11 files changed, 290 insertions, 118 deletions
diff --git a/app/controllers/alerts_controller.rb b/app/controllers/alerts_controller.rb
index a3cb8f9..333022a 100644
--- a/app/controllers/alerts_controller.rb
+++ b/app/controllers/alerts_controller.rb
@@ -1,6 +1,4 @@
 class AlertsController < ApplicationController
-	before_action :set_alert, only: [:show, :edit, :update, :destroy]
-
 	# GET /alerts
 	# GET /alerts.json
 	def index
@@ -62,11 +60,16 @@ class AlertsController < ApplicationController
 	end
 
 	private
+
 	# Use callbacks to share common setup or constraints between actions.
 	def set_alert
 		@alert = Alert.find(params[:id])
 	end
 
+	def is_owner?(object)
+		object.author == current_user
+	end
+
 	# Never trust parameters from the scary internet, only allow the white list through.
 	def alert_params
 		params.require(:alert).permit(:author_id, :message)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 27ef6a7..d5752aa 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,5 +1,55 @@
 class ApplicationController < ActionController::Base
+	before_action :set_object, only: [:show]
+	before_action :check_create, only: [:new, :create]
+	before_action :check_edit, only: [:edit, :update]
+	before_action :check_delete, only: [:destroy]
+
 	# Prevent CSRF attacks by raising an exception.
 	# For APIs, you may want to use :null_session instead.
 	protect_from_forgery with: :exception
+
+	#include sessionhelper for the session controller and view
+	include SessionsHelper
+
+	include SimpleCaptcha::ControllerHelpers
+
+	def check_permission(verb, object=nil)
+		unless current_user.can?((verb.to_s+"_"+noun).to_sym) or (!object.nil? and is_owner?(object))
+			respond_to do |format|
+				format.html do
+					if object.nil?
+						redirect_to send(noun.pluralize+"_url"), notice: "You don't have permission to #{verb} #{noun.pluralize}."
+					else
+						redirect_to object, notice: "You don't have permission to #{verb} this #{noun}."
+					end
+				end
+				format.json { render json: "Permission denied", status: :forbidden }
+			end
+		end
+	end
+
+	def noun
+		@noun ||= self.class.name.underscore.sub(/_controller$/, '').singularize
+	end
+
+	def set_object
+		object = send("set_"+noun)
+	end
+
+	def check_create
+		check_permission(:create)
+	end
+	def check_edit
+		object = send("set_"+noun)
+		check_permission(:edit, object)
+	end
+	def check_delete
+		object = send("set_"+noun)
+		check_permission(:edit, object)
+	end
+
+	# Override this
+	def is_owner?(object)
+		return false
+	end
 end
diff --git a/app/controllers/games_controller.rb b/app/controllers/games_controller.rb
index e9620b4..f18a5ad 100644
--- a/app/controllers/games_controller.rb
+++ b/app/controllers/games_controller.rb
@@ -1,6 +1,4 @@
 class GamesController < ApplicationController
-	before_action :set_game, only: [:show, :edit, :update, :destroy]
-
 	# GET /games
 	# GET /games.json
 	def index
diff --git a/app/controllers/matches_controller.rb b/app/controllers/matches_controller.rb
index 32108d9..31fc9ad 100644
--- a/app/controllers/matches_controller.rb
+++ b/app/controllers/matches_controller.rb
@@ -1,70 +1,130 @@
 class MatchesController < ApplicationController
-	before_action :set_match, only: [:show, :edit, :update, :destroy]
+	before_action :set_tournament, only: [:index]
 
 	# GET /matches
 	# GET /matches.json
-	def index
-		@matches = Match.all
-	end
+  require 'httparty'
+  require 'json'
 
-	# GET /matches/1
-	# GET /matches/1.json
-	def show
-	end
+  def index
+    @matches = @tournament.matches
+  end
 
-	# GET /matches/new
-	def new
-		@match = Match.new
-	end
+  def get_riot_info
+	if signed_in?
 
