revert Guntas

8 files changed, 182 insertions, 97 deletions

diff --git a/app/controllers/alerts_controller.rb b/app/controllers/alerts_controller.rb
index 873e9b7..ac11854 100644
--- a/app/controllers/alerts_controller.rb
+++ b/app/controllers/alerts_controller.rb
@@ -1,5 +1,6 @@
 class AlertsController < ApplicationController
   before_action :set_alert, only: [:show, :edit, :update, :destroy]
+  before_action :check_perms, only: [:new, :create, :edit, :update, :destroy]
 
   # GET /alerts
   # GET /alerts.json
@@ -67,6 +68,15 @@ class AlertsController < ApplicationController
       @alert = Alert.find(params[:id])
     end
 
+	def check_perms
+		unless (signed_in? and (current_user.in_group?(:admin) or current_user.in_group?(:host)))
+			respond_to do |format|
+				format.html { render action: 'permission_denied', status: :forbidden }
+				format.json { render json: "Permission denied", status: :forbidden }
+			end
+		end
+	end
+
     # Never trust parameters from the scary internet, only allow the white list through.
     def alert_params
       params.require(:alert).permit(:author_id, :message)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d83690e..7487f87 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,4 +2,7 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
+	
+	#include sessionhelper for the session controller and view
+	include SessionsHelper
 end
diff --git a/app/controllers/matches_controller.rb b/app/controllers/matches_controller.rb
index d79a7fc..1f0d964 100644
--- a/app/controllers/matches_controller.rb
+++ b/app/controllers/matches_controller.rb
@@ -1,10 +1,10 @@
 class MatchesController < ApplicationController
+  before_action :set_tournament, only: [:index, :new, :create]
   before_action :set_match, only: [:show, :edit, :update, :destroy]
-
   # GET /matches
   # GET /matches.json
   def index
-    @matches = Match.all
+    @matches = @tournament.matches
   end
 
   # GET /matches/1
@@ -14,7 +14,7 @@ class MatchesController < ApplicationController
 
   # GET /matches/new
   def new
-    @match = Match.new
+
   end
 
   # GET /matches/1/edit
@@ -24,11 +24,11 @@ class MatchesController < ApplicationController
   # POST /matches
   # POST /matches.json
   def create
-    @match = Match.new(match_params)
+    @match = @tournament.matches.build(match_params)
 
     respond_to do |format|
       if @match.save
-        format.html { redirect_to @match, notice: 'Match was successfully created.' }
+        format.html { redirect_to tournament_matches_path, notice: 'Match was successfully created.' }
         format.json { render action: 'show', status: :created, location: @match }
       else
         format.html { render action: 'new' }
@@ -42,7 +42,7 @@ class MatchesController < ApplicationController
   def update
     respond_to do |format|
       if @match.update(match_params)
-        format.html { redirect_to @match, notice: 'Match was successfully updated.' }
+        format.html { redirect_to [@tournament, @match], notice: 'Match was successfully updated.' }
         format.json { head :no_content }
       else
         format.html { render action: 'edit' }
@@ -54,21 +54,24 @@ class MatchesController < ApplicationController
   # DELETE /matches/1
   # DELETE /matches/1.json
   def destroy
+    
     @match.destroy
     respond_to do |format|
-      format.html { redirect_to matches_url }
-      format.json { head :no_content }
+      format.html { redirect_to tournament_matches_path }
     end
   end
 
   private
     # Use callbacks to share common setup or constraints between actions.
     def set_match
-      @match = Match.find(params[:id])
+      @tournament = Tournament.find(params[:tournament_id])
+      @match = @tournament.matches.find(params[:id]);
+    end
+    def set_tournament
+      @tournament = Tournament.find(params[:tournament_id])
     end
-
     # Never trust parameters from the scary internet, only allow the white list through.
     def match_params
-      params.require(:match).permit(:status, :tournament_id, :name, :winner_id)
+      params.require(:match).permit(:tournament_id, :name, :winner_id)
     end
 end
diff --git a/app/controllers/servers_controller.rb b/app/controllers/servers_controller.rb
index 7d54eb6..bb5d5f7 100644
--- a/app/controllers/servers_controller.rb
+++ b/app/controllers/servers_controller.rb
@@ -1,5 +1,6 @@
 class ServersController < ApplicationController
   before_action :set_server, only: [:show, :edit, :update, :destroy]
+  before_action :check_perms
 
   # GET /servers
   # GET /servers.json
@@ -67,6 +68,15 @@ class ServersController < ApplicationController
       @server = Server.find(params[:id])
     end
 
