13 files changed, 470 insertions, 173 deletions
diff --git a/app/controllers/alerts_controller.rb b/app/controllers/alerts_controller.rb
index a3cb8f9..b728c7e 100644
--- a/app/controllers/alerts_controller.rb
+++ b/app/controllers/alerts_controller.rb
@@ -1,6 +1,4 @@
 class AlertsController < ApplicationController
-	before_action :set_alert, only: [:show, :edit, :update, :destroy]
-
 	# GET /alerts
 	# GET /alerts.json
 	def index
@@ -25,6 +23,13 @@ class AlertsController < ApplicationController
 	# POST /alerts.json
 	def create
 		@alert = Alert.new(alert_params)
+		@alert.author = current_user
+		users = {}
+		users = User.all
+
+		for i in 0..users.length
+			current_user.send_message(users[i], @alert.message, "Pay Attention!")		
+		end 
 
 		respond_to do |format|
 			if @alert.save
@@ -62,11 +67,16 @@ class AlertsController < ApplicationController
 	end
 
 	private
+
 	# Use callbacks to share common setup or constraints between actions.
 	def set_alert
 		@alert = Alert.find(params[:id])
 	end
 
+	def is_owner?(object)
+		object.author == current_user
+	end
+
 	# Never trust parameters from the scary internet, only allow the white list through.
 	def alert_params
 		params.require(:alert).permit(:author_id, :message)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 27ef6a7..d5752aa 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,5 +1,55 @@
 class ApplicationController < ActionController::Base
+	before_action :set_object, only: [:show]
+	before_action :check_create, only: [:new, :create]
+	before_action :check_edit, only: [:edit, :update]
+	before_action :check_delete, only: [:destroy]
+
 	# Prevent CSRF attacks by raising an exception.
 	# For APIs, you may want to use :null_session instead.
 	protect_from_forgery with: :exception
+
+	#include sessionhelper for the session controller and view
+	include SessionsHelper
+
+	include SimpleCaptcha::ControllerHelpers
+
+	def check_permission(verb, object=nil)
+		unless current_user.can?((verb.to_s+"_"+noun).to_sym) or (!object.nil? and is_owner?(object))
+			respond_to do |format|
+				format.html do
+					if object.nil?
+						redirect_to send(noun.pluralize+"_url"), notice: "You don't have permission to #{verb} #{noun.pluralize}."
+					else
+						redirect_to object, notice: "You don't have permission to #{verb} this #{noun}."
+					end
+				end
+				format.json { render json: "Permission denied", status: :forbidden }
+			end
+		end
+	end
+
+	def noun
+		@noun ||= self.class.name.underscore.sub(/_controller$/, '').singularize
+	end
+
+	def set_object
+		object = send("set_"+noun)
+	end
+
+	def check_create
+		check_permission(:create)
+	end
+	def check_edit
+		object = send("set_"+noun)
+		check_permission(:edit, object)
+	end
+	def check_delete
+		object = send("set_"+noun)
+		check_permission(:edit, object)
+	end
+
+	# Override this
+	def is_owner?(object)
+		return false
+	end
 end
diff --git a/app/controllers/brackets_controller.rb b/app/controllers/brackets_controller.rb
index fe43ca9..e202c96 100644
--- a/app/controllers/brackets_controller.rb
+++ b/app/controllers/brackets_controller.rb
@@ -1,20 +1,30 @@
 class BracketsController < ApplicationController
-	before_action :set_bracket, only: [:show, :edit, :update, :destroy]
+	before_action :set_tournament, only: [:index, :create]
 
 	# GET /brackets
 	# GET /brackets.json
 	def index
-		@brackets = Bracket.all
+		@tournament = Tournament.find(params[:tournament_id])
+		@brackets = @tournament.brackets
 	end
 
 	# GET /brackets/1
 	# GET /brackets/1.json
 	def show
-	end
+		@results = (@tournament.status == 4)? @bracket.calcResult : nil;
+		@matches = @tournament.stages.order(:id).first.matches_ordered
+		@numTeams = @tournament.min_teams_per_match
+		@logBase = @numTeams
+			
+		# depth of SVG tree
+		@depth = Math.log(@matches.count*(@logBase-1),@logBase).floor+1;
+			
+		# height of SVG
+		@matchHeight = 50*@logBase;
+		@height = [(@matchHeight+50) * @logBase**(@depth-1) + 100, 500].max;
 
