From 70bae69d731afc5300ffa5b176732ebe27d0810f Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Thu, 6 Mar 2014 22:26:37 -0500 Subject: add self as a host to a tourney upon creation --- app/controllers/tournaments_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/tournaments_controller.rb') diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 74a1f56..1e26584 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -31,9 +31,9 @@ class TournamentsController < ApplicationController # POST /tournaments.json def create @tournament = Tournament.new(tournament_params) - respond_to do |format| if @tournament.save + @tournament.hosts.push(current_user) format.html { redirect_to @tournament, notice: 'Tournament was successfully created.' } format.json { render action: 'show', status: :created, location: @tournament } else -- cgit v1.2.3-2-g168b From ce8b05ed8fa3466c727269daa47ba7df672fdca1 Mon Sep 17 00:00:00 2001 From: AndrewMurrell Date: Thu, 6 Mar 2014 22:31:03 -0500 Subject: Redirection works as does the close tournament button. --- app/controllers/tournaments_controller.rb | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'app/controllers/tournaments_controller.rb') diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 3f6de26..9e6a6e6 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -11,8 +11,10 @@ class TournamentsController < ApplicationController # GET /tournaments/1 # GET /tournaments/1.json def show - unless @tournament.status - redirect_to tournament_matches_page(@tournament) + case @tournament.status + when 0 + when 1..2 + redirect_to "/tournaments/" + @tournament.id.to_s + "/matches" #tournament_matches_page(@tournament) end end @@ -25,6 +27,11 @@ class TournamentsController < ApplicationController # GET /tournaments/1/edit def edit + if params['close_action'] == 'close' + @tournament.status = 1 + @tournament.save + redirect_to "/tournaments" + end end # POST /tournaments -- cgit v1.2.3-2-g168b From e1f6378a2c197a6d1c64f365dd52d2961e104cdb Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Thu, 6 Mar 2014 22:34:15 -0500 Subject: tidy up the tournament join and open controller logic --- app/controllers/tournaments_controller.rb | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'app/controllers/tournaments_controller.rb') diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 1e26584..386a6a4 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -65,18 +65,20 @@ class TournamentsController < ApplicationController if @tournament.join(current_user) format.html { render action: 'show', notice: 'You have joined this tournament.' } format.json { head :no_content } + else + format.html { render action: 'permission_denied', status: :forbidden } + format.json { render json: "Permission denied", status: :forbidden } end - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } end when "open" respond_to do |format| if @tournament.setup - format.html { render action: 'show', notice: 'You have joined this tournament.' } + format.html { render action: 'show', notice: 'You have opend this tournament.' } format.json { head :no_content } + else + format.html { render action: 'permission_denied', status: :forbidden } + format.json { render json: "Permission denied", status: :forbidden } end - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } end #when "close" # TODO -- cgit v1.2.3-2-g168b From f959591c62d7e66454f676d9c2a9abdd6fac3a7f Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Thu, 6 Mar 2014 22:35:35 -0500 Subject: TournamentsController: add stricter host access control --- app/controllers/tournaments_controller.rb | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) (limited to 'app/controllers/tournaments_controller.rb') diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 386a6a4..7c93346 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -1,6 +1,8 @@ class TournamentsController < ApplicationController - before_action :set_tournament, only: [:show, :edit, :update, :destroy, :join] - before_action :check_perms, only: [:new, :create, :edit, :destroy] + # put #update in with before_show, because in special cases the + # permissions are relaxed, so we do that right in the #update method + before_action :before_show, only: [:show, :update] + before_action :before_edit, only: [:new, :create, :edit, :destroy] # GET /tournaments # GET /tournaments.json @@ -46,9 +48,8 @@ class TournamentsController < ApplicationController # PATCH/PUT /tournaments/1 # PATCH/PUT /tournaments/1.json def update - if params[:update_action].nil? - check_perms + before_edit respond_to do |format| if @tournament.update(tournament_params) format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' } @@ -103,18 +104,19 @@ class TournamentsController < ApplicationController private # Use callbacks to share common setup or constraints between actions. - def set_tournament + def before_show @tournament = Tournament.find(params[:id]) end - def check_perms - unless (signed_in? and current_user.in_group?