diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/alerts_controller.rb | 10 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/matches_controller.rb | 25 | ||||
| -rw-r--r-- | app/controllers/servers_controller.rb | 10 | ||||
| -rw-r--r-- | app/controllers/sessions_controller.rb | 122 | ||||
| -rw-r--r-- | app/controllers/static_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/tournaments_controller.rb | 77 | ||||
| -rw-r--r-- | app/controllers/users_controller.rb | 30 |
8 files changed, 97 insertions, 182 deletions
diff --git a/app/controllers/alerts_controller.rb b/app/controllers/alerts_controller.rb index ac11854..873e9b7 100644 --- a/app/controllers/alerts_controller.rb +++ b/app/controllers/alerts_controller.rb @@ -1,6 +1,5 @@ class AlertsController < ApplicationController before_action :set_alert, only: [:show, :edit, :update, :destroy] - before_action :check_perms, only: [:new, :create, :edit, :update, :destroy] # GET /alerts # GET /alerts.json @@ -68,15 +67,6 @@ class AlertsController < ApplicationController @alert = Alert.find(params[:id]) end - def check_perms - unless (signed_in? and (current_user.in_group?(:admin) or current_user.in_group?(:host))) - respond_to do |format| - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } - end - end - end - # Never trust parameters from the scary internet, only allow the white list through. def alert_params params.require(:alert).permit(:author_id, :message) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7487f87..d83690e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,7 +2,4 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception - - #include sessionhelper for the session controller and view - include SessionsHelper end diff --git a/app/controllers/matches_controller.rb b/app/controllers/matches_controller.rb index 1f0d964..d79a7fc 100644 --- a/app/controllers/matches_controller.rb +++ b/app/controllers/matches_controller.rb @@ -1,10 +1,10 @@ class MatchesController < ApplicationController - before_action :set_tournament, only: [:index, :new, :create] before_action :set_match, only: [:show, :edit, :update, :destroy] + # GET /matches # GET /matches.json def index - @matches = @tournament.matches + @matches = Match.all end # GET /matches/1 @@ -14,7 +14,7 @@ class MatchesController < ApplicationController # GET /matches/new def new - + @match = Match.new end # GET /matches/1/edit @@ -24,11 +24,11 @@ class MatchesController < ApplicationController # POST /matches # POST /matches.json def create - @match = @tournament.matches.build(match_params) + @match = Match.new(match_params) respond_to do |format| if @match.save - format.html { redirect_to tournament_matches_path, notice: 'Match was successfully created.' } + format.html { redirect_to @match, notice: 'Match was successfully created.' } format.json { render action: 'show', status: :created, location: @match } else format.html { render action: 'new' } @@ -42,7 +42,7 @@ class MatchesController < ApplicationController def update respond_to do |format| if @match.update(match_params) - format.html { redirect_to [@tournament, @match], notice: 'Match was successfully updated.' } + format.html { redirect_to @match, notice: 'Match was successfully updated.' } format.json { head :no_content } else format.html { render action: 'edit' } @@ -54,24 +54,21 @@ class MatchesController < ApplicationController # DELETE /matches/1 # DELETE /matches/1.json def destroy - @match.destroy respond_to do |format| - format.html { redirect_to tournament_matches_path } + format.html { redirect_to matches_url } + format.json { head :no_content } end end private # Use callbacks to share common setup or constraints between actions. def set_match - @tournament = Tournament.find(params[:tournament_id]) - @match = @tournament.matches.find(params[:id]); - end - def set_tournament - @tournament = Tournament.find(params[:tournament_id]) + @match = Match.find(params[:id]) end + # Never trust parameters from the scary internet, only allow the white list through. def match_params - params.require(:match).permit(:tournament_id, :name, :winner_id) + params.require(:match).permit(:status, :tournament_id, :name, :winner_id) end end diff --git a/app/controllers/servers_controller.rb b/app/controllers/servers_controller.rb index bb5d5f7..7d54eb6 100644 --- a/app/controllers/servers_controller.rb +++ b/app/controllers/servers_controller.rb @@ -1,6 +1,5 @@ class ServersController < ApplicationController before_action :set_server, only: [:show, :edit, :update, :destroy] - before_action :check_perms # GET /servers # GET /servers.json @@ -68,15 +67,6 @@ class ServersController < ApplicationController @server = Server.find(params[:id]) end - def check_perms - unless (signed_in? and current_user.in_group?