diff options
Diffstat (limited to 'app/controllers/tournaments_controller.rb')
-rw-r--r-- | app/controllers/tournaments_controller.rb | 55 |
1 files changed, 46 insertions, 9 deletions
diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 571203c..27765df 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -1,5 +1,6 @@ class TournamentsController < ApplicationController - before_action :set_tournament, only: [:show, :edit, :update, :destroy] + before_action :set_tournament, only: [:show, :edit, :update, :destroy, :join] + before_action :check_perms, only: [:new, :create, :edit, :destroy] # GET /tournaments # GET /tournaments.json @@ -14,7 +15,8 @@ class TournamentsController < ApplicationController # GET /tournaments/new def new - @tournament = Tournament.new + @games = Game.all + @tournament = Tournament.new(game: Game.find_by_id(params[:game])) end # GET /tournaments/1/edit @@ -40,13 +42,39 @@ class TournamentsController < ApplicationController # PATCH/PUT /tournaments/1 # PATCH/PUT /tournaments/1.json def update - respond_to do |format| - if @tournament.update(tournament_params) - format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' } - format.json { head :no_content } + require 'pp' + pp params + if params[:update_action].nil? + check_perms + respond_to do |format| + if @tournament.update(tournament_params) + format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' } + format.json { head :no_content } + else + format.html { render action: 'edit' } + format.json { render json: @tournament.errors, status: :unprocessable_entity } + end + end + else + case params[:update_action] + when "join" + respond_to do |format| + if @tournament.join(current_user) + format.html { render action: 'show', notice: 'You have joined this tournament.' } + format.json { head :no_content } + end + format.html { render action: 'permission_denied', status: :forbidden } + format.json { render json: "Permission denied", status: :forbidden } + end + #when "open" + # TODO + #when "close" + # TODO else - format.html { render action: 'edit' } - format.json { render json: @tournament.errors, status: :unprocessable_entity } + respond_to do |format| + format.html { render action: 'show', notice: "Invalid action", status: :unprocessable_entity } + format.json { render json: @tournament.errors, status: :unprocessable_entity } + end end end end @@ -67,8 +95,17 @@ class TournamentsController < ApplicationController @tournament = Tournament.find(params[:id]) end + def check_perms + unless (signed_in? and current_user.in_group?(:host)) + respond_to do |format| + format.html { render action: 'permission_denied', status: :forbidden } + format.json { render json: "Permission denied", status: :forbidden } + end + end + end + # Never trust parameters from the scary internet, only allow the white list through. def tournament_params - params.require(:tournament).permit(:game_id, :status, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :set_rounds, :randomized_teams) + params.require(:tournament).permit(:game, :game_id, :status, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :set_rounds, :randomized_teams) end end |