-	# GET /brackets/new
-	def new
-		@bracket = Bracket.new
+		@base = 1
+		@pBase = 1
 	end
 
 	# GET /brackets/1/edit
@@ -24,14 +34,17 @@ class BracketsController < ApplicationController
 	# POST /brackets
 	# POST /brackets.json
 	def create
-		@bracket = Bracket.new(bracket_params)
+		@bracket = @tournament.brackets.build(user: current_user)
+		@bracket.name =  current_user.user_name + "'s Prediction for " + @tournament.name
 
 		respond_to do |format|
-			if @bracket.save
+			if @tournament.status == 1 && @tournament.stages.first.scheduling_method == "elimination" && @tournament.stages.first.matches.first.status < 2
+				@bracket.save
+				@bracket.create_matches
 				format.html { redirect_to @bracket, notice: 'Bracket was successfully created.' }
-				format.json { render action: 'show', status: :created, location: @bracket }
+				format.json { render action: 'edit', status: :created, location: @bracket }
 			else
-				format.html { render action: 'new' }
+				format.html { redirect_to tournaments_path action: 'You can\'t make a bracket for this tournament' }
 				format.json { render json: @bracket.errors, status: :unprocessable_entity }
 			end
 		end
@@ -41,11 +54,11 @@ class BracketsController < ApplicationController
 	# PATCH/PUT /brackets/1.json
 	def update
 		respond_to do |format|
-			if @bracket.update(bracket_params)
-				format.html { redirect_to @bracket, notice: 'Bracket was successfully updated.' }
+			if @bracket.predict_winners(prediction_params)
+				format.html { redirect_to @tournament, notice: 'Your bracket was made! Check back when this stage finishes to see how you did!' }
 				format.json { head :no_content }
 			else
-				format.html { render action: 'edit' }
+				format.html { redirect_to @tournament, notice: 'bracket was not made... :('}
 				format.json { render json: @bracket.errors, status: :unprocessable_entity }
 			end
 		end
@@ -64,11 +77,32 @@ class BracketsController < ApplicationController
 	private
 	# Use callbacks to share common setup or constraints between actions.
 	def set_bracket
+		@tournament = Tournament.find(params[:tournament_id])
 		@bracket = Bracket.find(params[:id])
 	end
 
+	def set_tournament
+		@tournament = Tournament.find(params[:tournament_id])
+	end
+
 	# Never trust parameters from the scary internet, only allow the white list through.
 	def bracket_params
+		# bracket[user_id]
+		# bracket[tournament_id]
+		# bracket[name]
+		# bracket[matches][#{i}]
 		params.require(:bracket).permit(:user_id, :tournament_id, :name)
 	end
+
+	def prediction_params
+		require 'pp'
+		puts "<params"+"<"*80
+		pp params
+		puts ">"*80
+		params.require(:bracket).require(:matches)
+	end
+
+	def is_owner?(bracket)
+		bracket.user == current_user
+	end
 end
diff --git a/app/controllers/games_controller.rb b/app/controllers/games_controller.rb
index 27df771..d014a1c 100644
--- a/app/controllers/games_controller.rb
+++ b/app/controllers/games_controller.rb
@@ -1,6 +1,4 @@
 class GamesController < ApplicationController
-	before_action :set_game, only: [:show, :edit, :update, :destroy]
-
 	# GET /games
 	# GET /games.json
 	def index
diff --git a/app/controllers/main_controller.rb b/app/controllers/main_controller.rb
index 6519d7b..0ba4d94 100644
--- a/app/controllers/main_controller.rb
+++ b/app/controllers/main_controller.rb
@@ -1,2 +1,4 @@
 class MainController < ApplicationController
+	def homepage
+	end
 end
diff --git a/app/controllers/matches_controller.rb b/app/controllers/matches_controller.rb
index 4042d3c..e944983 100644
--- a/app/controllers/matches_controller.rb
+++ b/app/controllers/matches_controller.rb
@@ -1,63 +1,77 @@
 class MatchesController < ApplicationController
-	before_action :set_match, only: [:show, :edit, :update, :destroy]
+	require 'httparty'
+	require 'json'
+	require 'delayed_job'
 
-	# GET /matches
-	# GET /matches.json
+	before_action :set_tournament, only: [:index]
+
+	# GET /tournaments/1/matches
+	# GET /tournaments/1/matches.json
 	def index
-		@matches = Match.all
 	end
 
