From f46029efafe2590773bc14cb65ea35a947fa6429 Mon Sep 17 00:00:00 2001 From: jcwimer Date: Wed, 6 Jan 2016 18:38:02 +0000 Subject: [PATCH] Added logic to delegate tournament access --- app/controllers/admin_controller.rb | 5 -- app/controllers/application_controller.rb | 4 ++ app/controllers/matches_controller.rb | 4 +- app/controllers/mats_controller.rb | 4 +- app/controllers/schools_controller.rb | 4 +- app/controllers/static_pages_controller.rb | 5 +- app/controllers/tournaments_controller.rb | 14 +++-- app/controllers/weights_controller.rb | 7 +-- app/controllers/wrestlers_controller.rb | 4 +- app/helpers/application_helper.rb | 12 +--- app/models/ability.rb | 58 +++++++++++++++++++ app/models/mat.rb | 2 +- app/models/school.rb | 1 + app/models/school_delegate.rb | 2 + app/models/tournament.rb | 1 + app/models/tournament_delegate.rb | 4 ++ app/models/user.rb | 3 + app/views/admin/index.html.erb | 6 -- app/views/layouts/_lsidebar.html.erb | 2 +- app/views/schools/show.html.erb | 18 +++--- .../static_pages/my_tournaments.html.erb | 10 ++-- app/views/tournaments/_pool.html.erb | 2 +- app/views/tournaments/brackets.html.erb | 2 +- app/views/tournaments/index.html.erb | 10 ++-- app/views/tournaments/matches.html.erb | 6 +- app/views/tournaments/show.html.erb | 42 +++++++------- app/views/tournaments/weigh_in.html.erb | 2 +- .../tournaments/weigh_in_weight.html.erb | 4 +- app/views/weights/show.html.erb | 18 +++--- app/views/wrestlers/_form.html.erb | 4 -- app/views/wrestlers/show.html.erb | 2 +- ...60106025920_create_tournament_delegates.rb | 10 ++++ .../20160106031418_create_school_delegates.rb | 10 ++++ db/schema.rb | 16 ++++- test/controllers/admin_controller_test.rb | 7 --- test/controllers/matches_controller_test.rb | 15 ++++- test/controllers/mats_controller_test.rb | 36 ++++++++++++ test/controllers/schools_controller_test.rb | 30 ++++++++++ .../tournaments_controller_test.rb | 52 +++++++++++++++++ test/controllers/weights_controller_test.rb | 30 ++++++++++ test/controllers/wrestlers_controller_test.rb | 30 ++++++++++ test/fixtures/school_delegates.yml | 9 +++ test/fixtures/tournament_delegates.yml | 13 +++++ test/fixtures/users.yml | 4 ++ test/models/school_delegate_test.rb | 7 +++ test/models/tournament_delegate_test.rb | 7 +++ 46 files changed, 417 insertions(+), 121 deletions(-) delete mode 100644 app/controllers/admin_controller.rb create mode 100644 app/models/ability.rb create mode 100644 app/models/school_delegate.rb create mode 100644 app/models/tournament_delegate.rb delete mode 100644 app/views/admin/index.html.erb create mode 100644 db/migrate/20160106025920_create_tournament_delegates.rb create mode 100644 db/migrate/20160106031418_create_school_delegates.rb delete mode 100644 test/controllers/admin_controller_test.rb create mode 100644 test/fixtures/school_delegates.yml create mode 100644 test/fixtures/tournament_delegates.yml create mode 100644 test/models/school_delegate_test.rb create mode 100644 test/models/tournament_delegate_test.rb diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb deleted file mode 100644 index e200954..0000000 --- a/app/controllers/admin_controller.rb +++ /dev/null @@ -1,5 +0,0 @@ -class AdminController < ApplicationController - def index - - end -end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 952ba68..5540030 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,4 +3,8 @@ class ApplicationController < ActionController::Base # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception + rescue_from CanCan::AccessDenied do |exception| + # flash[:error] = "Access denied!" + redirect_to '/static_pages/not_allowed' + end end diff --git a/app/controllers/matches_controller.rb b/app/controllers/matches_controller.rb index 3186ad8..3869ef6 100644 --- a/app/controllers/matches_controller.rb +++ b/app/controllers/matches_controller.rb @@ -49,8 +49,6 @@ class MatchesController < ApplicationController end def check_access - if current_user != @match.tournament.user - redirect_to '/static_pages/not_allowed' - end + authorize! :manage, @match.tournament end end diff --git a/app/controllers/mats_controller.rb b/app/controllers/mats_controller.rb index 6969d7e..6b517c9 100644 --- a/app/controllers/mats_controller.rb +++ b/app/controllers/mats_controller.rb @@ -89,9 +89,7 @@ class MatsController < ApplicationController elsif @mat @tournament = @mat.tournament end - if current_user != @tournament.user - redirect_to '/static_pages/not_allowed' - end + authorize! :manage, @tournament end diff --git a/app/controllers/schools_controller.rb b/app/controllers/schools_controller.rb index 94d2775..b47a693 100644 --- a/app/controllers/schools_controller.rb +++ b/app/controllers/schools_controller.rb @@ -84,9 +84,7 @@ class SchoolsController < ApplicationController elsif @school @tournament = @school.tournament end - if current_user != @tournament.user - redirect_to '/static_pages/not_allowed' - end + authorize! :manage, @tournament end end diff --git a/app/controllers/static_pages_controller.rb b/app/controllers/static_pages_controller.rb index 6bf1c9e..489a4c4 100644 --- a/app/controllers/static_pages_controller.rb +++ b/app/controllers/static_pages_controller.rb @@ -1,7 +1,10 @@ class StaticPagesController < ApplicationController def my_tournaments - @tournaments = current_user.tournaments.sort_by{|t| t.daysUntil} + tournaments_created = current_user.tournaments + tournaments_delegated = current_user.delegated_tournaments + all_tournaments = tournaments_created + tournaments_delegated + @tournaments = all_tournaments.sort_by{|t| t.daysUntil} end def not_allowed diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 98e8e51..7fa29bd 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -1,6 +1,8 @@ class TournamentsController < ApplicationController before_action :set_tournament, only: [:matches,:weigh_in,:weigh_in_weight,:create_custom_weights,:show,:edit,:update,:destroy,:up_matches,:no_matches,:team_scores,:brackets,:generate_matches,:bracket,:all_brackets] - before_filter :check_access, only: [:weigh_in,:weigh_in_weight,:create_custom_weights,:update,:edit,:destroy,:generate_matches,:matches] + before_filter :check_access_manage, only: [:weigh_in,:weigh_in_weight,:create_custom_weights,:update,:edit,:generate_matches,:matches] + before_filter :check_access_destroy, only: [:destroy] + before_filter :check_for_matches, only: [:up_matches,:bracket,:all_brackets] def matches @@ -149,10 +151,12 @@ class TournamentsController < ApplicationController end #Check for tournament owner - def check_access - if current_user != @tournament.user - redirect_to '/static_pages/not_allowed' - end + def check_access_destroy + authorize! :destroy, @tournament + end + + def check_access_manage + authorize! :manage, @tournament end def check_for_matches diff --git a/app/controllers/weights_controller.rb b/app/controllers/weights_controller.rb index b0a5dfc..54bc317 100644 --- a/app/controllers/weights_controller.rb +++ b/app/controllers/weights_controller.rb @@ -63,9 +63,6 @@ class WeightsController < ApplicationController # DELETE /weights/1.json def destroy @tournament = Tournament.find(@weight.tournament_id) - if current_user != @tournament.user - redirect_to root_path - end @weight.destroy respond_to do |format| format.html { redirect_to @tournament } @@ -91,9 +88,7 @@ class WeightsController < ApplicationController elsif @weight @tournament = @weight.tournament end - if current_user != @tournament.user - redirect_to '/static_pages/not_allowed' - end + authorize! :manage, @tournament end diff --git a/app/controllers/wrestlers_controller.rb b/app/controllers/wrestlers_controller.rb index 1cdbd8a..a76783f 100644 --- a/app/controllers/wrestlers_controller.rb +++ b/app/controllers/wrestlers_controller.rb @@ -99,8 +99,6 @@ class WrestlersController < ApplicationController elsif @wrestler @tournament = @wrestler.tournament end - if current_user != @tournament.user - redirect_to '/static_pages/not_allowed' - end + authorize! :manage, @tournament end end diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index f7107c5..330a66d 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -1,14 +1,4 @@ module ApplicationHelper - def tournament_permissions(tournament) - if user_signed_in? - if tournament.user == current_user - return true - else - return false - end - else - return false - end - end + end diff --git a/app/models/ability.rb b/app/models/ability.rb new file mode 100644 index 0000000..a6a5983 --- /dev/null +++ b/app/models/ability.rb @@ -0,0 +1,58 @@ +class Ability + include CanCan::Ability + + def initialize(user) + # Define abilities for the passed in user here. For example: + # + # user ||= User.new # guest user (not logged in) + # if user.admin? + # can :manage, :all + # else + # can :read, :all + # end + # + # The first argument to `can` is the action you are giving the user + # permission to do. + # If you pass :manage it will apply to every action. Other common actions + # here are :read, :create, :update and :destroy. + # + # The second argument is the resource the user can perform the action on. + # If you pass :all it will apply to every resource. Otherwise pass a Ruby + # class of the resource. + # + # The third argument is an optional hash of conditions to further filter the + # objects. + # For example, here the user can only update published articles. + # + # can :update, Article, :published => true + # + # See the wiki for details: + # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities + if !user.nil? + #Can manage tournament if tournament owner + can :manage, Tournament, :user_id => user.id + #Can manage but cannot destroy tournament if tournament delegate + can :manage, Tournament do |tournament| + tournament.delegates.map(&:user_id).include? user.id + end + cannot :destroy, Tournament do |tournament| + tournament.delegates.map(&:user_id).include? user.id + end + #Can manage school if tournament owner + can :manage, School do |school| + school.tournament.map(&:user_id).include? user.id + end + #Can manage school if tournament delegate + can :manage, School do |school| + school.tournament.delegates.map(&:user_id).include? user.id + end + #Can manage but cannot destroy school if school delegate + can :manage, School do |school| + school.delegates.map(&:user_id).include? user.id + end + cannot :destroy, School do |school| + school.delegates.map(&:user_id).include? user.id + end + end + end +end diff --git a/app/models/mat.rb b/app/models/mat.rb index d798a22..6b56c84 100644 --- a/app/models/mat.rb +++ b/app/models/mat.rb @@ -30,7 +30,7 @@ class Mat < ActiveRecord::Base end def unfinishedMatches - matches.select{|m| m.finished == nil}.sort_by{|m| m.bout_number} + matches.select{|m| m.finished != 1}.sort_by{|m| m.bout_number} end end diff --git a/app/models/school.rb b/app/models/school.rb index 56c183d..35eba7d 100644 --- a/app/models/school.rb +++ b/app/models/school.rb @@ -2,6 +2,7 @@ class School < ActiveRecord::Base belongs_to :tournament, touch: true has_many :wrestlers, dependent: :destroy has_many :deductedPoints, through: :wrestlers + has_many :delegates, class_name: "SchoolDelegate" validates :name, presence: true diff --git a/app/models/school_delegate.rb b/app/models/school_delegate.rb new file mode 100644 index 0000000..382079c --- /dev/null +++ b/app/models/school_delegate.rb @@ -0,0 +1,2 @@ +class SchoolDelegate < ActiveRecord::Base +end diff --git a/app/models/tournament.rb b/app/models/tournament.rb index 60e48b4..b1c7933 100644 --- a/app/models/tournament.rb +++ b/app/models/tournament.rb @@ -8,6 +8,7 @@ class Tournament < ActiveRecord::Base has_many :mats, dependent: :destroy has_many :wrestlers, through: :weights has_many :matches, dependent: :destroy + has_many :delegates, class_name: "TournamentDelegate" validates :date, :name, :tournament_type, :address, :director, :director_email , presence: true diff --git a/app/models/tournament_delegate.rb b/app/models/tournament_delegate.rb new file mode 100644 index 0000000..c0e197b --- /dev/null +++ b/app/models/tournament_delegate.rb @@ -0,0 +1,4 @@ +class TournamentDelegate < ActiveRecord::Base + # belongs_to :tournament + # has_one :user +end diff --git a/app/models/user.rb b/app/models/user.rb index abb45d7..e9279e6 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -2,7 +2,10 @@ class User < ActiveRecord::Base # Include default devise modules. Others available are: # :confirmable, :lockable, :timeoutable and :omniauthable has_many :tournaments + has_many :delegated_tournaments, class_name: "TournamentDelegate" + has_many :delegated_schools, class_name: "SchoolDelegate" devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable + end diff --git a/app/views/admin/index.html.erb b/app/views/admin/index.html.erb deleted file mode 100644 index f88aed6..0000000 --- a/app/views/admin/index.html.erb +++ /dev/null @@ -1,6 +0,0 @@ -<%= link_to "Go to Schools", '/schools/' %> -
-<%= link_to "Go to Weights", '/weights/' %> -
-<%= link_to "Go to Wrestlers", '/wrestlers/' %> -
diff --git a/app/views/layouts/_lsidebar.html.erb b/app/views/layouts/_lsidebar.html.erb index 95f61cc..2aa0c9f 100644 --- a/app/views/layouts/_lsidebar.html.erb +++ b/app/views/layouts/_lsidebar.html.erb @@ -12,7 +12,7 @@
  • <%= link_to "Team Scores" , "/tournaments/#{@tournament.id}/team_scores" %>
    • - <% if tournament_permissions(@tournament) %> + <% if can? :manage, @tournament %>

