6 files changed, 200 insertions, 2 deletions

diff --git a/app/models/alert.rb b/app/models/alert.rb
index 0516355..9876711 100644
--- a/app/models/alert.rb
+++ b/app/models/alert.rb
@@ -1,3 +1,3 @@
 class Alert < ActiveRecord::Base
-	belongs_to :author
+	belongs_to :author, class_name: "User"
 end
diff --git a/app/models/match.rb b/app/models/match.rb
index fe68d31..c596ced 100644
--- a/app/models/match.rb
+++ b/app/models/match.rb
@@ -1,4 +1,11 @@
 class Match < ActiveRecord::Base
 	belongs_to :tournament
-	belongs_to :winner
+
+	has_and_belongs_to_many :teams
+
+	belongs_to :winner, class_name: "Team"
+
+	def setup()
+		
+	end
 end
diff --git a/app/models/session.rb b/app/models/session.rb
index a5fd26e..f5e642b 100644
--- a/app/models/session.rb
+++ b/app/models/session.rb
@@ -1,3 +1,42 @@
 class Session < ActiveRecord::Base
 	belongs_to :user
+
+	##
+	# Create a random remember token for the user. This will be
+	# changed every time the user creates a new session.
+	#
+	# If you want this value, hang on to it; the raw value is
+	# discarded afterward.
+	#
+	# By changing the cookie every new session, any hijacked sessions
+	# (where the attacker steals a cookie to sign in as a certain
+	# user) will expire the next time the user signs back in.
+	#
+	# The random string is of length 16 composed of A-Z, a-z, 0-9
+	# This is the browser's cookie value.
+	def create_token()
+		t = SecureRandom.urlsafe_base64
+		self.token = Session.hash_token(t)
+		t
+	end
+
+	##
+	# Encrypt the remember token.
+	# This is the encrypted version of the cookie stored on
+	# the database.
+	#
+	# The reasoning for storing a hashed token is so that even if
+	# the database is compromised, the attacker won't be able to use
+	# the remember tokens to sign in.
+	def Session.hash_token(token)
+		# SHA-1 (Secure Hash Algorithm) is a US engineered hash
+		# function that produces a 20 byte hash value which typically
+		# forms a hexadecimal number 40 digits long.
+		# The reason I am not using the Bcrypt algorithm is because
+		# SHA-1 is much faster and I will be calling this on
+		# every page a user accesses.
+		#
+		# https://en.wikipedia.org/wiki/SHA-1
+		Digest::SHA1.hexdigest(token.to_s)
+	end
 end
diff --git a/app/models/team.rb b/app/models/team.rb
index 8d89f51..7aae7c2 100644
--- a/app/models/team.rb
+++ b/app/models/team.rb
@@ -1,3 +1,5 @@
 class Team < ActiveRecord::Base
 	belongs_to :match
+	has_and_belongs_to_many :matches
+	has_and_belongs_to_many :users
 end
diff --git a/app/models/tournament.rb b/app/models/tournament.rb
index dcdb8d5..22711b1 100644
--- a/app/models/tournament.rb
+++ b/app/models/tournament.rb
@@ -1,3 +1,46 @@
 class Tournament < ActiveRecord::Base
 	belongs_to :game
+	has_many :matches
+	has_and_belongs_to_many :players, class_name: "User", association_foreign_key: "player_id", join_table: "players_tournaments"
+	has_and_belongs_to_many :hosts,   class_name: "User", association_foreign_key: "host_id",   join_table: "hosts_tournaments"
+
+	def open?
+		return true
+	end
+
+	def joinable_by?(user)
+		return (open? and user.can?(:join_tournament) and !players.include?(user))
+	end
+
+	def join(user)
+		unless joinable_by?(user)
+			return false
+		end
+		players.push(user)
+	end
+
+	def leave(user)
+		if players.include?(user) && status == 0
+			players.delete(user)
+		end
+	end
+
+	def setup()
+		num_teams = (self.players.count/self.min_players_per_team).floor
+		num_matches = num_teams - 1
+		for i in 1..num_matches
+			self.matches.create(name: "Match #{i}", status: 0)
+		end
+		match_num = 0
+		team_num = 0
+		self.players.each_slice(min_players_per_team) do |players|
+			self.matches[match_num].teams.push(Team.create(users: players))
+			if (team_num != 0 and team_num % max_teams_per_match == 0)
+				match_num += 1
+				team_num = 0
+			else
+				team_num += 1
+			end
+		end
+	end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 4a57cf0..d1698bd 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,2 +1,109 @@
 class User < ActiveRecord::Base
+	has_and_belongs_to_many :tournaments_played, class_name: "Tournament", foreign_key: "player_id", join_table: "players_tournaments"
+	has_and_belongs_to_many :tournaments_hosted, class_name: "Tournament", foreign_key: "host_id", join_table: "hosts_tournaments"
+	has_and_belongs_to_many :teams
+	has_many :sessions
+
+	apply_simple_captcha
+
+	before_save { self.email = email.downcase }
+	before_save { self.user_name = user_name }
+
+	def after_initialize
+		self.permissions = 0
+	end
+
+	def can?(action)
+		case action
+		when :create_tournament
+		when :edit_tournament
+		when :join_tournament
+		when :delete_tournament
+
+		when :create_game
+		when :edit_game
+		when :delete_game
+
+		when :create_user
+			return false
+		when :edit_user
+		when :delete_user
+
+		when :create_alert
+		when :edit_alert
+		when :delete_alert
+
+		when :create_pm
+		when :edit_pm
+		when :delete_pm
+
+		when :create_session
+			return false
+		when :delete_session
+
+		else
+			return false
+		end
+	end
+
+	##
+	# VAILD_EMAIL is the regex used to validate a user given email.
+	VALID_EMAIL_REG = /\A\S+@\S+\.\S+\z/i
+
+	##
+	# VALID_USER_NAME checks to make sure a user's user_name
+	# is in the proper format.
+	VALID_USER_NAME_REG = /\A[a-zA-Z0-9\-]+\z/
+
+	##
+	# The following lines put a user account through a series of
+	# validations in order to make sure all of their information
+	# is in the proper format.
+	#
+	#     validates :symbol_to_be_validated
+	#
+	# - presence: determines whether or not a symbol is filled or not
+	# - length: ensures there is a length limit on the symbol
+	# - format: checks the format of given information to ensure
+	#   validity
+	validates(:name, presence: true, length: { maximum: 50 })
+	validates(:email, presence: true, format: {with:
+				  VALID_EMAIL_REG},
+			  uniqueness: { case_sensitive: false })
+	validates(:user_name, presence: true, length:{maximum: 50},
+			  format: {with: VALID_USER_NAME_REG },
+			  uniqueness: {case_sensitive: false })
+
+	##
+	# Instead of adding password and password_confirmation
+	# attributes, requiring the presence of a password,
+	# requiring that pw and pw_com match, and add an authenticate
+	# method to compare an encrypted password to the
+	# password_digest to authenticate users, I can just add
+	# has_secure_password which does all of this for me.
+	has_secure_password
+
+	validates :password, length: { minimum: 6 }
+end
+class NilUser
+	def nil?
+		return true
+	end
+	def can?(action)
+		case action
+		when :create_user
+			return true
+		when :create_session
+			return true
+		else
+			return false
+		end
+	end
+	def method_missing(name, *args)
+		# Throw an error if User doesn't have this method
+		super unless User.new.respond_to?(name)
+		# User has this method -- return a blank value
+		# 'false' if the method ends with '?'; 'nil' otherwise.
+		name.ends_with?('?') ? false : nil
+	end
 end