type, :weigh_in_ref)
params.require(:tournament).permit(:name, :address, :director, :director_email, :tournament_type, :weigh_in_ref, :user_id)
end
def check_access
if current_user != @tournament.user
redirect_to root_path
end
end
end

12
app/controllers/weights_controller.rb
View File

@@ -1,5 +1,6 @@
class WeightsController < ApplicationController
before_action :set_weight, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy]
# GET /weights
# GET /weights.json
@@ -95,4 +96,15 @@ class WeightsController < ApplicationController
def weight_params
params.require(:weight).permit(:max, :tournament_id, :mat_id)
end
def check_access
if params[:tournament]
@tournament = params[:tournament]
else
@tournament = @weight.tournament
end
if current_user != @tournament.user
redirect_to root_path
end
end
end

12
app/controllers/wrestlers_controller.rb
View File

@@ -1,5 +1,6 @@
class WrestlersController < ApplicationController
before_action :set_wrestler, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy]
# GET /wrestlers
# GET /wrestlers.json
@@ -101,4 +102,15 @@ class WrestlersController < ApplicationController
def wrestler_params
params.require(:wrestler).permit(:name, :school_id, :weight_id, :seed, :original_seed, :season_win, :season_loss,:criteria,:extra,:offical_weight)
end
def check_access
if params[:tournament]
@tournament = params[:tournament]
else
@tournament = @wrestler.tournament
end
if current_user != @tournament.user
redirect_to root_path
end
end
end