    Tournament Director Links

    diff --git a/app/views/schools/show.html.erb b/app/views/schools/show.html.erb index 4c40767..a1fc7c3 100644 --- a/app/views/schools/show.html.erb +++ b/app/views/schools/show.html.erb @@ -1,7 +1,7 @@

    <%= notice %>

    <%= link_to "Back to #{@tournament.name}", "/tournaments/#{@tournament.id}",:class=>"btn btn-default" %> - <% if tournament_permissions(@school.tournament) %> + <% if can? :manage, @tournament %> | <%= link_to "Edit #{@school.name}", edit_school_path(@school),:class=>"btn btn-primary" %> <% end %> @@ -19,7 +19,7 @@

    Tournament: - <%= Tournament.find(@school.tournament_id).name %> + <%= @school.tournament.name %>

    @@ -27,13 +27,13 @@
    - <% if tournament_permissions(@school.tournament) %> + <% if can? :manage, @tournament %> <%= link_to "New #{@school.name} Wrestler" , "/wrestlers/new?school=#{@school.id}", :class=>"btn btn-success"%> <% end %>

    <% cache ["schools", @school] do %> - +
    @@ -53,7 +53,7 @@ <% if wrestler.school_id == @school.id %> - + @@ -65,10 +65,10 @@ <% end %> diff --git a/app/views/static_pages/my_tournaments.html.erb b/app/views/static_pages/my_tournaments.html.erb index eccbf20..40a1be6 100644 --- a/app/views/static_pages/my_tournaments.html.erb +++ b/app/views/static_pages/my_tournaments.html.erb @@ -10,7 +10,7 @@ <% end %>

