1 files changed, 13 insertions, 1 deletions

diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb
index 346e16b..cf618aa 100644
--- a/app/controllers/tournaments_controller.rb
+++ b/app/controllers/tournaments_controller.rb
@@ -1,5 +1,6 @@
 class TournamentsController < ApplicationController
   before_action :set_tournament, only: [:show, :edit, :update, :destroy]
+  before_action :check_perms, only: [:new, :create, :edit, :update, :destroy]
 
   # GET /tournaments
   # GET /tournaments.json
@@ -14,6 +15,8 @@ class TournamentsController < ApplicationController
 
   # GET /tournaments/new
   def new
+    @game_names = Game.all.collect
+    @game = params[:game]
     @tournament = Tournament.new
   end
 
@@ -67,8 +70,17 @@ class TournamentsController < ApplicationController
       @tournament = Tournament.find(params[:id])
     end
 
+	def check_perms
+		unless (signed_in? and current_user.in_group?(:host))
+			respond_to do |format|
+				format.html { render action: 'permission_denied', status: :forbidden }
+				format.json { render json: "Permission denied", status: :forbidden }
+			end
+		end
+	end
+
     # Never trust parameters from the scary internet, only allow the white list through.
     def tournament_params
-      params.require(:tournament).permit(:game_id, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :set_rounds, :randomized_teams, :status)
+      params.require(:tournament).permit(:game, :game_id, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :set_rounds, :randomized_teams, :status)
     end
 end