(:host)) - respond_to do |format| - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } - end - end - end + def before_edit + @tournament = Tournament.find(params[:id]) + unless (signed_in? and (@tournament.hosts.include?(current_user) or current_user.in_group?(:admin))) + respond_to do |format| + format.html { render action: 'permission_denied', status: :forbidden } + format.json { render json: "Permission denied", status: :forbidden } + end + end + end # Never trust parameters from the scary internet, only allow the white list through. def tournament_params -- cgit v1.2.3-2-g168b From 501e305de609313809b2641522679c17834c603f Mon Sep 17 00:00:00 2001 From: AndrewMurrell Date: Thu, 6 Mar 2014 23:08:42 -0500 Subject: Fixed the registration in the tourney model and fixed a lint int the controller. --- app/controllers/tournaments_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/tournaments_controller.rb') diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 3583ec3..5155a4f 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -40,7 +40,7 @@ class TournamentsController < ApplicationController @tournament = Tournament.new(tournament_params) respond_to do |format| if @tournament.save - @tournament.hosts.push(current_user) + #@tournament.hosts.push(current_user) format.html { redirect_to @tournament, notice: 'Tournament was successfully created.' } format.json { render action: 'show', status: :created, location: @tournament } else -- cgit v1.2.3-2-g168b From e74879dd4769e8bed34085ee3f978fc4a31366cb Mon Sep 17 00:00:00 2001 From: AndrewMurrell Date: Thu, 6 Mar 2014 23:50:58 -0500 Subject: Sorry guys. --- app/controllers/tournaments_controller.rb | 42 ++++++++++++++----------------- 1 file changed, 19 insertions(+), 23 deletions(-) (limited to 'app/controllers/tournaments_controller.rb') diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 913ca52..3583ec3 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -1,8 +1,6 @@ class TournamentsController < ApplicationController - # put #update in with before_show, because in special cases the - # permissions are relaxed, so we do that right in the #update method - before_action :before_show, only: [:show, :update] - before_action :before_edit, only: [:new, :create, :edit, :destroy] + before_action :set_tournament, only: [:show, :edit, :update, :destroy, :join] + before_action :check_perms, only: [:new, :create, :edit, :destroy] # GET /tournaments # GET /tournaments.json @@ -42,7 +40,7 @@ class TournamentsController < ApplicationController @tournament = Tournament.new(tournament_params) respond_to do |format| if @tournament.save - #@tournament.hosts.push(current_user) + @tournament.hosts.push(current_user) format.html { redirect_to @tournament, notice: 'Tournament was successfully created.' } format.json { render action: 'show', status: :created, location: @tournament } else @@ -55,8 +53,9 @@ class TournamentsController < ApplicationController # PATCH/PUT /tournaments/1 # PATCH/PUT /tournaments/1.json def update + if params[:update_action].nil? - before_edit + check_perms respond_to do |format| if @tournament.update(tournament_params) format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' } @@ -73,20 +72,18 @@ class TournamentsController < ApplicationController if @tournament.join(current_user) format.html { render action: 'show', notice: 'You have joined this tournament.' } format.json { head :no_content } - else - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } end + format.html { render action: 'permission_denied', status: :forbidden } + format.json { render json: "Permission denied", status: :forbidden } end when "open" respond_to do |format| if @tournament.setup - format.html { render action: 'show', notice: 'You have opend this tournament.' } + format.html { render action: 'show', notice: 'You have joined this tournament.' } format.json { head :no_content } - else - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } end + format.html { render action: 'permission_denied', status: :forbidden } + format.json { render json: "Permission denied", status: :forbidden } end #when "close" # TODO @@ -111,19 +108,18 @@ class TournamentsController < ApplicationController private # Use callbacks to share common setup or constraints between actions. - def before_show + def set_tournament @tournament = Tournament.find(params[:id]) end - def before_edit - @tournament = Tournament.find(params[:id]) - unless (signed_in? and (@tournament.hosts.include?(current_user) or current_user.in_group?(:admin))) - respond_to do |format| - format.html { render action: 'permission_denied', status: :forbidden } - format.json { render json: "Permission denied", status: :forbidden } - end - end - end + def check_perms + unless (signed_in? and current_user.in_group?(:host)) + respond_to do |format| + format.html { render action: 'permission_denied', status: :forbidden } + format.json { render json: "Permission denied", status: :forbidden } + end + end + end # Never trust parameters from the scary internet, only allow the white list through. def tournament_params -- cgit v1.2.3-2-g168b