Finished setting owner for tournamenr and protecting paths

2026-03-25 01:14:43 +00:00 · 2015-10-26 16:31:45 -04:00
parent ad9ea9dc42
commit d18e729012
16 changed files with 109 additions and 86 deletions
--- a/app/controllers/matches_controller.rb
+++ b/app/controllers/matches_controller.rb
@@ -1,6 +1,6 @@
 class MatchesController < ApplicationController
  before_action :set_match, only: [:show, :edit, :update, :destroy]
-
+  before_action :check_access, only: [:edit,:update]
  # GET /matches
  # GET /matches.json
  def index
@@ -22,10 +22,6 @@ class MatchesController < ApplicationController
    if params[:match]
      @match = Match.find (params[:match])
    end
    if current_user == @match.tournament.user
    else
      redirect_to root_path
    end
    if @match
      @w1 = Wrestler.find(@match.w1)
      @w2 = Wrestler.find(@match.w2)
@@ -35,10 +31,6 @@ class MatchesController < ApplicationController
  # POST /matches
  # POST /matches.json
  def create
    if user_signed_in?
    else
      redirect_to root_path
    end
    @match = Match.new(match_params)
    respond_to do |format|
@@ -55,10 +47,6 @@ class MatchesController < ApplicationController
  # PATCH/PUT /matches/1
  # PATCH/PUT /matches/1.json
  def update
    if current_user == @match.tournament.user
    else
      redirect_to root_path
    end
    respond_to do |format|
      if @match.update(match_params)
        format.html { redirect_to root_path, notice: 'Match was successfully updated.' }
@@ -94,4 +82,10 @@ class MatchesController < ApplicationController
    def match_params
      params.require(:match).permit(:w1, :w2, :g_stat, :r_stat, :winner_id, :win_type, :score, :finished)
    end
    def check_access
 	if current_user != @match.tournament.user
 	  redirect_to root_path
        end
    end
 end
--- a/app/controllers/mats_controller.rb
+++ b/app/controllers/mats_controller.rb
@@ -1,6 +1,6 @@
 class MatsController < ApplicationController
  before_action :set_mat, only: [:show, :edit, :update, :destroy]
-
+  before_filter :check_access, only: [:new,:create,:update,:destroy]
  # GET /mats
  # GET /mats.json
  def index
@@ -18,9 +18,6 @@ class MatsController < ApplicationController
    if params[:tournament]
      @tournament_field = params[:tournament]
      @tournament = Tournament.find(params[:tournament])
      if current_user != @tournament.user
 	redirect_to root_path
      end
    end
  end
@@ -34,9 +31,6 @@ class MatsController < ApplicationController
  def create
    @mat = Mat.new(mat_params)
    @tournament = Tournament.find(mat_params[:tournament_id])
    if current_user != @tournament.user
 	redirect_to root_path
    end
    respond_to do |format|
      if @mat.save
        format.html { redirect_to @tournament, notice: 'Mat was successfully created.' }
@@ -52,9 +46,6 @@ class MatsController < ApplicationController
  # PATCH/PUT /mats/1.json
  def update
    @tournament = Tournament.find(@mat.tournament_id)
    if current_user != @tournament.user
 	redirect_to root_path
    end
    respond_to do |format|
      if @mat.update(mat_params)
        format.html { redirect_to @tournament, notice: 'Mat was successfully updated.' }
@@ -70,9 +61,6 @@ class MatsController < ApplicationController
  # DELETE /mats/1.json
  def destroy
    @tournament = Tournament.find(@mat.tournament_id)
    if current_user != @tournament.user
 	redirect_to root_path
    end 
    @mat.destroy
    respond_to do |format|
      format.html { redirect_to @tournament }
@@ -90,4 +78,15 @@ class MatsController < ApplicationController
    def mat_params
      params.require(:mat).permit(:name, :tournament_id)
    end
    def check_access
 	if params[:tournament]
 	   @tournament = params[:tournament]
 	else
 	   @tournament = @mat.tournament
 	end
 	if current_user != @tournament.user
 	  redirect_to root_path
 	end
    end
 end
--- a/app/controllers/schools_controller.rb
+++ b/app/controllers/schools_controller.rb
@@ -1,5 +1,6 @@
 class SchoolsController < ApplicationController
  before_action :set_school, only: [:show, :edit, :update, :destroy]