    -
    Name
    <%= wrestler.name %><%= Weight.find(wrestler.weight_id).max %><%= wrestler.weight.max %> <%= wrestler.original_seed %> <%= wrestler.nextMatchBoutNumber %> <%= wrestler.nextMatchMatName %> - <%= link_to 'Show', wrestler , :class=>"btn btn-default" %> - <% if tournament_permissions(@school.tournament) %> - <%= link_to 'Edit', edit_wrestler_path(wrestler),:class=>"btn btn-primary" %> - <%= link_to 'Destroy', wrestler, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %> + <%= link_to 'Show', wrestler , :class=>"btn btn-default btn-sm" %> + <% if can? :manage, @tournament %> + <%= link_to 'Edit', edit_wrestler_path(wrestler),:class=>"btn btn-primary btn-sm" %> + <%= link_to 'Destroy', wrestler, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm" %> <% end %>
    +
    @@ -24,10 +24,10 @@ - diff --git a/app/views/tournaments/_pool.html.erb b/app/views/tournaments/_pool.html.erb index aa82c76..cd651df 100644 --- a/app/views/tournaments/_pool.html.erb +++ b/app/views/tournaments/_pool.html.erb @@ -2,7 +2,7 @@ <% @pool = 1 %> <% until @wrestlers.select{|w| w.generatePoolNumber == @pool}.blank? %>
    Pool <%= @pool %>
    -
    Name
    <%= tournament.name %> <%= tournament.date %><%= link_to 'Show', tournament, :class=>"btn btn-default" %> - <% if tournament_permissions(tournament) %> - <%= link_to 'Edit', edit_tournament_path(tournament), :class=>"btn btn-primary" %> - <%= link_to 'Destroy', tournament, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %> + <%= link_to 'Show', tournament, :class=>"btn btn-default btn-sm" %> + <% if can? :manage, tournament %> + <%= link_to 'Edit', edit_tournament_path(tournament), :class=>"btn btn-primary btn-sm" %> + <%= link_to 'Destroy', tournament, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm" %> <% end %>
    +
    diff --git a/app/views/tournaments/brackets.html.erb b/app/views/tournaments/brackets.html.erb index 6e295c2..7e1c47d 100644 --- a/app/views/tournaments/brackets.html.erb +++ b/app/views/tournaments/brackets.html.erb @@ -5,6 +5,6 @@ <%= link_to "#{weight.max}" , "/tournaments/#{@tournament.id}/brackets/#{weight.id}" %>
    <% end %> -<% if tournament_permissions(@tournament) %> +<% if can? :manage, @tournament %> <%= link_to "All Brackets (Printable)", "/tournaments/#{@tournament.id}/all_brackets?print=true" %> <% end %> diff --git a/app/views/tournaments/index.html.erb b/app/views/tournaments/index.html.erb index 6ff0de2..85d0313 100644 --- a/app/views/tournaments/index.html.erb +++ b/app/views/tournaments/index.html.erb @@ -14,7 +14,7 @@ <% end %>

    -
    Name
    +
    @@ -28,10 +28,10 @@ - diff --git a/app/views/tournaments/matches.html.erb b/app/views/tournaments/matches.html.erb index a2a01b1..aa7a6e5 100644 --- a/app/views/tournaments/matches.html.erb +++ b/app/views/tournaments/matches.html.erb @@ -12,7 +12,7 @@

    -
    Name
    <%= tournament.name %> <%= tournament.date %><%= link_to 'Show', tournament, :class=>"btn btn-default" %> - <% if tournament_permissions(tournament) %> - <%= link_to 'Edit', edit_tournament_path(tournament), :class=>"btn btn-primary" %> - <%= link_to 'Destroy', tournament, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %> + <%= link_to 'Show', tournament, :class=>"btn btn-default btn-sm" %> + <% if can? :manage, tournament %> + <%= link_to 'Edit', edit_tournament_path(tournament), :class=>"btn btn-primary btn-sm" %> + <%= link_to 'Destroy', tournament, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm" %> <% end %>
    +
    @@ -28,8 +28,8 @@ - <% end %> diff --git a/app/views/tournaments/show.html.erb b/app/views/tournaments/show.html.erb index 4464b42..aee4fe4 100644 --- a/app/views/tournaments/show.html.erb +++ b/app/views/tournaments/show.html.erb @@ -1,6 +1,6 @@

    <%= notice %>

    <%= link_to 'Back to browse tournaments', '/tournaments', :class=>"btn btn-default" %> -<% if tournament_permissions(@tournament) %> +<% if can? :manage, @tournament %> | <%= link_to "Edit #{@tournament.name}", edit_tournament_path(@tournament), :class=>"btn btn-primary" %> <% end %> @@ -34,12 +34,12 @@

    School Lineups


    -<% if tournament_permissions(@tournament) %> - <%= link_to "New #{@tournament.name} School" , "/schools/new?tournament=#{@tournament.id}", :class=>"btn btn-success" %> +<% if can? :manage, @tournament %> + <%= link_to "New #{@tournament.name} School" , "/schools/new?tournament=#{@tournament.id}", :class=>"btn btn-success btn-sm" %>

    <% end %> -
    Bout number<%= match.bout_number %> <%= match.w1_name %> vs <%= match.w2_name %> <%= match.finished %><%= link_to 'Show', match, :class=>"btn btn-default" %> - <%= link_to 'Edit', edit_match_path(match), :class=>"btn btn-primary" %> + <%= link_to 'Show', match, :class=>"btn btn-default btn-sm" %> + <%= link_to 'Edit', edit_match_path(match), :class=>"btn btn-primary btn-sm" %>
    +
    @@ -52,10 +52,10 @@ <% @schools.each do |school| %> - @@ -68,12 +68,12 @@

    Weight Class Seeds


    -<% if tournament_permissions(@tournament) %> - <%= link_to "New #{@tournament.name} Weight" , "/weights/new?tournament=#{@tournament.id}", :class=>"btn btn-success" %> +<% if can? :manage, @tournament %> + <%= link_to "New #{@tournament.name} Weight" , "/weights/new?tournament=#{@tournament.id}", :class=>"btn btn-success btn-sm" %>