-	# GET /matches/1
-	# GET /matches/1.json
+	# GET /tournaments/1/matches/1
+	# GET /tournaments/1/matches/1.json
 	def show
-	end
-
-	# GET /matches/new
-	def new
-		@match = Match.new
-	end
-
-	# GET /matches/1/edit
-	def edit
-	end
-
-	# POST /matches
-	# POST /matches.json
-	def create
-		@match = Match.new(match_params)
-
-		respond_to do |format|
-			if @match.save
-				format.html { redirect_to @match, notice: 'Match was successfully created.' }
-				format.json { render action: 'show', status: :created, location: @match }
-			else
-				format.html { render action: 'new' }
-				format.json { render json: @match.errors, status: :unprocessable_entity }
-			end
+		if @match.tournament_stage.tournament.game_id == 1
+			file_blue = "blue.yaml"
+			file_purple = "purple.yaml"
+			@blue2 = YAML.load_file(file_blue)
+			@purp2 = YAML.load_file(file_purple)
 		end
 	end
 
-	# PATCH/PUT /matches/1
-	# PATCH/PUT /matches/1.json
+	# PATCH/PUT /tournaments/1/matches/1
+	# PATCH/PUT /tournaments/1/matches/1.json
 	def update
-		respond_to do |format|
-			if @match.update(match_params)
-				format.html { redirect_to @match, notice: 'Match was successfully updated.' }
+		case @match.status
+		when 0
+			# Created, waiting to be scheduled
+		when 1
+			# Scheduled, waiting to start
+			if (@tournament.hosts.include? current_user) and (params[:update_action] == "start")
+				@match.status = 2
+				@match.start_sampling
+				respond_to do |format|
+						if @match.save
+							format.html { redirect_to tournament_match_path(@tournament, @match), notice: 'Match has started.' }
+							format.json { head :no_content }
+						else
+							format.html { render action: 'show' }
+							format.json { render json: @match.errors, status: :unprocessable_entity }
+						end
+				end
+				return
+			end
+		when 2
+			# Started, waiting to finish
+			@match.handle_sampling(@current_user, params)
+			# The @match.status will be updated by Statistic's after_save hook
+			respond_to do |format|
+				format.html { redirect_to tournament_match_path(@tournament, @match), notice: 'Match has finished.' }
 				format.json { head :no_content }
-			else
-				format.html { render action: 'edit' }
-				format.json { render json: @match.errors, status: :unprocessable_entity }
 			end
-		end
-	end
-
-	# DELETE /matches/1
-	# DELETE /matches/1.json
-	def destroy
-		@match.destroy
-		respond_to do |format|
-			format.html { redirect_to matches_url }
-			format.json { head :no_content }
+		when 3
+			if (@tournament.hosts.include? current_user) and (params[:update_action] == "start")
+				ok = true
+				ActiveRecord::Base.transaction do
+					ok &= @match.statitistics.destroy_all
+					@match.status = 1
+					ok &= @match.save
+				end
+				respond_to do |format|
+					if @match.save
+						format.html { redirect_to tournament_match_path(@tournament, @match), notice: 'Match has finished.' }
+						format.json { head :no_content }
+					else
+						format.html { render action: 'show' }
+						format.json { render json: @match.errors, status: :unprocessable_entity }
+					end
+				end
+				return
+			end
+		else
+			redirect_to tournament_match_path(@tournament, @match)
 		end
 	end
 
@@ -65,10 +79,21 @@ class MatchesController < ApplicationController
 	# Use callbacks to share common setup or constraints between actions.
 	def set_match
 		@match = Match.find(params[:id])
+		@tournament = @match.tournament_stage.tournament
+	end
+
+	def set_tournament
+		@tournament = Tournament.find(params[:tournament_id])
 	end
 