  before_filter :check_access, only: [:new,:create,:update,:destroy,:edit]
  # GET /schools
  # GET /schools.json
@@ -34,9 +35,6 @@ class SchoolsController < ApplicationController
  def create
    @school = School.new(school_params)
    @tournament = Tournament.find(school_params[:tournament_id])
    if current_user != @tournament.user
 	redirect_to root_path
    end
    respond_to do |format|
      if @school.save
        format.html { redirect_to @tournament, notice: 'School was successfully created.' }
@@ -52,9 +50,6 @@ class SchoolsController < ApplicationController
  # PATCH/PUT /schools/1.json
  def update
    @tournament = Tournament.find(@school.tournament_id)
    if current_user != @tournament.user
 	redirect_to root_path
    end
    respond_to do |format|
      if @school.update(school_params)
        format.html { redirect_to @tournament, notice: 'School was successfully updated.' }
@@ -70,9 +65,6 @@ class SchoolsController < ApplicationController
  # DELETE /schools/1.json
  def destroy
    @tournament = Tournament.find(@school.tournament_id)
    if current_user != @tournament.user
 	redirect_to root_path
    end
    @school.destroy
    respond_to do |format|
      format.html { redirect_to @tournament }
@@ -90,4 +82,16 @@ class SchoolsController < ApplicationController
    def school_params
      params.require(:school).permit(:name, :score, :tournament_id)
    end
    def check_access
 	if params[:tournament]
 	   @tournament = params[:tournament]
 	else
 	   @tournament = @school.tournament
 	end
 	if current_user != @tournament.user
 	  redirect_to root_path
 	end
    end
 end
--- a/app/controllers/static_pages_controller.rb
+++ b/app/controllers/static_pages_controller.rb
@@ -1,7 +1,8 @@
 class StaticPagesController < ApplicationController
  before_filter :check_access, only: [:createCustomWeights,:generate_matches,:weigh_in]
 	def tournaments
-		@tournaments = Tournament.all
+		@tournaments = Tournament.all.includes(:user)
 	end
 	def up_matches
 		if params[:tournament]
@@ -69,9 +70,6 @@ class StaticPagesController < ApplicationController
 	def createCustomWeights
 			@tournament = Tournament.find(params[:tournament])
 		if current_user != @tournament.user
 			redirect_to root_path
 		end  
 		@custom = params[:customValue].to_s
 			@tournament.createCustomWeights(@custom)
@@ -86,33 +84,20 @@ class StaticPagesController < ApplicationController
 	end
 	def generate_matches
 		if !user_signed_in?
 	      redirect_to root_path
 	    elsif user_signed_in?
 			if params[:tournament]
 	      		@tournament = Tournament.find(params[:tournament])
 			if current_user != @tournament.user
 				redirect_to root_path
 			end 	
 			end
 	    	if @tournament
 	 			@tournament.generateMatchups
 	    	end
 		end
 	end
 	def weigh_in
 		if !user_signed_in?
 	      redirect_to root_path
 	    end
 		if params[:wrestler]
    		 Wrestler.update(params[:wrestler].keys, params[:wrestler].values)
    	end
 		if params[:tournament]
 	      @tournament = Tournament.find(params[:tournament])
 	     if current_user != @tournament.user
 			redirect_to root_path
 		end  
 	      @tournament_id = @tournament.id
 	      @tournament_name = @tournament.name
 		end
@@ -130,4 +115,11 @@ class StaticPagesController < ApplicationController
 	    end
 	end
 	private
 	def check_access
 	  if params[:tournament]
 	     @tournament = params[:tournament]	
 	  end
 	end
 end
--- a/app/controllers/tournaments_controller.rb
+++ b/app/controllers/tournaments_controller.rb
@@ -1,5 +1,6 @@
 class TournamentsController < ApplicationController
  before_action :set_tournament, only: [:show, :edit, :update, :destroy]
  before_filter :check_access, only: [:update,:edit,:destroy]
  # GET /tournaments
  # GET /tournaments.json
@@ -46,9 +47,6 @@ class TournamentsController < ApplicationController
  # PATCH/PUT /tournaments/1
  # PATCH/PUT /tournaments/1.json
  def update
   if current_user != @tournament.user
 			redirect_to root_path
 		end  
    respond_to do |format|
      if @tournament.update(tournament_params)