    <% end %> -
    Name
    <%= school.name %><%= link_to 'Show', school, :class=>"btn btn-default" %> - <% if tournament_permissions(@tournament) %> - <%= link_to 'Edit', edit_school_path(school), :class=>"btn btn-primary" %> - <%= link_to 'Destroy', school, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %> + <%= link_to 'Show', school, :class=>"btn btn-default btn-sm" %> + <% if can? :manage, @tournament %> + <%= link_to 'Edit', edit_school_path(school), :class=>"btn btn-primary btn-sm" %> + <%= link_to 'Destroy', school, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm" %> <% end %>
    +
    @@ -87,10 +87,10 @@ - @@ -98,15 +98,15 @@
    Weight Class
    <%= weight.max %> <%= weight.bracket_size %><%= link_to 'Show', weight, :class=>"btn btn-default" %> - <% if tournament_permissions(@tournament) %> - <%= link_to 'Edit', edit_weight_path(weight), :class=>"btn btn-primary" %> - <%= link_to 'Destroy', weight, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %> + <%= link_to 'Show', weight, :class=>"btn btn-default btn-sm" %> + <% if can? :manage, @tournament %> + <%= link_to 'Edit', edit_weight_path(weight), :class=>"btn btn-primary btn-sm" %> + <%= link_to 'Destroy', weight, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm" %> <% end %>
    -<% if tournament_permissions(@tournament) %> +<% if can? :manage, @tournament %>

    Mats


    - <%= link_to "New #{@tournament.name} Mat" , "/mats/new?tournament=#{@tournament.id}", :class=>"btn btn-success" %> + <%= link_to "New #{@tournament.name} Mat" , "/mats/new?tournament=#{@tournament.id}", :class=>"btn btn-success btn-sm" %>

    - +
    @@ -119,9 +119,9 @@ diff --git a/app/views/tournaments/weigh_in.html.erb b/app/views/tournaments/weigh_in.html.erb index f0ebeec..5265a26 100644 --- a/app/views/tournaments/weigh_in.html.erb +++ b/app/views/tournaments/weigh_in.html.erb @@ -6,7 +6,7 @@
    <% end %>
    - <% if tournament_permissions(@tournament) %> + <% if can? :manage, @tournament %> <%= form_for(@tournament) do |f| %>
    <%= f.label :weigh_in_ref %>
    diff --git a/app/views/tournaments/weigh_in_weight.html.erb b/app/views/tournaments/weigh_in_weight.html.erb index 2d0529e..288589d 100644 --- a/app/views/tournaments/weigh_in_weight.html.erb +++ b/app/views/tournaments/weigh_in_weight.html.erb @@ -19,7 +19,7 @@ <% if wrestler.weight_id == @weight.id %>
    - +
    Name
    <%= mat.name %> - <% if tournament_permissions(@tournament) %> - <%= link_to 'Show', mat, :class=>"btn btn-default" %> - <%= link_to 'Destroy', mat, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger" %> + <% if can? :manage, @tournament %> + <%= link_to 'Show', mat, :class=>"btn btn-default btn-sm" %> + <%= link_to 'Destroy', mat, method: :delete, data: { confirm: 'Are you sure?' }, :class=>"btn btn-danger btn-sm" %> <% end %>
    <%= wrestler.name %><%= School.find(wrestler.school_id).name %><%= wrestler.school.name %> <%= wrestler.original_seed %> <%= wrestler.weight.max %> @@ -37,7 +37,7 @@
    <%= hidden_field_tag :tournament, @tournament_id %> - <% if tournament_permissions(@tournament) %> + <% if can? :manage, @tournament %> <%= submit_tag "Save", :class=>"btn btn-success"%> <% end %> <% end %> diff --git a/app/views/weights/show.html.erb b/app/views/weights/show.html.erb index 35974b6..a1c02ad 100644 --- a/app/views/weights/show.html.erb +++ b/app/views/weights/show.html.erb @@ -3,7 +3,7 @@ <%= link_to "Back to #{@tournament.name}", "/tournaments/#{@tournament.id}", :class=>"btn btn-default" %> -<% if tournament_permissions(@tournament) %> +<% if can? :manage, @tournament %> | <%= link_to "Edit #{@weight.max} Weight Class", edit_weight_path(@weight), :class=>"btn btn-primary" %> <% end %> @@ -11,7 +11,7 @@

    Weight Class:<%= @weight.max %>



    - +
    @@ -20,7 +20,7 @@ - <% if tournament_permissions(@tournament) %><% end %> + <% if can? :manage, @tournament %> %><% end %> @@ -29,9 +29,9 @@ <% if wrestler.weight_id == @weight.id %> - + - <% if tournament_permissions(@tournament) %> - + <% if can? :manage, @tournament %> + <% end %> <% end %> @@ -54,7 +54,7 @@
    NameRecord Seed Criteria Extra?Actions for wrestlerActions for wrestler
    <%= wrestler.name %><%= School.find(wrestler.school_id).name %><%= wrestler.school.name %> - <% if tournament_permissions(@tournament) %> + <% if can? :manage, @tournament %> <%= fields_for "wrestler[]", wrestler do |w| %> <%= w.text_field :original_seed %> <% end %> @@ -44,9 +44,9 @@ <% if wrestler.extra? == true %> Yes <% end %><%= link_to 'Show', wrestler , :class=>"btn btn-default" %> - <%= link_to 'Destroy', wrestler, method: :delete, data: { confirm: 'Are you sure?' } , :class=>"btn btn-danger" %><%= link_to 'Show', wrestler , :class=>"btn btn-default btn-sm" %> + <%= link_to 'Destroy', wrestler, method: :delete, data: { confirm: 'Are you sure?' } , :class=>"btn btn-danger btn-sm" %>

    *All wrestlers without a seed (determined by tournament director) will be assigned a random seed.