 	# Never trust parameters from the scary internet, only allow the white list through.
 	def match_params
 		params.require(:match).permit(:status, :tournament_stage_id, :winner_id)
+		params.require(:match).permit(:status, :tournament_stage_id, :winner_id)
+	end
+
+	# Turn of check_edit, since our #update is flexible
+	def check_edit
+		set_match
 	end
 end
diff --git a/app/controllers/pms_controller.rb b/app/controllers/pms_controller.rb
index 11f51c8..3368663 100644
--- a/app/controllers/pms_controller.rb
+++ b/app/controllers/pms_controller.rb
@@ -1,6 +1,4 @@
 class PmsController < ApplicationController
-	before_action :set_pm, only: [:show, :edit, :update, :destroy]
-
 	# GET /pms
 	# GET /pms.json
 	def index
@@ -25,6 +23,12 @@ class PmsController < ApplicationController
 	# POST /pms.json
 	def create
 		@pm = Pm.new(pm_params)
+		@pm.author = current_user
+		#require 'pp'
+		#pp @pm.message
+		@pm.recipient = User.find_by_user_name(pm_params['recipient_id'])
+
+		@pm.conversation = @pm.author.send_message(@pm.recipient, @pm.message, @pm.subject).conversation
 
 		respond_to do |format|
 			if @pm.save
@@ -37,6 +41,10 @@ class PmsController < ApplicationController
 		end
 	end
 
+	#def reply
+	#	current_user.reply_to_conversation(conversation, message)
+	#end
+
 	# PATCH/PUT /pms/1
 	# PATCH/PUT /pms/1.json
 	def update
@@ -49,6 +57,7 @@ class PmsController < ApplicationController
 				format.json { render json: @pm.errors, status: :unprocessable_entity }
 			end
 		end
+		current_user.reply_to_conversation(@pm.conversation, @pm.message)
 	end
 
 	# DELETE /pms/1
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index ee61487..af35ddb 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -1,2 +1,41 @@
 class SearchController < ApplicationController
+
+	def go
+		@games = Game.all
+		@query = params[:query]
+		@gametype = params[:game_type]
+
+		if ( @gametype.nil? and (@query.nil? or @query.empty?)) then 
+			return 
+		end
+
+		tour_filters = []
+		user_filters = []
+		unless @query.empty?
+			tour_filters.push(["name LIKE ?", "%#{@query}%"])
+			user_filters.push(["name LIKE ?", "%#{@query}%"])
+		end
+		unless @gametype.nil? or @gametype.empty?
+			tour_filters.push(["game_id = ?", @gametype])
+		end
+
+		if tour_filters.empty?
+			@tournamets = []
+		else
+			@tournaments = Tournament
+			tour_filters.each do |filter|
+				@tournaments = @tournaments.where(*filter)
+			end
+		end
+
+		if user_filters.empty?
+			@players = []
+		else
+			@players = User
+			user_filters.each do |filter|
+				@players = @players.where(*filter)
+			end
+		end
+	end
+
 end
diff --git a/app/controllers/servers_controller.rb b/app/controllers/servers_controller.rb
index 4c12c7e..83a9f31 100644
--- a/app/controllers/servers_controller.rb
+++ b/app/controllers/servers_controller.rb
@@ -1,44 +1,15 @@
 class ServersController < ApplicationController
-	before_action :set_server, only: [:show, :edit, :update, :destroy]
-
-	# GET /servers
-	# GET /servers.json
-	def index
-		@servers = Server.all
-	end
-
-	# GET /servers/1
-	# GET /servers/1.json
+	# GET /server
+	# GET /server.json
 	def show
 	end
 
-	# GET /servers/new
-	def new
-		@server = Server.new
-	end
-
-	# GET /servers/1/edit
+	# GET /server/edit
 	def edit
 	end
 
-	# POST /servers
-	# POST /servers.json
-	def create
-		@server = Server.new(server_params)
-
-		respond_to do |format|
-			if @server.save
-				format.html { redirect_to @server, notice: 'Server was successfully created.' }
-				format.json { render action: 'show', status: :created, location: @server }
-			else
-				format.html { render action: 'new' }
-				format.json { render json: @server.errors, status: :unprocessable_entity }
-			end
-		end
-	end
-
-	# PATCH/PUT /servers/1
-	# PATCH/PUT /servers/1.json
+	# PATCH/PUT /server
+	# PATCH/PUT /server.json
 	def update
 		respond_to do |format|
 			if @server.update(server_params)
@@ -51,24 +22,15 @@ class ServersController < ApplicationController
 		end
 	end
 
-	# DELETE /servers/1
-	# DELETE /servers/1.json
-	def destroy
-		@server.destroy
-		respond_to do |format|
-			format.html { redirect_to servers_url }
-			format.json { head :no_content }
-		end
-	end
-
 	private
+
 	# Use callbacks to share common setup or constraints between actions.
 	def set_server
-		@server = Server.find(params[:id])
+		@server = Server.first
 	end
 