-	# GET /matches/1/edit
-	def edit
-	end
+			#current user information
+			response = HTTParty.get("https://prod.api.pvp.net/api/lol/na/v1.3/summoner/by-name/#{current_user.user_name}?api_key=ad539f86-22fd-474d-9279-79a7a296ac38")
 
-	# POST /matches
-	# POST /matches.json
-	def create
-		@match = Match.new(match_params)
+			id = response["#{current_user.user_name.downcase}"]['id']
 
-		respond_to do |format|
-			if @match.save
-				format.html { redirect_to @match, notice: 'Match was successfully created.' }
-				format.json { render action: 'show', status: :created, location: @match }
-			else
-				format.html { render action: 'new' }
-				format.json { render json: @match.errors, status: :unprocessable_entity }
-			end
-		end
-	end
+			#recent game information
+			recent = HTTParty.get("https://prod.api.pvp.net/api/lol/na/v1.3/game/by-summoner/#{response["#{current_user.user_name.downcase}"]['id']}/recent?api_key=ad539f86-22fd-474d-9279-79a7a296ac38")
+
+			game_id = recent["games"][0]["gameId"]
+
+			#remote_user_id = 6651654651354
+			#remove_user_name = TeslasMind
+			#How to Add
+			#how do I access
+
+			#members of most recent game id's
+			player1 = recent["games"][0]["fellowPlayers"][0]["summonerId"]
+			player2 = recent["games"][0]["fellowPlayers"][1]["summonerId"]
+			player3 = recent["games"][0]["fellowPlayers"][2]["summonerId"]
+			player4 = recent["games"][0]["fellowPlayers"][3]["summonerId"]
+			player5 = recent["games"][0]["fellowPlayers"][4]["summonerId"]
+			player6 = recent["games"][0]["fellowPlayers"][5]["summonerId"]
+			player7 = recent["games"][0]["fellowPlayers"][6]["summonerId"]
+			player8 = recent["games"][0]["fellowPlayers"][7]["summonerId"]
+			player9 = recent["games"][0]["fellowPlayers"][8]["summonerId"]
+
+			players_by_id = [player1, player2, player3, player4, player5, player6, player7, player8, player9]
+
+			#collect summoner names
+			memb1 = HTTParty.get("https://prod.api.pvp.net/api/lol/na/v1.3/summoner/#{player1}/name?api_key=ad539f86-22fd-474d-9279-79a7a296ac38")
+			memb1 = memb1["#{player1}"]
+			sleep(1);
+
+			memb2 = HTTParty.get("https://prod.api.pvp.net/api/lol/na/v1.3/summoner/#{player2}/name?api_key=ad539f86-22fd-474d-9279-79a7a296ac38")
+			memb2 = memb2["#{player2}"]
+			sleep(1);
+
+			memb3 = HTTParty.get("https://prod.api.pvp.net/api/lol/na/v1.3/summoner/#{player3}/name?api_key=ad539f86-22fd-474d-9279-79a7a296ac38")
+			memb3 = memb3["#{player3}"]
+			sleep(1);
+
+			memb4 = HTTParty.get("https://prod.api.pvp.net/api/lol/na/v1.3/summoner/#{player4}/name?api_key=ad539f86-22fd-474d-9279-79a7a296ac38")
+			memb4 = memb4["#{player4}"]
+			sleep(1);
 