    - <% if tournament_permissions(@tournament) %> + <% if can? :manage, @tournament %>
    <%= submit_tag "Save", :class=>"btn btn-success"%> <% end %> diff --git a/app/views/wrestlers/_form.html.erb b/app/views/wrestlers/_form.html.erb index 83c0c04..2c09d96 100644 --- a/app/views/wrestlers/_form.html.erb +++ b/app/views/wrestlers/_form.html.erb @@ -30,10 +30,6 @@ <%= f.collection_select :weight_id, @weights, :id, :max %>
    -
    - <%= f.label :original_seed %>
    - <%= f.number_field :original_seed %> -
    <%= f.label "Season Wins" %>
    <%= f.number_field :season_win %> diff --git a/app/views/wrestlers/show.html.erb b/app/views/wrestlers/show.html.erb index aaf5bc1..cb47a00 100644 --- a/app/views/wrestlers/show.html.erb +++ b/app/views/wrestlers/show.html.erb @@ -2,7 +2,7 @@

    <%= notice %>

    <%= link_to "Back to #{@school.name}", "/schools/#{@school.id}", :class=>"btn btn-default" %> - <% if tournament_permissions(@wrestler.tournament) %> + <% if can? :manage, @tournament %> | <%= link_to "Edit #{@wrestler.name}", edit_wrestler_path(@wrestler), :class=>"btn btn-primary" %> <% end %> <% cache ["wrestlers", @wrestler] do %> diff --git a/db/migrate/20160106025920_create_tournament_delegates.rb b/db/migrate/20160106025920_create_tournament_delegates.rb new file mode 100644 index 0000000..8e82b12 --- /dev/null +++ b/db/migrate/20160106025920_create_tournament_delegates.rb @@ -0,0 +1,10 @@ +class CreateTournamentDelegates < ActiveRecord::Migration + def change + create_table :tournament_delegates do |t| + t.integer :user_id + t.integer :tournament_id + + t.timestamps null: false + end + end +end diff --git a/db/migrate/20160106031418_create_school_delegates.rb b/db/migrate/20160106031418_create_school_delegates.rb new file mode 100644 index 0000000..ee15009 --- /dev/null +++ b/db/migrate/20160106031418_create_school_delegates.rb @@ -0,0 +1,10 @@ +class CreateSchoolDelegates < ActiveRecord::Migration + def change + create_table :school_delegates do |t| + t.integer :user_id + t.integer :school_id + + t.timestamps null: false + end + end +end diff --git a/db/schema.rb b/db/schema.rb index 4b815fa..2426aa0 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20151230164000) do +ActiveRecord::Schema.define(version: 20160106031418) do create_table "delayed_jobs", force: :cascade do |t| t.integer "priority", default: 0, null: false @@ -64,6 +64,13 @@ ActiveRecord::Schema.define(version: 20151230164000) do add_index "mats", ["tournament_id"], name: "index_mats_on_tournament_id" + create_table "school_delegates", force: :cascade do |t| + t.integer "user_id" + t.integer "school_id" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + end + create_table "schools", force: :cascade do |t| t.string "name" t.datetime "created_at" @@ -83,6 +90,13 @@ ActiveRecord::Schema.define(version: 20151230164000) do add_index "teampointadjusts", ["wrestler_id"], name: "index_teampointadjusts_on_wrestler_id" + create_table "tournament_delegates", force: :cascade do |t| + t.integer "user_id" + t.integer "tournament_id" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + end + create_table "tournaments", force: :cascade do |t| t.string "name" t.string "address" diff --git a/test/controllers/admin_controller_test.rb b/test/controllers/admin_controller_test.rb deleted file mode 100644 index 6afa24b..0000000 --- a/test/controllers/admin_controller_test.rb +++ /dev/null @@ -1,7 +0,0 @@ -require 'test_helper' - -class AdminControllerTest < ActionController::TestCase - test "the truth" do - assert true - end -end diff --git a/test/controllers/matches_controller_test.rb b/test/controllers/matches_controller_test.rb index 6d7cd71..52a58f0 100644 --- a/test/controllers/matches_controller_test.rb +++ b/test/controllers/matches_controller_test.rb @@ -24,6 +24,10 @@ class MatchesControllerTest < ActionController::TestCase def sign_in_non_owner sign_in users(:two) end + + def sign_in_tournament_delegate + sign_in users(:three) + end def success assert_response :success @@ -65,11 +69,16 @@ class MatchesControllerTest < ActionController::TestCase assert_redirected_to '/static_pages/not_allowed' end - test "logged in tournament owner should post update match" do - sign_in_owner + test "logged in tournament delegate should get edit match page" do + sign_in_tournament_delegate + get_edit + success + end + + test "logged in tournament delegate should post update match" do + sign_in_tournament_delegate post_update assert_redirected_to mat_path(1) end - end diff --git a/test/controllers/mats_controller_test.rb b/test/controllers/mats_controller_test.rb index 0bf557f..4f2f788 100644 --- a/test/controllers/mats_controller_test.rb +++ b/test/controllers/mats_controller_test.rb @@ -40,6 +40,10 @@ class MatsControllerTest < ActionController::TestCase def sign_in_non_owner sign_in users(:two) end + + def sign_in_tournament_delegate + sign_in users(:three) + end def success assert_response :success @@ -62,6 +66,12 @@ class MatsControllerTest < ActionController::TestCase get_edit success end + + test "logged in tournament delegate should get edit mat page" do + sign_in_tournament_delegate + get_edit + success + end test "logged in user should not get edit mat page if not owner" do sign_in_non_owner @@ -90,6 +100,12 @@ class MatsControllerTest < ActionController::TestCase post_update