7 files changed, 259 insertions, 2 deletions
diff --git a/app/models/alert.rb b/app/models/alert.rb
index 0516355..9876711 100644
--- a/app/models/alert.rb
+++ b/app/models/alert.rb
@@ -1,3 +1,3 @@
 class Alert < ActiveRecord::Base
-	belongs_to :author
+	belongs_to :author, class_name: "User"
 end
diff --git a/app/models/game.rb b/app/models/game.rb
index a181c26..ec865d8 100644
--- a/app/models/game.rb
+++ b/app/models/game.rb
@@ -1,2 +1,3 @@
 class Game < ActiveRecord::Base
+	has_many :settings, class_name: "GameSetting" 
 end
diff --git a/app/models/match.rb b/app/models/match.rb
index fe68d31..c596ced 100644
--- a/app/models/match.rb
+++ b/app/models/match.rb
@@ -1,4 +1,11 @@
 class Match < ActiveRecord::Base
 	belongs_to :tournament
-	belongs_to :winner
+
+	has_and_belongs_to_many :teams
+
+	belongs_to :winner, class_name: "Team"
+
+	def setup()
+		
+	end
 end
diff --git a/app/models/session.rb b/app/models/session.rb
index a5fd26e..f5e642b 100644
--- a/app/models/session.rb
+++ b/app/models/session.rb
@@ -1,3 +1,42 @@
 class Session < ActiveRecord::Base
 	belongs_to :user
+
+	##
+	# Create a random remember token for the user. This will be
+	# changed every time the user creates a new session.
+	#
+	# If you want this value, hang on to it; the raw value is
+	# discarded afterward.
+	#
+	# By changing the cookie every new session, any hijacked sessions
+	# (where the attacker steals a cookie to sign in as a certain
+	# user) will expire the next time the user signs back in.
+	#
+	# The random string is of length 16 composed of A-Z, a-z, 0-9
+	# This is the browser's cookie value.
+	def create_token()
+		t = SecureRandom.urlsafe_base64
+		self.token = Session.hash_token(t)
+		t
+	end
+
+	##
+	# Encrypt the remember token.
+	# This is the encrypted version of the cookie stored on
+	# the database.
+	#
+	# The reasoning for storing a hashed token is so that even if
+	# the database is compromised, the attacker won't be able to use
+	# the remember tokens to sign in.
+	def Session.hash_token(token)
+		# SHA-1 (Secure Hash Algorithm) is a US engineered hash
+		# function that produces a 20 byte hash value which typically
+		# forms a hexadecimal number 40 digits long.
+		# The reason I am not using the Bcrypt algorithm is because
+		# SHA-1 is much faster and I will be calling this on
+		# every page a user accesses.
+		#
+		# https://en.wikipedia.org/wiki/SHA-1
+		Digest::SHA1.hexdigest(token.to_s)
+	end
 end
diff --git a/app/models/team.rb b/app/models/team.rb
index 8d89f51..7aae7c2 100644
--- a/app/models/team.rb
+++ b/app/models/team.rb
@@ -1,3 +1,5 @@
 class Team < ActiveRecord::Base
 	belongs_to :match
+	has_and_belongs_to_many :matches
+	has_and_belongs_to_many :users
 end
diff --git a/app/models/tournament.rb b/app/models/tournament.rb
index dcdb8d5..e408cfe 100644
--- a/app/models/tournament.rb
+++ b/app/models/tournament.rb
@@ -1,3 +1,49 @@
 class Tournament < ActiveRecord::Base
 	belongs_to :game
+	has_many :matches
+	has_and_belongs_to_many :players, class_name: "User", association_foreign_key: "player_id", join_table: "players_tournaments"
+	has_and_belongs_to_many :hosts,   class_name: "User", association_foreign_key: "host_id",   join_table: "hosts_tournaments"
+
+	def open?