-	# PATCH/PUT /matches/1
-	# PATCH/PUT /matches/1.json
-	def update
-		respond_to do |format|
-			if @match.update(match_params)
-				format.html { redirect_to @match, notice: 'Match was successfully updated.' }
-				format.json { head :no_content }
+			memb5 = HTTParty.get("https://prod.api.pvp.net/api/lol/na/v1.3/summoner/#{player5}/name?api_key=ad539f86-22fd-474d-9279-79a7a296ac38")
+			memb5 = memb5["#{player5}"]
+			sleep(1);
+
+			memb6 = HTTParty.get("https://prod.api.pvp.net/api/lol/na/v1.3/summoner/#{player6}/name?api_key=ad539f86-22fd-474d-9279-79a7a296ac38")
+			memb6 = memb6["#{player6}"]
+			sleep(1);
+
+			memb7 = HTTParty.get("https://prod.api.pvp.net/api/lol/na/v1.3/summoner/#{player7}/name?api_key=ad539f86-22fd-474d-9279-79a7a296ac38")
+			memb7 = memb7["#{player7}"]
+			sleep(1);
+
+			memb8 = HTTParty.get("https://prod.api.pvp.net/api/lol/na/v1.3/summoner/#{player8}/name?api_key=ad539f86-22fd-474d-9279-79a7a296ac38")
+			memb8 = memb8["#{player8}"]
+			sleep(1);
+
+			memb9 = HTTParty.get("https://prod.api.pvp.net/api/lol/na/v1.3/summoner/#{player9}/name?api_key=ad539f86-22fd-474d-9279-79a7a296ac38")
+			memb9 = memb9["#{player9}"]
+			sleep(1);
+
+			memb10 = HTTParty.get("https://prod.api.pvp.net/api/lol/na/v1.3/summoner/#{id}/name?api_key=ad539f86-22fd-474d-9279-79a7a296ac38")
+			memb10 = memb10["#{id}"]
+
+			players = ["#{memb1}", "#{memb2}", "#{memb3}", "#{memb4}", "#{memb5}", "#{memb6}", "#{memb7}", "#{memb8}", "#{memb9}", "#{memb10}"]
+
+			sleep(5);
+
+			blue = Hash.new
+			purple = Hash.new
+
+			for i in 0..8
+				current_player = players_by_id[i]
+				place = players[i]
+				info = HTTParty.get("https://prod.api.pvp.net/api/lol/na/v1.3/game/by-summoner/#{current_player}/recent?api_key=ad539f86-22fd-474d-9279-79a7a296ac38")
+
+				if 100 == info["games"][0]["stats"]["team"]
+					blue.merge!("#{place}" => info["games"][0]["stats"])
+				else
+					purple.merge!("#{place}" => info["games"][0]["stats"])
+				end
+				sleep(1)
+			end					
+
+			if 100 == recent["games"][0]["stats"]["team"]
+				blue.merge!("#{players[9]}" => recent["games"][0]["stats"])
 			else
-				format.html { render action: 'edit' }
-				format.json { render json: @match.errors, status: :unprocessable_entity }
+				purple.merge!("#{players[9]}" => recent["games"][0]["stats"])
 			end
-		end
-	end
 
-	# DELETE /matches/1
-	# DELETE /matches/1.json
-	def destroy
-		@match.destroy
-		respond_to do |format|
-			format.html { redirect_to matches_url }
-			format.json { head :no_content }
-		end
+			@purp = purple
+			@blue = blue
+
+	end #end if
+  end #end def
+	# GET /matches/1
+	# GET /matches/1.json
+	def show
 	end
 
 	private
 	# Use callbacks to share common setup or constraints between actions.
 	def set_match
-		@match = Match.find(params[:id])
+		set_tournament
+		@match = @tournament.matches.find(params[:id]);
+	end
+	def set_tournament
+		@tournament = Tournament.find(params[:tournament_id])
 	end
 
 	# Never trust parameters from the scary internet, only allow the white list through.
diff --git a/app/controllers/pms_controller.rb b/app/controllers/pms_controller.rb
index b62a6ef..af112d1 100644
--- a/app/controllers/pms_controller.rb
+++ b/app/controllers/pms_controller.rb
@@ -1,6 +1,4 @@
 class PmsController < ApplicationController
-	before_action :set_pm, only: [:show, :edit, :update, :destroy]
-
 	# GET /pms
 	# GET /pms.json
 	def index
diff --git a/app/controllers/servers_controller.rb b/app/controllers/servers_controller.rb
index 43999c4..6596dc6 100644
--- a/app/controllers/servers_controller.rb
+++ b/app/controllers/servers_controller.rb
@@ -1,5 +1,4 @@
 class ServersController < ApplicationController
-	before_action :set_server, only: [:show, :edit, :update, :destroy]
 
 	# GET /servers
 	# GET /servers.json
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index b035ea0..a0390ad 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,52 +1,27 @@
 class SessionsController < ApplicationController
-	before_action :set_session, only: [:show, :edit, :update, :destroy]
-
-	# GET /sessions
-	# GET /sessions.json
-	def index
-		@sessions = Session.all
-	end
-
-	# GET /sessions/1
-	# GET /sessions/1.json
-	def show
-	end
 
 	# GET /sessions/new
 	def new
-		@session = Session.new
-	end
-
-	# GET /sessions/1/edit
-	def edit
+		@user = User.new
+		#@session = Session.new
 	end
 
 	# POST /sessions
 	# POST /sessions.json
 	def create
-		@session = Session.new(session_params)
+		# find the user...
+		@user = User.find_by_email(params[:session][:username_or_email]) || User.find_by_user_name(params[:session][:username_or_email])
 