+	def check_perms
+		unless (signed_in? and current_user.in_group?(:admin))
+			respond_to do |format|
+				format.html { render action: 'permission_denied', status: :forbidden }
+				format.json { render json: "Permission denied", status: :forbidden }
+			end
+		end
+	end
+
     # Never trust parameters from the scary internet, only allow the white list through.
     def server_params
       params[:server]
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 2f72bf7..7cb16e8 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,74 +1,52 @@
 class SessionsController < ApplicationController
-  before_action :set_session, only: [:show, :edit, :update, :destroy]
-
-  # GET /sessions
-  # GET /sessions.json
-  def index
-    @sessions = Session.all
-  end
-
-  # GET /sessions/1
-  # GET /sessions/1.json
-  def show
-  end
-
-  # GET /sessions/new
-  def new
-    @session = Session.new
-  end
-
-  # GET /sessions/1/edit
-  def edit
-  end
-
-  # POST /sessions
-  # POST /sessions.json
-  def create
-    @session = Session.new(session_params)
-
-    respond_to do |format|
-      if @session.save
-        format.html { redirect_to @session, notice: 'Session was successfully created.' }
-        format.json { render action: 'show', status: :created, location: @session }
-      else
-        format.html { render action: 'new' }
-        format.json { render json: @session.errors, status: :unprocessable_entity }
-      end
-    end
-  end
-
-  # PATCH/PUT /sessions/1
-  # PATCH/PUT /sessions/1.json
-  def update
-    respond_to do |format|
-      if @session.update(session_params)
-        format.html { redirect_to @session, notice: 'Session was successfully updated.' }
-        format.json { head :no_content }
-      else
-        format.html { render action: 'edit' }
-        format.json { render json: @session.errors, status: :unprocessable_entity }
-      end
-    end
-  end
-
-  # DELETE /sessions/1
-  # DELETE /sessions/1.json
-  def destroy
-    @session.destroy
-    respond_to do |format|
-      format.html { redirect_to sessions_url }
-      format.json { head :no_content }
-    end
-  end
-
-  private
-    # Use callbacks to share common setup or constraints between actions.
-    def set_session
-      @session = Session.find(params[:id])
-    end
-
-    # Never trust parameters from the scary internet, only allow the white list through.
-    def session_params
-      params.require(:session).permit(:user_id)
-    end
+	before_action :set_session, only: [:destroy]
+
+	# GET /sessions/new
+	def new
+		@user = User.new
+		#@session = Session.new
+	end
+	
+	# POST /sessions
+	# POST /sessions.json
+	def create
+		# find the user...
+		@user = User.find_by_email(params[:session][:username_or_email]) || User.find_by_user_name(params[:session][:username_or_email])
+
+		#@session = Session.new(@user)
+		# ... and create a new session
+		respond_to do |format|
+			if @user && @user.authenticate(params[:session][:password])
+				sign_in @user
+				format.html { redirect_to root_path }
+				#format.json { #TODO }
+			else
+				format.html { render action: 'new' }
+				format.json { render json: @user.errors, status: :unprocessable_entity }
+			end
+		end
+	end
+
+	# DELETE /sessions/1
+	# DELETE /sessions/1.json
+	def destroy
+		#@session.destroy
+		sign_out
+		respond_to do |format|
+			format.html { redirect_to root_path }
+			format.json { head :no_content }
+		end
+	end
+
+	private
+
+			# Use callbacks to share common setup or constraints between actions.
+			def set_session
+				#@session = Session.find(cookies[:remember_token])
+			end
+
+			# Never trust parameters from the scary internet, only allow the white list through.
+			def session_params
+				params.require(:session).permit(:session_email, :session_user_name, :session_password)
+			end
 end
diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb
index c6df11e..6fc9490 100644
--- a/app/controllers/static_controller.rb
+++ b/app/controllers/static_controller.rb
@@ -1,2 +1,4 @@
 class StaticController < ApplicationController
+	def homepage
+	end
 end
diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb
index d7db632..8d90758 100644
--- a/app/controllers/tournaments_controller.rb
+++ b/app/controllers/tournaments_controller.rb
@@ -1,5 +1,6 @@
 class TournamentsController < ApplicationController
-  before_action :set_tournament, only: [:show, :edit, :update, :destroy]
+  before_action :set_tournament, only: [:show, :edit, :update, :destroy, :join]
+  before_action :check_perms, only: [:new, :create, :edit, :destroy]
 
   # GET /tournaments
   # GET /tournaments.json
@@ -10,24 +11,37 @@ class TournamentsController < ApplicationController
   # GET /tournaments/1
   # GET /tournaments/1.json
   def show
+    case @tournament.status
+    when 0
+    when 1..2
+      redirect_to "/tournaments/" + @tournament.id.to_s + "/matches" #tournament_matches_page(@tournament)
+    end
   end
 
   # GET /tournaments/new
   def new
-    @tournament = Tournament.new
+    @games = Game.all
+    @tournament = Tournament.new(game: Game.find_by_id(params[:game]))  
   end
 
   # GET /tournaments/1/edit
   def edit
+    if params['close_action'] == 'close'
+      @tournament.status = 1
+      @tournament.save
+      @tournament.setup(@tournament)
+      redirect_to "/tournaments"
+    end
   end
 