 	# Never trust parameters from the scary internet, only allow the white list through.
 	def server_params
-		params.require(:server).permit(:default_user_permissions)
+		params.require(:server).permit(:default_user_permissions, :default_user_abilities => User.permission_bits.keys)
 	end
 end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index b035ea0..9f0a8e3 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,52 +1,27 @@
 class SessionsController < ApplicationController
-	before_action :set_session, only: [:show, :edit, :update, :destroy]
-
-	# GET /sessions
-	# GET /sessions.json
-	def index
-		@sessions = Session.all
-	end
-
-	# GET /sessions/1
-	# GET /sessions/1.json
-	def show
-	end
 
 	# GET /sessions/new
 	def new
-		@session = Session.new
-	end
-
-	# GET /sessions/1/edit
-	def edit
+		@user = User.new
+		#@session = Session.new
 	end
 
 	# POST /sessions
 	# POST /sessions.json
 	def create
-		@session = Session.new(session_params)
+		# find the user...
+		@user = User.find_by_email(params[:session][:username_or_email]) || User.find_by_user_name(params[:session][:username_or_email])
 
+		#@session = Session.new(@user)
+		# ... and create a new session
 		respond_to do |format|
-			if @session.save
-				format.html { redirect_to @session, notice: 'Session was successfully created.' }
-				format.json { render action: 'show', status: :created, location: @session }
+			if @user && @user.authenticate(params[:session][:password])
+				sign_in @user
+				format.html { redirect_to root_path }
+				#format.json { # TODO }
 			else
 				format.html { render action: 'new' }
-				format.json { render json: @session.errors, status: :unprocessable_entity }
-			end
-		end
-	end
-
-	# PATCH/PUT /sessions/1
-	# PATCH/PUT /sessions/1.json
-	def update
-		respond_to do |format|
-			if @session.update(session_params)
-				format.html { redirect_to @session, notice: 'Session was successfully updated.' }
-				format.json { head :no_content }
-			else
-				format.html { render action: 'edit' }
-				format.json { render json: @session.errors, status: :unprocessable_entity }
+				format.json { render json: @user.errors, status: :unprocessable_entity }
 			end
 		end
 	end
@@ -54,9 +29,10 @@ class SessionsController < ApplicationController
 	# DELETE /sessions/1
 	# DELETE /sessions/1.json
 	def destroy
-		@session.destroy
+		#@session.destroy
+		sign_out
 		respond_to do |format|
-			format.html { redirect_to sessions_url }
+			format.html { redirect_to root_path }
 			format.json { head :no_content }
 		end
 	end
@@ -64,11 +40,16 @@ class SessionsController < ApplicationController
 	private
 	# Use callbacks to share common setup or constraints between actions.
 	def set_session
-		@session = Session.find(params[:id])
+		@token = Session.hash_token(cookies[:remember_token])
+		@session = Session.find_by(token: @token)
 	end
 
 	# Never trust parameters from the scary internet, only allow the white list through.
 	def session_params
-		params.require(:session).permit(:user_id, :token)
+		params.require(:session).permit(:session_email, :session_user_name, :session_password)
+	end
+
+	def is_owner?(object)
+		object.user == current_user
 	end
 end
diff --git a/app/controllers/teams_controller.rb b/app/controllers/teams_controller.rb
index 57b3d91..6abc74c 100644
--- a/app/controllers/teams_controller.rb
+++ b/app/controllers/teams_controller.rb
@@ -1,5 +1,4 @@
 class TeamsController < ApplicationController
-	before_action :set_team, only: [:show, :edit, :update, :destroy]
 
 	# GET /teams
 	# GET /teams.json
@@ -71,4 +70,8 @@ class TeamsController < ApplicationController
 	def team_params
 		params[:team]
 	end
+
+	def is_owner?(object)
+		object.users.include?(current_user)
+	end
 end
diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb
index 51229cb..471c5da 100644
--- a/app/controllers/tournaments_controller.rb
+++ b/app/controllers/tournaments_controller.rb
@@ -1,5 +1,4 @@
 class TournamentsController < ApplicationController
-	before_action :set_tournament, only: [:show, :edit, :update, :destroy]
 