+		#@session = Session.new(@user)
+		# ... and create a new session
 		respond_to do |format|
-			if @session.save
-				format.html { redirect_to @session, notice: 'Session was successfully created.' }
-				format.json { render action: 'show', status: :created, location: @session }
+			if @user && @user.authenticate(params[:session][:password])
+				sign_in @user
+				format.html { redirect_to root_path }
+				#format.json { #TODO }
 			else
 				format.html { render action: 'new' }
-				format.json { render json: @session.errors, status: :unprocessable_entity }
-			end
-		end
-	end
-
-	# PATCH/PUT /sessions/1
-	# PATCH/PUT /sessions/1.json
-	def update
-		respond_to do |format|
-			if @session.update(session_params)
-				format.html { redirect_to @session, notice: 'Session was successfully updated.' }
-				format.json { head :no_content }
-			else
-				format.html { render action: 'edit' }
-				format.json { render json: @session.errors, status: :unprocessable_entity }
+				format.json { render json: @user.errors, status: :unprocessable_entity }
 			end
 		end
 	end
@@ -54,9 +29,10 @@ class SessionsController < ApplicationController
 	# DELETE /sessions/1
 	# DELETE /sessions/1.json
 	def destroy
-		@session.destroy
+		#@session.destroy
+		sign_out
 		respond_to do |format|
-			format.html { redirect_to sessions_url }
+			format.html { redirect_to root_path }
 			format.json { head :no_content }
 		end
 	end
@@ -64,11 +40,16 @@ class SessionsController < ApplicationController
 	private
 	# Use callbacks to share common setup or constraints between actions.
 	def set_session
-		@session = Session.find(params[:id])
+		@token = Session.hash_token(cookies[:remember_token])
+		@session = Session.find_by(token: @token)
 	end
 
 	# Never trust parameters from the scary internet, only allow the white list through.
 	def session_params
-		params.require(:session).permit(:user_id, :token)
+		params.require(:session).permit(:session_email, :session_user_name, :session_password)
+	end
+
+	def is_owner?(object)
+		object.user == current_user
 	end
 end
diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb
index c6df11e..038cc19 100644
--- a/app/controllers/static_controller.rb
+++ b/app/controllers/static_controller.rb
@@ -1,2 +1,7 @@
 class StaticController < ApplicationController
+	def homepage
+	end
+
+	def test
+	end
 end
diff --git a/app/controllers/teams_controller.rb b/app/controllers/teams_controller.rb
index 05e7a12..57ae256 100644
--- a/app/controllers/teams_controller.rb
+++ b/app/controllers/teams_controller.rb
@@ -1,5 +1,4 @@
 class TeamsController < ApplicationController
-	before_action :set_team, only: [:show, :edit, :update, :destroy]
 
 	# GET /teams
 	# GET /teams.json
@@ -71,4 +70,8 @@ class TeamsController < ApplicationController
 	def team_params
 		params.require(:team).permit(:match_id)
 	end
+
+	def is_owner?(object)
+		object.users.include?(current_user)
+	end
 end
diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb
index e43976c..a9e91b0 100644
--- a/app/controllers/tournaments_controller.rb
+++ b/app/controllers/tournaments_controller.rb
@@ -1,5 +1,4 @@
 class TournamentsController < ApplicationController
-	before_action :set_tournament, only: [:show, :edit, :update, :destroy]
 
 	# GET /tournaments
 	# GET /tournaments.json
@@ -10,24 +9,42 @@ class TournamentsController < ApplicationController
 	# GET /tournaments/1
 	# GET /tournaments/1.json
 	def show
+		respond_to do |format|
+			format.html {  
+				case @tournament.status
+				when 0
+					render action: 'show'
+				when 1..2
+					redirect_to "/tournaments/" + @tournament.id.to_s + "/matches" #tournament_matches_page(@tournament)
+				end
+			}
+			format.json { 
+				data = JSON.parse(@tournament.to_json)
+				data["players"] = @tournament.players;
+				render :json => data.to_json
+			}
+		end
 	end
 
 	# GET /tournaments/new
 	def new
-		@tournament = Tournament.new
+		@games = Game.all
+		@tournament = Tournament.new(game: Game.find_by_id(params[:game]))  
 	end
 