   # POST /tournaments
   # POST /tournaments.json
   def create
     @tournament = Tournament.new(tournament_params)
-
+    @tournament.status = 0
     respond_to do |format|
       if @tournament.save
+        @tournament.hosts.push(current_user)
         format.html { redirect_to @tournament, notice: 'Tournament was successfully created.' }
         format.json { render action: 'show', status: :created, location: @tournament }
       else
@@ -40,13 +54,45 @@ class TournamentsController < ApplicationController
   # PATCH/PUT /tournaments/1
   # PATCH/PUT /tournaments/1.json
   def update
-    respond_to do |format|
-      if @tournament.update(tournament_params)
-        format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' }
-        format.json { head :no_content }
+  	
+    if params[:update_action].nil?
+      check_perms
+      respond_to do |format|
+        if @tournament.update(tournament_params)
+          format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' }
+          format.json { head :no_content }
+        else
+          format.html { render action: 'edit' }
+          format.json { render json: @tournament.errors, status: :unprocessable_entity }
+        end
+      end
+    else
+      case params[:update_action]
+      when "join"
+        respond_to do |format|
+          if @tournament.join(current_user)
+            format.html { render action: 'show', notice: 'You have joined this tournament.' }
+            format.json { head :no_content }
+          end
+          format.html { render action: 'permission_denied', status: :forbidden }
+          format.json { render json: "Permission denied", status: :forbidden }
+        end
+      when "open"
+        respond_to do |format|
+          if @tournament.setup
+            format.html { render action: 'show', notice: 'You have joined this tournament.' }
+            format.json { head :no_content }
+          end
+          format.html { render action: 'permission_denied', status: :forbidden }
+          format.json { render json: "Permission denied", status: :forbidden }
+        end
+      #when "close"
+        # TODO
       else
-        format.html { render action: 'edit' }
-        format.json { render json: @tournament.errors, status: :unprocessable_entity }
+        respond_to do |format|
+          format.html { render action: 'show', notice: "Invalid action", status: :unprocessable_entity }
+          format.json { render json: @tournament.errors, status: :unprocessable_entity }
+        end
       end
     end
   end
@@ -67,8 +113,19 @@ class TournamentsController < ApplicationController
       @tournament = Tournament.find(params[:id])
     end
 
+	def check_perms
+  		unless (signed_in? and current_user.in_group?(:host))
+  			respond_to do |format|
+  				format.html { render action: 'permission_denied', status: :forbidden }
+  				format.json { render json: "Permission denied", status: :forbidden }
+  			end
+  		end
+  	end
+
     # Never trust parameters from the scary internet, only allow the white list through.
     def tournament_params
-      params.require(:tournament).permit(:name, :game_id, :status, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :set_rounds, :randomized_teams)
+
+      params.require(:tournament).permit(:game, :name, :game_id, :status, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :set_rounds, :randomized_teams)
+      
     end
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index b18efed..70facca 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,5 +1,7 @@
 class UsersController < ApplicationController
   before_action :set_user, only: [:show, :edit, :update, :destroy]
+  before_action :perms_edit, only: [:edit, :update, :destroy]
+  before_action :perms_create, only: [:new, :create]
 
   # GET /users
   # GET /users.json
@@ -10,6 +12,7 @@ class UsersController < ApplicationController
   # GET /users/1
   # GET /users/1.json
   def show
+    @user = User.find(params[:id])
   end
 
   # GET /users/new
@@ -25,13 +28,14 @@ class UsersController < ApplicationController
   # POST /users.json
   def create
     @user = User.new(user_params)
-
+    @user.groups = 0
     respond_to do |format|
       if @user.save
-        format.html { redirect_to @user, notice: 'User was successfully created.' }
+        sign_in @user
+        format.html { redirect_to root_path, notice: 'User was successfully created.' }
         format.json { render action: 'show', status: :created, location: @user }
       else
-        format.html { render action: 'new' }
+        format.html { render action: 'new', status: :unprocessable_entity }
         format.json { render json: @user.errors, status: :unprocessable_entity }
       end
     end
@@ -67,8 +71,26 @@ class UsersController < ApplicationController
       @user = User.find(params[:id])
     end
 
+    def perms_edit
+      unless (current_user == @user) or (signed_in? and current_user.in_group? :admin)
+        respond_to do |format|
+          format.html { render action: 'permission_denied', status: :forbidden }
+          format.json { render json: "Permission denied", status: :forbidden }
+        end
+      end
+    end
+
+    def perms_create
+      if signed_in?
+        respond_to do |format|
+          format.html { render action: 'already_signed_in', status: :unprocessable_entity }
+          format.json { render json: "Already signed in", status: :unprocessable_entity }
+        end
+      end
+    end
+
     # Never trust parameters from the scary internet, only allow the white list through.
     def user_params
-      params.require(:user).permit(:name, :email, :user_name)
+      params.require(:user).permit(:name, :email, :user_name, :password, :password_confirmation)
     end
 end