 	# GET /tournaments
 	# GET /tournaments.json
@@ -10,24 +9,75 @@ class TournamentsController < ApplicationController
 	# GET /tournaments/1
 	# GET /tournaments/1.json
 	def show
+		respond_to do |format|
+			format.html {  
+				case @tournament.status
+				when 0
+					render action: 'show'
+				when 1
+					redirect_to tournament_matches_path(@tournament)
+				when 2
+					redirect_to tournaments_page
+				end
+			}
+			format.json { 
+				data = JSON.parse(@tournament.to_json)
+				data["players"] = @tournament.players;
+				render :json => data.to_json
+			}
+		end
 	end
 
 	# GET /tournaments/new
 	def new
-		@tournament = Tournament.new
+		@tournament = Tournament.new(tournament_attribute_params)
+		if @tournament.game
+			@tournament.game.settings.each do |game_setting|
+				@tournament.tournament_settings.build(
+					name:          game_setting.name,
+					value:         game_setting.value,
+					vartype:       game_setting.vartype,
+					type_opt:      game_setting.type_opt,
+					description:   game_setting.description,
+					display_order: game_setting.display_order)
+			end
+		end
 	end
 
 	# GET /tournaments/1/edit
 	def edit
+		check_permission(:edit, @tournament)
 	end
 
 	# POST /tournaments
 	# POST /tournaments.json
 	def create
-		@tournament = Tournament.new(tournament_params)
-
+		@tournament = Tournament.new(tournament_attribute_params)
+		@tournament.status = 0
+		ok = true
+		begin
+			ActiveRecord::Base.transaction do
+				ok &= @tournament.update(tournament_setting_params)
+				ok &= @tournament.hosts.push(current_user)
+				for i in 1..(params[:num_stages].to_i) do
+					begin
+						ok &= @tournament.stages.build(tournament_stage_params(i))
+					rescue ActionController::ParameterMissing => e
+						ok = false
+						@tournament.errors.add("stages[#{i}]", "needs to be set")
+					end
+				end
+				ok &= @tournament.save
+			end
+		rescue ActiveRecord::RecordNotUnique => e
+			ok = false
+			@tournament.errors.add(:name, "must be unique")
+		rescue => e
+			ok = false
+			@tournament.errors.add(:exception, "Unknown error: ``#{e.class.name}'' -- #{e.inspect} -- #{e.methods - Object.new.methods}")
+		end
 		respond_to do |format|
-			if @tournament.save
+			if ok
 				format.html { redirect_to @tournament, notice: 'Tournament was successfully created.' }
 				format.json { render action: 'show', status: :created, location: @tournament }
 			else
@@ -40,12 +90,71 @@ class TournamentsController < ApplicationController
 	# PATCH/PUT /tournaments/1
 	# PATCH/PUT /tournaments/1.json
 	def update
-		respond_to do |format|
-			if @tournament.update(tournament_params)
-				format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' }
-				format.json { head :no_content }
-			else
-				format.html { render action: 'edit' }
+		case params[:update_action]
+		when nil
+			check_permission(:edit, @tournament)
+			ok = true
+			ActiveRecord::Base.transaction do
+				ok &= @tournament.update(tournament_attribute_params)
+				ok &= @tournament.update(tournament_setting_params)
+			end
+			respond_to do |format|
+				if ok
+					format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' }
+					format.json { head :no_content }
+				else
+					format.html { render action: 'edit' }
+					format.json { render json: @tournament.errors, status: :unprocessable_entity }
+				end
+			end
+		when "join"
+			# permission checking for join is done in the Tournament model
+			respond_to do |format|
+				if @tournament.join(current_user)
+					format.html { redirect_to @tournament, notice: 'You have joined this tournament.' }
+					format.json { head :no_content }
+				else
+					format.html { redirect_to @tournament, notice: "You can't join this tournament." }
+					format.json { render json: "Permission denied", status: :forbidden }
+				end
+			end
+		when "leave"
+			respond_to do |format|
+				if @tournament.leave(current_user)
+					format.html { redirect_to tournaments_url, notice: 'You have left the tournament.' }
+					format.json { head :no_content }
+				else
+					format.html { redirect_to @tournament, notice: 'You were\'t a part of this tournament.' }
+					format.json { render json: "Permission denied", status: :forbidden }
+				end
+			end
+		when "start"
+			check_permission(:edit, @tournament)
+			respond_to do |format|
+				if @tournament.status == 0
+					@tournament.status = 1
+					@tournament.save
+					success = true
+					ActiveRecord::Base.transaction do
+					#	sched = tournament_attribute_params[:type_opt]
+					#	success &= @tournament.stages.create(scheduling_method: sched)
+						success &= @tournament.stages.first.create_matches
+					end
+					if success
+						format.html { redirect_to @tournament, notice: 'You have started this tournament.' }
+						format.json { head :no_content }
+					else
+						format.html { redirect_to @tournament, notice: "You don't have permission to start this tournament." }
+						format.json { render json: "Permission denied", status: :forbidden }
+					end
+				else
+					format.html { redirect_to @tournament, notice: "This tournament is not in a state that it can be started." }
+					format.json { render json: "Permission denied", status: :forbidden }
+				end
+			end
+		else
+			respond_to do |format|
+				format.html { redirect_to @tournament, notice: "Invalid action", status: :unprocessable_entity }
 				format.json { render json: @tournament.errors, status: :unprocessable_entity }
 			end
 		end
@@ -64,11 +173,52 @@ class TournamentsController < ApplicationController
 	private
 	# Use callbacks to share common setup or constraints between actions.
 	def set_tournament
-		@tournament = Tournament.find(params[:id])
+		begin
+			@tournament = Tournament.find(params[:id])
+		rescue
+			redirect_to tournaments_url, notice: 'That tournament no longer exists.'
+		end
 	end
 