(:admin)) - respond_to do |format| - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } - end - end - end - # Never trust parameters from the scary internet, only allow the white list through. def server_params params[:server] diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 7cb16e8..2f72bf7 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,52 +1,74 @@ class SessionsController < ApplicationController - before_action :set_session, only: [:destroy] - - # GET /sessions/new - def new - @user = User.new - #@session = Session.new - end - - # POST /sessions - # POST /sessions.json - def create - # find the user... - @user = User.find_by_email(params[:session][:username_or_email]) || User.find_by_user_name(params[:session][:username_or_email]) - - #@session = Session.new(@user) - # ... and create a new session - respond_to do |format| - if @user && @user.authenticate(params[:session][:password]) - sign_in @user - format.html { redirect_to root_path } - #format.json { #TODO } - else - format.html { render action: 'new' } - format.json { render json: @user.errors, status: :unprocessable_entity } - end - end - end - - # DELETE /sessions/1 - # DELETE /sessions/1.json - def destroy - #@session.destroy - sign_out - respond_to do |format| - format.html { redirect_to root_path } - format.json { head :no_content } - end - end - - private - - # Use callbacks to share common setup or constraints between actions. - def set_session - #@session = Session.find(cookies[:remember_token]) - end - - # Never trust parameters from the scary internet, only allow the white list through. - def session_params - params.require(:session).permit(:session_email, :session_user_name, :session_password) - end + before_action :set_session, only: [:show, :edit, :update, :destroy] + + # GET /sessions + # GET /sessions.json + def index + @sessions = Session.all + end + + # GET /sessions/1 + # GET /sessions/1.json + def show + end + + # GET /sessions/new + def new + @session = Session.new + end + + # GET /sessions/1/edit + def edit + end + + # POST /sessions + # POST /sessions.json + def create + @session = Session.new(session_params) + + respond_to do |format| + if @session.save + format.html { redirect_to @session, notice: 'Session was successfully created.' } + format.json { render action: 'show', status: :created, location: @session } + else + format.html { render action: 'new' } + format.json { render json: @session.errors, status: :unprocessable_entity } + end + end + end + + # PATCH/PUT /sessions/1 + # PATCH/PUT /sessions/1.json + def update + respond_to do |format| + if @session.update(session_params) + format.html { redirect_to @session, notice: 'Session was successfully updated.' } + format.json { head :no_content } + else + format.html { render action: 'edit' } + format.json { render json: @session.errors, status: :unprocessable_entity } + end + end + end + + # DELETE /sessions/1 + # DELETE /sessions/1.json + def destroy + @session.destroy + respond_to do |format| + format.html { redirect_to sessions_url } + format.json { head :no_content } + end + end + + private + # Use callbacks to share common setup or constraints between actions. + def set_session + @session = Session.find(params[:id]) + end + + # Never trust parameters from the scary internet, only allow the white list through. + def session_params + params.require(:session).permit(:user_id) + end end diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb index 6fc9490..c6df11e 100644 --- a/app/controllers/static_controller.rb +++ b/app/controllers/static_controller.rb @@ -1,4 +1,2 @@ class StaticController < ApplicationController - def homepage - end end diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 8d90758..d7db632 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -1,6 +1,5 @@ class TournamentsController < ApplicationController - before_action :set_tournament, only: [:show, :edit, :update, :destroy, :join] - before_action :check_perms, only: [:new, :create, :edit, :destroy] + before_action :set_tournament, only: [:show, :edit, :update, :destroy] # GET /tournaments # GET /tournaments.json @@ -11,37 +10,24 @@ class TournamentsController < ApplicationController # GET /tournaments/1 # GET /tournaments/1.json def show - case @tournament.status - when 0 - when 1..2 - redirect_to "/tournaments/" + @tournament.id.to_s + "/matches" #tournament_matches_page(@tournament) - end end # GET /tournaments/new def new - @games = Game.all - @tournament = Tournament.new(game: Game.find_by_id(params[:game])) + @tournament = Tournament.new end # GET /tournaments/1/edit def edit - if params['close_action'] == 'close' - @tournament.status = 1 - @tournament.save - @tournament.setup(@tournament) - redirect_to "/tournaments" - end end # POST /tournaments # POST /tournaments.json def create @tournament = Tournament.new(tournament_params) - @tournament.status = 0 + respond_to do |format| if @tournament.save - @tournament.hosts.push(current_user) format.html { redirect_to @tournament, notice: 'Tournament was successfully created.' } format.json { render action: 'show', status: :created, location: @tournament } else @@ -54,45 +40,13 @@ class TournamentsController < ApplicationController # PATCH/PUT /tournaments/1 # PATCH/PUT /tournaments/1.json def update - - if params[:update_action].nil? - check_perms - respond_to do |format| - if @tournament.update(tournament_params) - format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' } - format.json { head :no_content } - else - format.html { render action: 'edit' } - format.json { render json: @tournament.errors, status: :unprocessable_entity } - end - end - else - case params[:update_action] - when "join" - respond_to do |format| - if @tournament.join(current_user) - format.html { render action: 'show', notice: 'You have joined this tournament.' } - format.json { head :no_content } - end - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } - end - when "open" - respond_to do |format| - if @tournament.setup - format.html { render action: 'show', notice: 'You have joined this tournament.' } - format.json { head :no_content } - end - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } - end - #when "close" - # TODO + respond_to do |format| + if @tournament.update(tournament_params) + format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' } + format.json { head :no_content } else - respond_to do |format| - format.html { render action: 'show', notice: "Invalid action", status: :unprocessable_entity } - format.json { render json: @tournament.errors, status: :unprocessable_entity } - end + format.html { render action: 'edit' } + format.json { render json: @tournament.errors, status: :unprocessable_entity } end end end @@ -113,19 +67,8 @@ class TournamentsController < ApplicationController @tournament = Tournament.find(params[:id]) end - def check_perms - unless (signed_in? and current_user.in_group?(:host)) - respond_to do |format| - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } - end - end - end - # Never trust parameters from the scary internet, only allow the white list through. def tournament_params - - params.require(:tournament).permit(:game, :name, :game_id, :status, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :set_rounds, :randomized_teams) - + params.require(:tournament).permit(:name, :game_id, :status, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :set_rounds, :randomized_teams) end end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 70facca..b18efed 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,7 +1,5 @@ class UsersController < ApplicationController before_action :set_user, only: [:show, :edit, :update, :destroy] - before_action :perms_edit, only: [:edit, :update, :destroy] - before_action :perms_create, only: [:new, :create] # GET /users # GET /users.json @@ -12,7 +10,6 @@ class UsersController < ApplicationController # GET /users/1 # GET /users/1.json def show - @user = User.find(params[:id]) end # GET /users/new @@ -28,14 +25,13 @@ class UsersController < ApplicationController # POST /users.json def create @user = User.new(user_params) - @user.groups = 0 + respond_to do |format| if @user.save - sign_in @user - format.html { redirect_to root_path, notice: 'User was successfully created.' } + format.html { redirect_to @user, notice: 'User was successfully created.' } format.json { render action: 'show', status: :created, location: @user } else - format.html { render action: 'new', status: :unprocessable_entity } + format.html { render action: 'new' } format.json { render json: @user.errors, status: :unprocessable_entity } end end @@ -71,26 +67,8 @@ class UsersController < ApplicationController @user = User.find(params[:id]) end - def perms_edit - unless (current_user == @user) or (signed_in? and current_user.in_group? :admin) - respond_to do |format| - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } - end - end - end - - def perms_create - if signed_in? - respond_to do |format| - format.html { render action: 'already_signed_in', status: :unprocessable_entity } - format.json { render json: "Already signed in", status: :unprocessable_entity } - end - end - end - # Never trust parameters from the scary internet, only allow the white list through. def user_params - params.require(:user).permit(:name, :email, :user_name, :password, :password_confirmation) + params.require(:user).permit(:name, :email, :user_name) end end |