Merge branch 'master' of http://github.com/LukeShu/leaguer

author: AndrewMurrell <amurrel@purdue.edu> 2014-03-06 23:08:50 -0500
committer: AndrewMurrell <amurrel@purdue.edu> 2014-03-06 23:08:50 -0500
commit: acf821e35851b672fcb5fb350e77aedf5a674843 (patch)
tree: e91efb71e3b24fd0ada0606e2e8f30b4604a8eb3 /app
parent: 501e305de609313809b2641522679c17834c603f (diff)
parent: ec351b90e1682541062c669a3f8b59131351b0a3 (diff)
3 files changed, 25 insertions, 21 deletions
diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb
index 5155a4f..913ca52 100644
--- a/app/controllers/tournaments_controller.rb
+++ b/app/controllers/tournaments_controller.rb
@@ -1,6 +1,8 @@
 class TournamentsController < ApplicationController
-  before_action :set_tournament, only: [:show, :edit, :update, :destroy, :join]
-  before_action :check_perms, only: [:new, :create, :edit, :destroy]
+  # put #update in with before_show, because in special cases the
+  # permissions are relaxed, so we do that right in the #update method
+  before_action :before_show, only: [:show, :update]
+  before_action :before_edit, only: [:new, :create, :edit, :destroy]
 
   # GET /tournaments
   # GET /tournaments.json
@@ -53,9 +55,8 @@ class TournamentsController < ApplicationController
   # PATCH/PUT /tournaments/1
   # PATCH/PUT /tournaments/1.json
   def update
-  	
     if params[:update_action].nil?
-      check_perms
+      before_edit
       respond_to do |format|
         if @tournament.update(tournament_params)
           format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' }
@@ -72,18 +73,20 @@ class TournamentsController < ApplicationController
           if @tournament.join(current_user)
             format.html { render action: 'show', notice: 'You have joined this tournament.' }
             format.json { head :no_content }
+          else
+            format.html { render action: 'permission_denied', status: :forbidden }
+            format.json { render json: "Permission denied", status: :forbidden }
           end
-          format.html { render action: 'permission_denied', status: :forbidden }
-          format.json { render json: "Permission denied", status: :forbidden }
         end
       when "open"
         respond_to do |format|
           if @tournament.setup
-            format.html { render action: 'show', notice: 'You have joined this tournament.' }
+            format.html { render action: 'show', notice: 'You have opend this tournament.' }
             format.json { head :no_content }
+          else
+            format.html { render action: 'permission_denied', status: :forbidden }
+            format.json { render json: "Permission denied", status: :forbidden }
           end
-          format.html { render action: 'permission_denied', status: :forbidden }
-          format.json { render json: "Permission denied", status: :forbidden }
         end
       #when "close"
         # TODO
@@ -108,18 +111,19 @@ class TournamentsController < ApplicationController
 
   private
     # Use callbacks to share common setup or constraints between actions.
-    def set_tournament
+    def before_show
       @tournament = Tournament.find(params[:id])
     end
 
-	def check_perms
-  		unless (signed_in? and current_user.in_group?(:host))
-  			respond_to do |format|
-  				format.html { render action: 'permission_denied', status: :forbidden }
-  				format.json { render json: "Permission denied", status: :forbidden }
-  			end
-  		end
-  	end
+    def before_edit
+      @tournament = Tournament.find(params[:id])
+      unless (signed_in? and (@tournament.hosts.include?(current_user) or current_user.in_group?(:admin)))
+        respond_to do |format|
+          format.html { render action: 'permission_denied', status: :forbidden }
+          format.json { render json: "Permission denied", status: :forbidden }
+        end
+      end
+    end
 
     # Never trust parameters from the scary internet, only allow the white list through.
     def tournament_params
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 907958b..70facca 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -28,7 +28,7 @@ class UsersController < ApplicationController
   # POST /users.json
   def create
     @user = User.new(user_params)
-
+    @user.groups = 0
     respond_to do |format|
       if @user.save
         sign_in @user
diff --git a/app/models/user.rb b/app/models/user.rb
index fa07b60..4d6902a 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,6 +1,6 @@
 class User < ActiveRecord::Base
-	has_and_belongs_to_many :tournaments_played, class_name: "Tournament", foreign_key: "tournament_id", join_table: "players_tournaments"
-	has_and_belongs_to_many :tournaments_hosted, class_name: "Tournament", foreign_key: "tournament_id", join_table: "hosts_tournaments"
+	has_and_belongs_to_many :tournaments_played, class_name: "Tournament", foreign_key: "player_id", join_table: "players_tournaments"
+	has_and_belongs_to_many :tournaments_hosted, class_name: "Tournament", foreign_key: "host_id", join_table: "hosts_tournaments"
 
 	before_save { self.email = email.downcase }
 	before_save { self.user_name = user_name }
author	AndrewMurrell <amurrel@purdue.edu>	2014-03-06 23:08:50 -0500
committer	AndrewMurrell <amurrel@purdue.edu>	2014-03-06 23:08:50 -0500
commit	acf821e35851b672fcb5fb350e77aedf5a674843 (patch)
tree	e91efb71e3b24fd0ada0606e2e8f30b4604a8eb3 /app
parent	501e305de609313809b2641522679c17834c603f (diff)
parent	ec351b90e1682541062c669a3f8b59131351b0a3 (diff)