+		return true
+	end
+
+	def joinable_by?(user)
+		return (open? and user.can?(:join_tournament) and !players.include?(user))
+	end
+
+	def join(user)
+		unless joinable_by?(user)
+			return false
+		end
+		players.push(user)
+	end
+
+	def leave(user)
+		if players.include?(user) && status == 0
+			players.delete(user)
+		end
+	end
+
+	def setup
+		num_teams = (self.players.count/self.min_players_per_team).floor
+		num_matches = num_teams - 1
+		for i in 1..num_matches
+			self.matches.create(name: "Match #{i}", status: 0)
+		end
+		match_num = 0
+		team_num = 0
+		#for each grouping of min_players_per_team
+		self.players.each_slice(min_players_per_team) do |players|
+			#create a new team in the current match
+			self.matches[match_num].teams.push(Team.create(users: players))
+			#if the match is full, move to the next match, otherwise move to the next team
+			if (team_num != 0 and team_num % max_teams_per_match == 0)
+				match_num += 1
+				team_num = 0
+			else
+				team_num += 1
+			end
+		end
+	end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 4a57cf0..626e4bf 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,2 +1,164 @@
 class User < ActiveRecord::Base
+	has_and_belongs_to_many :tournaments_played, class_name: "Tournament", foreign_key: "player_id", join_table: "players_tournaments"
+	has_and_belongs_to_many :tournaments_hosted, class_name: "Tournament", foreign_key: "host_id", join_table: "hosts_tournaments"
+	has_and_belongs_to_many :teams
+	has_many :sessions
+
+	apply_simple_captcha
+
+	before_save { self.email = email.downcase }
+	before_save { self.user_name = user_name }
+
+	def self.permission_bits
+		return {
+			:create_tournament => 1,
+			:edit_tournament => 2,
+			:join_tournament => 3,
+			:delete_tournament => 4,
+
+			:create_game => 5,
+			:edit_game => 6,
+			:delete_game => 7,
+
+			:create_user => 8,
+			:edit_user => 9,
+			:delete_user => 10,
+
+			:create_alert => 11,
+			:edit_alert => 12,
+			:delete_alert => 13,
+
+			:create_pm => 14,
+			:edit_pm => 15,
+			:delete_pm => 16,
+
+			:create_session => 17,
+			:delete_session => 18,
+
+			:edit_permissions => 19,
+		}
+	end
+
+	def can?(action)
+		bit = User.permission_bits[action]
+		if bit.nil?
+			return false
+		else
+			return (self.permissions & (2**bit) != 0)
+		end
+	end
+
+	def add_ability(action)
+		bit = User.permission_bits[action.to_sym]
+		unless bit.nil?
+			self.permissions |= 2**bit
+		end
+	end
+
+	def remove_ability(action)
+		bit = User.permission_bits[action.to_sym]
+		unless bit.nil?
+			self.permissions &= ~ (2**bit)
+		end
+	end
+
+
+	# A representation of the permission bits as a mock-array.
+	def abilities
+		@abilities ||= Abilities.new(self)
+	end
+	def abilities=(new)
+		new.each do |k,v|
+			if v == "0"
+				v = false
+			end
+			abilities[k] = v
+		end
+	end
+
+	# A thin array-like wrapper around the permission bits to make it
+	# easy to modify them using a form.
+	class Abilities
+		def initialize(user)
+			@user = user
+		end
+		def [](ability)
+			return @user.can?(ability)
+		end
+		def []=(ability, val)
+			if val
+				@user.add_ability(ability)
+			else
+				@user.remove_ability(ability)
+			end
+		end
+		def keys
+			User.permission_bits.keys
+		end
+		def method_missing(name, *args)
+			if name.to_s.ends_with?('=')
+				self[name.to_s.sub(/=$/, '').to_sym] = args.first
+			else
+				return self[name.to_sym]
+			end
+		end
+	end
+
+	# VAILD_EMAIL is the regex used to validate a user given email.
+	VALID_EMAIL_REG = /\A\S+@\S+\.\S+\z/i
+
+	# VALID_USER_NAME checks to make sure a user's user_name
+	# is in the proper format.
+	VALID_USER_NAME_REG = /\A[a-zA-Z0-9\-]+\z/
+
+	# The following lines put a user account through a series of
+	# validations in order to make sure all of their information
+	# is in the proper format.
+	#
+	#     validates :symbol_to_be_validated
+	#
+	# - presence: determines whether or not a symbol is filled or not
+	# - length: ensures there is a length limit on the symbol
+	# - format: checks the format of given information to ensure
+	#   validity
+	validates(:name, presence: true, length: { maximum: 50 })
+	validates(:email, presence: true, format: {with:
+				  VALID_EMAIL_REG},
+			  uniqueness: { case_sensitive: false })
+	validates(:user_name, presence: true, length:{maximum: 50},
+			  format: {with: VALID_USER_NAME_REG },
+			  uniqueness: {case_sensitive: false })
+
+	# Instead of adding password and password_confirmation
+	# attributes, requiring the presence of a password,
+	# requiring that pw and pw_com match, and add an authenticate
+	# method to compare an encrypted password to the
+	# password_digest to authenticate users, I can just add
+	# has_secure_password which does all of this for me.
+	has_secure_password
+
+	validates :password, length: { minimum: 6 }
+
+	class NilUser
+		def nil?
+			return true
+		end
+		def can?(action)
+			case action
+			when :create_user
+				return true
+			when :create_session
+				return true
+			else
+				return false
+			end
+		end
+		def method_missing(name, *args)
+			# Throw an error if User doesn't have this method
+			super unless User.new.respond_to?(name)
+			# User has this method -- return a blank value
+			# 'false' if the method ends with '?'; 'nil' otherwise.
+			name.to_s.ends_with?('?') ? false : nil
+		end
+	end
 end