        format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' }
@@ -63,9 +61,6 @@ class TournamentsController < ApplicationController
  # DELETE /tournaments/1
  # DELETE /tournaments/1.json
  def destroy
  if current_user != @tournament.user
 			redirect_to root_path
 		end  
    @tournament.destroy
    respond_to do |format|
      format.html { redirect_to tournaments_url }
@@ -81,6 +76,11 @@ class TournamentsController < ApplicationController
    # Never trust parameters from the scary internet, only allow the white list through.
    def tournament_params
-      params.require(:tournament).permit(:name, :address, :director, :director_email, :tournament_type, :weigh_in_ref)
+      params.require(:tournament).permit(:name, :address, :director, :director_email, :tournament_type, :weigh_in_ref, :user_id)
    end
  def check_access
    if current_user != @tournament.user
 	redirect_to root_path
    end
  end
 end
--- a/app/controllers/weights_controller.rb
+++ b/app/controllers/weights_controller.rb
@@ -1,5 +1,6 @@
 class WeightsController < ApplicationController
  before_action :set_weight, only: [:show, :edit, :update, :destroy]
  before_filter :check_access, only: [:new,:create,:update,:destroy]
  # GET /weights
  # GET /weights.json
@@ -95,4 +96,15 @@ class WeightsController < ApplicationController
    def weight_params
      params.require(:weight).permit(:max, :tournament_id, :mat_id)
    end
    def check_access
 	if params[:tournament]
 	   @tournament = params[:tournament]
 	else
 	   @tournament = @weight.tournament
 	end
 	if current_user != @tournament.user
 	  redirect_to root_path
 	end
    end
 end
--- a/app/controllers/wrestlers_controller.rb
+++ b/app/controllers/wrestlers_controller.rb
@@ -1,5 +1,6 @@
 class WrestlersController < ApplicationController
  before_action :set_wrestler, only: [:show, :edit, :update, :destroy]
  before_filter :check_access, only: [:new,:create,:update,:destroy]
  # GET /wrestlers
  # GET /wrestlers.json
@@ -101,4 +102,15 @@ class WrestlersController < ApplicationController
    def wrestler_params
      params.require(:wrestler).permit(:name, :school_id, :weight_id, :seed, :original_seed, :season_win, :season_loss,:criteria,:extra,:offical_weight)
    end
    def check_access
 	if params[:tournament]
 	   @tournament = params[:tournament]
 	else
 	   @tournament = @wrestler.tournament
 	end
 	if current_user != @tournament.user
 	  redirect_to root_path
 	end
    end
 end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,2 +1,14 @@
 module ApplicationHelper
  def tournament_permissions(tournament)
    if user_signed_in?
      if tournament.user == current_user
 	return true
      else
 	return false
      end
    else
      return false
    end
  end
 end
--- a/app/models/tournament.rb
+++ b/app/models/tournament.rb
@@ -2,13 +2,12 @@ class Tournament < ActiveRecord::Base
  include GeneratesLoserNames
  include GeneratesTournamentMatches
-
+	belongs_to :user
 	has_many :schools, dependent: :destroy
 	has_many :weights, dependent: :destroy
 	has_many :mats, dependent: :destroy
 	has_many :wrestlers, through: :weights
 	has_many :matches, dependent: :destroy
 	belongs_to :user
 	def tournament_types
 		["Pool to bracket"]
@@ -49,5 +48,4 @@ class Tournament < ActiveRecord::Base
 			end
 		end
 	end
 end
--- a/app/views/schools/show.html.erb
+++ b/app/views/schools/show.html.erb
@@ -1,6 +1,6 @@
 <p id="notice"><%= notice %></p>
 <%= link_to "Back to #{@tournament.name}", "/tournaments/#{@tournament.id}",:class=>"btn btn-default" %> |
-<% if user_signed_in? %>
+<% if tournament_permissions(@school.tournament)  %>
  <%= link_to "Edit #{@school.name}", edit_school_path(@school),:class=>"btn btn-primary" %>
 <% end %>
 <br>
@@ -25,7 +25,7 @@
 <br>
-<% if user_signed_in? %>
+<% if tournament_permissions(@school.tournament)  %>