 	# GET /tournaments/1/edit
 	def edit
+		check_permission(:edit, @tournament)
 	end
 
 	# POST /tournaments
 	# POST /tournaments.json
 	def create
 		@tournament = Tournament.new(tournament_params)
-
+		@tournament.status = 0
 		respond_to do |format|
 			if @tournament.save
+				@tournament.hosts.push(current_user)
 				format.html { redirect_to @tournament, notice: 'Tournament was successfully created.' }
 				format.json { render action: 'show', status: :created, location: @tournament }
 			else
@@ -40,12 +57,55 @@ class TournamentsController < ApplicationController
 	# PATCH/PUT /tournaments/1
 	# PATCH/PUT /tournaments/1.json
 	def update
-		respond_to do |format|
-			if @tournament.update(tournament_params)
-				format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' }
-				format.json { head :no_content }
-			else
-				format.html { render action: 'edit' }
+		case params[:update_action]
+		when nil
+			check_permission(:edit, @tournament)
+			respond_to do |format|
+				if @tournament.update(tournament_params)
+					format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' }
+					format.json { head :no_content }
+				else
+					format.html { render action: 'edit' }
+					format.json { render json: @tournament.errors, status: :unprocessable_entity }
+				end
+			end
+		when "join"
+			# permission checking for join is done in the Tournament model
+			respond_to do |format|
+				if @tournament.join(current_user)
+					format.html { redirect_to @tournament, notice: 'You have joined this tournament.' }
+					format.json { head :no_content }
+				else
+					format.html { redirect_to @tournament, notice: "You can't join this tournament." }
+					format.json { render json: "Permission denied", status: :forbidden }
+				end
+			end
+		when "leave"
+			respond_to do |format|
+				if @tournament.leave(current_user)
+					format.html { redirect_to tournaments_url, notice: 'You have left the tournament.' }
+					format.json { head :no_content }
+				else
+					format.html { redirect_to @tournament, notice: 'You were\'t a part of this tournament.' }
+					format.json { render json: "Permission denied", status: :forbidden }
+				end
+			end
+		when "start"
+			check_permission(:edit, @tournament)
+			@tournament.status = 1
+			@tournament.save
+			respond_to do |format|
+				if @tournament.setup
+					format.html { redirect_to @tournament, notice: 'You have joined this tournament.' }
+					format.json { head :no_content }
+				else
+					format.html { render action: 'permission_denied', status: :forbidden }
+					format.json { render json: "Permission denied", status: :forbidden }
+				end
+			end
+		else
+			respond_to do |format|
+				format.html { redirect_to @tournament, notice: "Invalid action", status: :unprocessable_entity }
 				format.json { render json: @tournament.errors, status: :unprocessable_entity }
 			end
 		end
@@ -69,6 +129,15 @@ class TournamentsController < ApplicationController
 
 	# Never trust parameters from the scary internet, only allow the white list through.
 	def tournament_params
-		params.require(:tournament).permit(:name, :game_id, :status, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :set_rounds, :randomized_teams)
+		params.require(:tournament).permit(:game, :name, :game_id, :status, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :set_rounds, :randomized_teams)
+	end
+
+	def is_owner?(object)
+		object.hosts.include?(current_user)
+	end
+
+	# Turn of check_edit, since our #update is flexible
+	def check_edit
+		set_tournament
 	end
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 58bf4c6..bcb45aa 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,7 +1,7 @@
 class UsersController < ApplicationController
-	before_action :set_user, only: [:show, :edit, :update, :destroy]
 
 	# GET /users
+
 	# GET /users.json
 	def index
 		@users = User.all
@@ -24,15 +24,17 @@ class UsersController < ApplicationController
 	# POST /users
 	# POST /users.json
 	def create
-		@user = User.new(user_params)
-
-		respond_to do |format|
-			if @user.save
-				format.html { redirect_to @user, notice: 'User was successfully created.' }
-				format.json { render action: 'show', status: :created, location: @user }
-			else
-				format.html { render action: 'new' }
-				format.json { render json: @user.errors, status: :unprocessable_entity }
+		if simple_captcha_valid?
+			@user = User.new(user_params)
+			respond_to do |format|
+				if @user.save
+					sign_in @user
+					format.html { redirect_to root_path, notice: 'User was successfully created.' }
+					format.json { render action: 'show', status: :created, location: @user }
+				else
+					format.html { render action: 'new', status: :unprocessable_entity }
+					format.json { render json: @user.errors, status: :unprocessable_entity }
+				end
 			end
 		end
 	end
@@ -67,8 +69,12 @@ class UsersController < ApplicationController
 		@user = User.find(params[:id])
 	end
 
+	def is_owner?(object)
+		object == current_user
+	end
+
 	# Never trust parameters from the scary internet, only allow the white list through.
 	def user_params
-		params.require(:user).permit(:name, :email, :user_name)
+		params.require(:user).permit(:name, :email, :user_name, :password, :password_confirmation)
 	end
 end