assert_redirected_to tournament_path(@mat.tournament_id) end + + test "logged in tournament delegate should post update mat" do + sign_in_tournament_delegate + post_update + assert_redirected_to tournament_path(@mat.tournament_id) + end test "logged in tournament owner can create a new mat" do sign_in_owner @@ -98,6 +114,14 @@ class MatsControllerTest < ActionController::TestCase create assert_redirected_to tournament_path(@mat.tournament_id) end + + test "logged in tournament delegate can create a new mat" do + sign_in_tournament_delegate + new + success + create + assert_redirected_to tournament_path(@mat.tournament_id) + end test "logged in user not tournament owner cannot create a mat" do sign_in_non_owner @@ -112,6 +136,12 @@ class MatsControllerTest < ActionController::TestCase destroy assert_redirected_to tournament_path(@tournament.id) end + + test "logged in tournament delegate can destroy a mat" do + sign_in_tournament_delegate + destroy + assert_redirected_to tournament_path(@tournament.id) + end test "logged in user not tournament owner cannot destroy mat" do sign_in_non_owner @@ -130,6 +160,12 @@ class MatsControllerTest < ActionController::TestCase show success end + + test "logged in tournament delegate should get show mat" do + sign_in_tournament_delegate + show + success + end #TESTS THAT NEED MATCHES PUT ABOVE THIS diff --git a/test/controllers/schools_controller_test.rb b/test/controllers/schools_controller_test.rb index f5c708e..8421c6a 100644 --- a/test/controllers/schools_controller_test.rb +++ b/test/controllers/schools_controller_test.rb @@ -36,6 +36,10 @@ class SchoolsControllerTest < ActionController::TestCase def sign_in_non_owner sign_in users(:two) end + + def sign_in_tournament_delegate + sign_in users(:three) + end def success assert_response :success @@ -50,6 +54,12 @@ class SchoolsControllerTest < ActionController::TestCase get_edit success end + + test "logged in tournament delegate should get edit school page" do + sign_in_tournament_delegate + get_edit + success + end test "logged in user should not get edit school page if not owner" do sign_in_non_owner @@ -78,6 +88,12 @@ class SchoolsControllerTest < ActionController::TestCase post_update assert_redirected_to tournament_path(@school.tournament_id) end + + test "logged in tournament delegate should post update school" do + sign_in_tournament_delegate + post_update + assert_redirected_to tournament_path(@school.tournament_id) + end test "logged in tournament owner can create a new school" do sign_in_owner @@ -86,6 +102,14 @@ class SchoolsControllerTest < ActionController::TestCase create assert_redirected_to tournament_path(@school.tournament_id) end + + test "logged in tournament delegate can create a new school" do + sign_in_tournament_delegate + new + success + create + assert_redirected_to tournament_path(@school.tournament_id) + end test "logged in user not tournament owner cannot create a school" do sign_in_non_owner @@ -100,6 +124,12 @@ class SchoolsControllerTest < ActionController::TestCase destroy assert_redirected_to tournament_path(@tournament.id) end + + test "logged in tournament delegate can destroy a school" do + sign_in_tournament_delegate + destroy + assert_redirected_to tournament_path(@tournament.id) + end test "logged in user not tournament owner cannot destroy school" do sign_in_non_owner diff --git a/test/controllers/tournaments_controller_test.rb b/test/controllers/tournaments_controller_test.rb index ba147f6..4fc0e6d 100644 --- a/test/controllers/tournaments_controller_test.rb +++ b/test/controllers/tournaments_controller_test.rb @@ -25,6 +25,10 @@ include Devise::TestHelpers def sign_in_non_owner sign_in users(:two) end + + def sign_in_delegate + sign_in users(:three) + end def success assert_response :success @@ -169,5 +173,53 @@ include Devise::TestHelpers get :bracket, id: 1, weight: 1 no_matches end + + test "logged in tournament delegate can generate matches" do + sign_in_delegate + get :generate_matches, id: 1 + success + end + + test "logged in tournament delegate can create custom weights" do + sign_in_delegate + get :create_custom_weights, id: 1, customValue: 'hs' + assert_redirected_to '/tournaments/1' + end + + test "logged in tournament delegate can access weigh_ins" do + sign_in_delegate + get :weigh_in, id: 1 + success + end + + test "logged in tournament delegate can access weigh_in_weight" do + sign_in_delegate + get :weigh_in, id: 1, weight: 1 + success + end + + test "logged in tournament delegate should get edit tournament page" do + sign_in_delegate + get_edit + success + end + + test "logged in tournament delegate can access post weigh_in_weight" do + sign_in_delegate + post :weigh_in, id: 1, weight: 1, wrestler: @wrestlers + end + + test "logged in tournament delegate should post update tournament" do + sign_in_delegate + post_update + assert_redirected_to tournament_path(1) + end + + + test "logged in tournament delegate cannot destroy a tournament" do + sign_in_delegate + destroy + redirect + end end diff --git a/test/controllers/weights_controller_test.rb b/test/controllers/weights_controller_test.rb index f1c9518..dd7ea4a 100644 --- a/test/controllers/weights_controller_test.rb +++ b/test/controllers/weights_controller_test.rb @@ -36,6 +36,10 @@ class WeightsControllerTest < ActionController::TestCase