  <%= link_to "New #{@school.name} Wrestler" , "/wrestlers/new?school=#{@school.id}", :class=>"btn btn-success"%>
 <% end %>
 <br>
@@ -40,7 +40,7 @@
      <th>Record</th>
      <th>Seed Criteria</th>
      <th>Extra?</th>
-      <% if user_signed_in? %>
+      <% if tournament_permissions(@school.tournament)  %>
      <th>Actions</th>
      <% end %>
    </tr>
@@ -60,7 +60,7 @@
          <td><% if wrestler.extra? == true %>
            Yes
           <% end %></td>
-            <% if user_signed_in? %>
+            <% if tournament_permissions(@school.tournament)  %>
              <td>
              <%= link_to 'Show', wrestler , :class=>"btn btn-default" %>
              <%= link_to 'Edit', edit_wrestler_path(wrestler), :class=>"btn btn-default" %>
--- a/app/views/static_pages/tournaments.html.erb
+++ b/app/views/static_pages/tournaments.html.erb
@@ -23,7 +23,7 @@
      <tr>
        <td><%= tournament.name %></td>
        <td><%= link_to 'Show', tournament, :class=>"btn btn-default" %>
-          <% if user_signed_in? %>
+          <% if tournament_permissions(tournament) %>
            <%= link_to 'Edit', edit_tournament_path(tournament), :class=>"btn btn-primary" %>
            <%= link_to 'Destroy', tournament, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %>
          <% end %>
--- a/app/views/static_pages/weigh_in.html.erb
+++ b/app/views/static_pages/weigh_in.html.erb
@@ -7,7 +7,7 @@
        <br>
    <% end %>
    <br>
-    <% if user_signed_in? %>
+    <% if tournament_permissions(@tournament) %>
        <%= form_for(@tournament) do |f| %>
            <div class="field">
                <%= f.label :weigh_in_ref %><br>
@@ -56,8 +56,8 @@
      	</tbody>
    </table>
    <%= hidden_field_tag :tournament, @tournament_id %>
-    		<% if user_signed_in? %>
+    		<% if tournament_permissions(@tournament)   %>
    	      <%= submit_tag "Save", :class=>"btn btn-success"%>
    	    <% end %>
        <% end %>
-<% end %>
+<% end %>
--- a/app/views/tournaments/_form.html.erb
+++ b/app/views/tournaments/_form.html.erb
@@ -31,9 +31,9 @@
    <%= f.label :tournament_type %><br>
    <%= f.select :tournament_type, @tournament.tournament_types %>
  </div>
 <%= f.hidden_field :user_id, :value => current_user.id %>
    <br>
    <br>
  <%= f.hidden_field :user_id, :value => current_user.id %>
  <div class="actions">
    <%= f.submit 'Submit',:class=>"btn btn-success" %>
  </div>
--- a/app/views/tournaments/show.html.erb
+++ b/app/views/tournaments/show.html.erb
@@ -1,8 +1,8 @@
 <p id="notice"><%= notice %></p>
-<% if user_signed_in? %>
+<% if tournament_permissions(@tournament)  %>
  <%= link_to "Edit #{@tournament.name}", edit_tournament_path(@tournament), :class=>"btn btn-primary" %> |
 <% end %>
-<%= link_to 'Back', root_path, :class=>"btn btn-default" %>
+<%= link_to 'Back', '/static_pages/tournaments', :class=>"btn btn-default" %>
 <h1>
  <%= @tournament.name %>
@@ -30,7 +30,7 @@
  <%= @tournament.tournament_type %>
 </p>
 <br>
-<% if user_signed_in? %>
+<% if tournament_permissions(@tournament)  %>
 <%= link_to "Generate Pool Matches" , "/static_pages/generate_matches?tournament=#{@tournament.id}", data: { confirm: 'Are you sure? This will delete all current matches.' }, :class=>"btn btn-success" %>
 <br><br>
 <%= link_to "Weigh In Page" , "/static_pages/weigh_in?tournament=#{@tournament.id}", :class=>"btn btn-primary" %>
@@ -40,7 +40,7 @@
 <br>
 <h3>School Lineups</h3>
 <br>
-<% if user_signed_in? %>
+<% if tournament_permissions(@tournament)  %>
  <%= link_to "New #{@tournament.name} School" , "/schools/new?tournament=#{@tournament.id}", :class=>"btn btn-success" %>
  <br>
  <br>
@@ -59,7 +59,7 @@
      <tr>
        <td><%= school.name %></td>
        <td><%= link_to 'Show', school, :class=>"btn btn-default" %>
-          <% if user_signed_in? %>
