cody/wrestlingdev.com
1
0
Fork 0
mirror of https://github.com/jcwimer/wrestlingApp synced 2026-03-25 01:14:43 +00:00
Code Issues Releases Wiki Activity

Compare commits

base: cody:61dc5e3cddcbfae3811be5b2fe3ed5ec2f30fd4d
Branches Tags
cody:master cody:dependabot/bundler/bcrypt-3.1.22 cody:dependabot/bundler/json-2.19.2 cody:dependabot/bundler/loofah-2.25.1 cody:dependabot/bundler/action_text-trix-2.1.17 cody:development cody:dependabot/bundler/nokogiri-1.19.1 cody:dependabot/bundler/rack-3.2.5 cody:64man cody:circleci-project-setup
..
compare: cody:6b5308360eb074bb90fd442fa8d1183a343f5922
Branches Tags
cody:dependabot/bundler/bcrypt-3.1.22 cody:dependabot/bundler/json-2.19.2 cody:dependabot/bundler/loofah-2.25.1 cody:dependabot/bundler/action_text-trix-2.1.17 cody:development cody:dependabot/bundler/nokogiri-1.19.1 cody:dependabot/bundler/rack-3.2.5 cody:master cody:64man cody:circleci-project-setup

2 Commits
61dc5e3cdd ... 6b5308360e

Author SHA1 Message Date
Jacob Cody Wimer
6b5308360e Fixed a bug where logged in users could not access a school with a school permission key 2026-01-06 17:24:45 -05:00
Jacob Cody Wimer
9ca6572d9b Need to bring services down before bringing them back up on deploy test 2025-12-11 14:17:27 -05:00
3 changed files with 35 additions and 14 deletions
Expand all files Collapse all files

29
app/models/ability.rb
View File

@@ -1,6 +1,20 @@
class Ability
include CanCan::Ability
def school_permission_key_check(school_permission_key)
# Can read school if tournament is public or a valid school permission key is provided
can :read, School do |school|
school.tournament.is_public ||
(school_permission_key.present? && school.permission_key == school_permission_key)
end
# Can manage school if a valid school permission key is provided
# school_permission_key comes from app/controllers/application_controller.rb
can :manage, School do |school|
(school_permission_key.present? && school.permission_key == school_permission_key)
end
end
def initialize(user, school_permission_key = nil)
if user
# LOGGED IN USER PERMISSIONS
@@ -46,6 +60,8 @@ class Ability
school.tournament.delegates.map(&:user_id).include?(user.id) ||
school.tournament.user_id == user.id
end
school_permission_key_check(school_permission_key)
else
# NON LOGGED IN USER PERMISSIONS
@@ -58,18 +74,7 @@ class Ability
# SCHOOL PERMISSIONS
# wrestler permissions are included with school permissions
# Can read school if tournament is public or a valid school permission key is provided
can :read, School do |school|
school.tournament.is_public ||
(school_permission_key.present? && school.permission_key == school_permission_key)
end
# Can read school if a valid school permission key is provided
# school_permission_key comes from app/controllers/application_controller.rb
can :manage, School do |school|
(school_permission_key.present? && school.permission_key == school_permission_key)
end
school_permission_key_check(school_permission_key)
end
end
end

6
deploy/deploy-test.sh
View File

@@ -25,9 +25,11 @@ docker-compose -f ${project_dir}/deploy/docker-compose-test.yml run --rm app bin
docker-compose -f ${project_dir}/deploy/docker-compose-test.yml run --rm app bin/rails db:migrate:queue
docker-compose -f ${project_dir}/deploy/docker-compose-test.yml run --rm app bin/rails db:migrate:cable
# Start all services (will start app and others, db is already running)
echo "Stopping all services..."
docker-compose -f ${project_dir}/deploy/docker-compose-test.yml down
echo "Starting application services..."
docker-compose -f ${project_dir}/deploy/docker-compose-test.yml up -d
docker-compose -f ${project_dir}/deploy/docker-compose-test.yml up --force-recreate --remove-orphans -d
# DISABLE_DATABASE_ENVIRONMENT_CHECK=1 is needed because this is "destructive" action on production
echo Resetting the db with seed data

14
test/controllers/schools_controller_test.rb
View File

@@ -373,12 +373,26 @@ Some Guy
success
end
test "logged in user without delegation can get show page when using valid school_permission_key" do
sign_in_non_owner
@tournament.update(is_public: false)
get_show(school_permission_key: @school_permission_key)
success
end
test "non logged in user cannot get show page when using invalid school_permission_key" do
@tournament.update(is_public: false)
get_show(school_permission_key: "invalid-key")
redirect
end
test "logged in user without delegation can edit school with valid school_permission_key" do
sign_in_non_owner
@tournament.update(is_public: false)
get_edit(school_permission_key: @school_permission_key)
success
end
test "non logged in user can edit school with valid school_permission_key" do
@tournament.update(is_public: false)
get_edit(school_permission_key: @school_permission_key)