def sign_in_non_owner sign_in users(:two) end + + def sign_in_tournament_delegate + sign_in users(:three) + end def success assert_response :success @@ -50,6 +54,12 @@ class WeightsControllerTest < ActionController::TestCase get_edit success end + + test "logged in tournament delegate should get edit weight page" do + sign_in_tournament_delegate + get_edit + success + end test "logged in user should not get edit weight page if not owner" do sign_in_non_owner @@ -78,6 +88,12 @@ class WeightsControllerTest < ActionController::TestCase post_update assert_redirected_to tournament_path(@weight.tournament_id) end + + test "logged in tournament delegate should post update weight" do + sign_in_tournament_delegate + post_update + assert_redirected_to tournament_path(@weight.tournament_id) + end test "logged in tournament owner can create a new weight" do sign_in_owner @@ -86,6 +102,14 @@ class WeightsControllerTest < ActionController::TestCase create assert_redirected_to tournament_path(@weight.tournament_id) end + + test "logged in tournament delegate can create a new weight" do + sign_in_tournament_delegate + new + success + create + assert_redirected_to tournament_path(@weight.tournament_id) + end test "logged in user not tournament owner cannot create a weight" do sign_in_non_owner @@ -100,6 +124,12 @@ class WeightsControllerTest < ActionController::TestCase destroy assert_redirected_to tournament_path(@tournament.id) end + + test "logged in tournament delegate can destroy a weight" do + sign_in_tournament_delegate + destroy + assert_redirected_to tournament_path(@tournament.id) + end test "logged in user not tournament owner cannot destroy weight" do sign_in_non_owner diff --git a/test/controllers/wrestlers_controller_test.rb b/test/controllers/wrestlers_controller_test.rb index cc171bd..c3c3fa9 100644 --- a/test/controllers/wrestlers_controller_test.rb +++ b/test/controllers/wrestlers_controller_test.rb @@ -37,6 +37,10 @@ class WrestlersControllerTest < ActionController::TestCase def sign_in_non_owner sign_in users(:two) end + + def sign_in_tournament_delegate + sign_in users(:three) + end def success assert_response :success @@ -51,6 +55,12 @@ class WrestlersControllerTest < ActionController::TestCase get_edit success end + + test "logged in tournament delegate should get edit wrestler page" do + sign_in_tournament_delegate + get_edit + success + end test "logged in user should not get edit wrestler page if not owner" do sign_in_non_owner @@ -79,6 +89,12 @@ class WrestlersControllerTest < ActionController::TestCase post_update assert_redirected_to school_path(@school.id) end + + test "logged in tournament delegate should post update wrestler" do + sign_in_tournament_delegate + post_update + assert_redirected_to school_path(@school.id) + end test "logged in tournament owner can create a new wrestler" do sign_in_owner @@ -87,6 +103,14 @@ class WrestlersControllerTest < ActionController::TestCase create assert_redirected_to school_path(@school.id) end + + test "logged in tournament delegate can create a new wrestler" do + sign_in_tournament_delegate + new + success + create + assert_redirected_to school_path(@school.id) + end test "logged in user not tournament owner cannot create a wrestler" do sign_in_non_owner @@ -101,6 +125,12 @@ class WrestlersControllerTest < ActionController::TestCase destroy assert_redirected_to school_path(@school.id) end + + test "logged in tournament delegate can destroy a wrestler" do + sign_in_tournament_delegate + destroy + assert_redirected_to school_path(@school.id) + end test "logged in user not tournament owner cannot destroy wrestler" do sign_in_non_owner diff --git a/test/fixtures/school_delegates.yml b/test/fixtures/school_delegates.yml new file mode 100644 index 0000000..143b056 --- /dev/null +++ b/test/fixtures/school_delegates.yml @@ -0,0 +1,9 @@ +# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html + +# one: +# user_id: 1 +# school_id: 1 + +# two: +# user_id: 1 +# school_id: 1 diff --git a/test/fixtures/tournament_delegates.yml b/test/fixtures/tournament_delegates.yml new file mode 100644 index 0000000..37c6a1b --- /dev/null +++ b/test/fixtures/tournament_delegates.yml @@ -0,0 +1,13 @@ +# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html + +# one: +# user_id: 1 +# tournament_id: 1 + +# two: +# user_id: 1 +# tournament_id: 1 + +one: + user_id: 3 + tournament_id: 1 \ No newline at end of file diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index f96654e..6d8325a 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -15,3 +15,7 @@ one: two: email: test2@test.com id: 2 + +three: + email: test3@test.com + id: 3 diff --git a/test/models/school_delegate_test.rb b/test/models/school_delegate_test.rb new file mode 100644 index 0000000..92b6f63 --- /dev/null +++ b/test/models/school_delegate_test.rb @@ -0,0 +1,7 @@ +require 'test_helper' + +class SchoolDelegateTest < ActiveSupport::TestCase + # test "the truth" do + # assert true + # end +end diff --git a/test/models/tournament_delegate_test.rb b/test/models/tournament_delegate_test.rb new file mode 100644 index 0000000..343a476 --- /dev/null +++ b/test/models/tournament_delegate_test.rb @@ -0,0 +1,7 @@ +require 'test_helper' + +class TournamentDelegateTest < ActiveSupport::TestCase + # test "the truth" do + # assert true + # end +end