+          <% if tournament_permissions(@tournament)  %>
            <%= link_to 'Edit', edit_school_path(school), :class=>"btn btn-primary" %>
            <%= link_to 'Destroy', school, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %>
          <% end %>
@@ -74,7 +74,7 @@
 <h3>Weight Class Seeds</h3>
 <br>
-<% if user_signed_in? %>
+<% if tournament_permissions(@tournament)  %>
    <%= link_to "New #{@tournament.name} Weight" , "/weights/new?tournament=#{@tournament.id}", :class=>"btn btn-success" %>
    <br><br>
    <%= link_to "Create HS Weights" , "/static_pages/createCustomWeights?tournament=#{@tournament.id}&customValue=hs",data: { confirm: 'Are you sure? This will delete all current weights.' }, :class=>"btn btn-success" %>
@@ -96,7 +96,7 @@
        <td><%= weight.max %></td>
        <td><%= weight.bracket_size %></td>
        <td><%= link_to 'Show', weight, :class=>"btn btn-default" %>
-          <% if user_signed_in? %>
+          <% if tournament_permissions(@tournament)  %>
            <%= link_to 'Edit', edit_weight_path(weight), :class=>"btn btn-primary" %>
            <%= link_to 'Destroy', weight, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %>
          <% end %>
@@ -106,7 +106,7 @@
  </tbody>
 </table>
-<% if user_signed_in? %>
+<% if tournament_permissions(@tournament)  %>
  <br>
  <br>
  <h3>Mats</h3>
@@ -127,7 +127,7 @@
        <tr>
          <td><%= mat.name %></td>
          <td>
-            <% if user_signed_in? %>
+            <% if tournament_permissions(@tournament)  %>
              <%= link_to 'Destroy', mat, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %>
            <% end %>
          </td>
--- a/app/views/weights/show.html.erb
+++ b/app/views/weights/show.html.erb
@@ -3,7 +3,7 @@
 <h1>Weight Class:<%= @weight.max %></h1>
 <%= link_to "Back to #{@tournament.name}", "/tournaments/#{@tournament.id}", :class=>"btn btn-default" %> |
-<% if user_signed_in? %>
+<% if tournament_permissions(@tournament)  %>
  <%= link_to "Edit #{@weight.max} Weight Class", edit_weight_path(@weight), :class=>"btn btn-primary" %>
 <% end %>
@@ -19,7 +19,7 @@
 			<th>Record</th>
 			<th>Seed Criteria</th>
 			<th>Extra?</th>
-			<% if user_signed_in? %><th>Actions for wrestler</th><% end %>
+			<% if tournament_permissions(@tournament)  %><th>Actions for wrestler</th><% end %>
 		</tr>
 	</thead>
 	<tbody>
@@ -30,7 +30,7 @@
      				<td><%= wrestler.name %></td>
      				<td><%= School.find(wrestler.school_id).name %></td>
      				<td>
-                <% if user_signed_in? %>
+                <% if tournament_permissions(@tournament)  %>
                  <%= fields_for "wrestler[]", wrestler do |w| %>
                    <%= w.text_field :original_seed %>
                  <% end %> 
@@ -43,7 +43,7 @@
      				<td><% if wrestler.extra? == true %>
           				 Yes
          			<% end %></td>
-      				<% if user_signed_in? %> 
+      				<% if tournament_permissions(@tournament)  %> 
                                        <td><%= link_to 'Show', wrestler , :class=>"btn btn-default" %>
      					<%= link_to 'Destroy', wrestler, method: :delete, data: { confirm: 'Are you sure?' } , :class=>"btn btn-danger" %></td>
 	      			<% end %>
@@ -52,7 +52,7 @@
    	<% end %>
  	</tbody>
 </table>
-		<% if user_signed_in? %>
+		<% if tournament_permissions(@tournament)  %>
 	      <%= submit_tag "Save", :class=>"btn btn-success"%>
 	    <% end %>
    <% end %>
--- a/app/views/wrestlers/show.html.erb
+++ b/app/views/wrestlers/show.html.erb
@@ -1,7 +1,7 @@
 <p id="notice"><%= notice %></p>
 <%= link_to "Back to #{@school.name}", "/schools/#{@school.id}" %> |
-<% if user_signed_in? %>
+<% if tournament_permissions(@wrestler.tournament)  %>
  <%= link_to "Edit #{@wrestler.name}", edit_wrestler_path(@wrestler) %> |
 <% end %>