 	# Never trust parameters from the scary internet, only allow the white list through.
-	def tournament_params
-		params.require(:tournament).permit(:game_id, :status, :name, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :scoring_method)
+	def tournament_attribute_params
+		params[:num_stages] ||= 1
+		if params[:tournament]
+			p = params.require(:tournament).permit(:game_id, :status, :name, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :scoring_method)
+			if p[:game_id]
+				game = Game.find(p[:game_id])
+				p[:min_players_per_team] ||= game.min_players_per_team
+				p[:max_players_per_team] ||= game.max_players_per_team
+				p[:min_teams_per_match]  ||= game.min_teams_per_match
+				p[:max_teams_per_match]  ||= game.max_teams_per_match
+				p[:scoring_method]       ||= game.scoring_method
+			end
+			return p
+		else
+			return {}
+		end
 	end
+
+	def tournament_setting_params
+		if tournament_attribute_params[:game_id]
+			game = Game.find(params[:tournament][:game_id])
+			params.require(:tournament).permit({:settings => game.settings.collect{|s| s.name}})
+		else
+			return {}
+		end
+	end
+
+	def tournament_stage_params(i)
+		params.require(:tournament).require(:stages).require(i.to_s).permit(:scheduling_method, :seeding_method)
+	end
+
+	def is_owner?(object)
+		object.hosts.include?(current_user)
+	end
+
+	# Turn of check_edit, since our #update is flexible
+	def check_edit
+		set_tournament
+	end
+
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 58bf4c6..767d992 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,7 +1,10 @@
 class UsersController < ApplicationController
-	before_action :set_user, only: [:show, :edit, :update, :destroy]
+
+	require 'httparty'
+	require 'json'
 
 	# GET /users
+
 	# GET /users.json
 	def index
 		@users = User.all
@@ -25,13 +28,26 @@ class UsersController < ApplicationController
 	# POST /users.json
 	def create
 		@user = User.new(user_params)
+		unless (simple_captcha_valid?)
+			respond_to do |format|
+				format.html { render action: 'new', status: :unprocessable_entity }
+				format.json { render json: @user.errors, status: :unprocessable_entity }
+			end
+			return
+		end
 
 		respond_to do |format|
 			if @user.save
-				format.html { redirect_to @user, notice: 'User was successfully created.' }
+				sign_in @user
+				if @user.id == 1
+					# This is the first user, so give them all the power
+					@user.permissions = 0xFFFFFFFF
+					@user.save
+				end
+				format.html { redirect_to root_path, notice: 'User was successfully created.' }
 				format.json { render action: 'show', status: :created, location: @user }
 			else
-				format.html { render action: 'new' }
+				format.html { render action: 'new', status: :unprocessable_entity }
 				format.json { render json: @user.errors, status: :unprocessable_entity }
 			end
 		end
@@ -40,8 +56,17 @@ class UsersController < ApplicationController
 	# PATCH/PUT /users/1
 	# PATCH/PUT /users/1.json
 	def update
+		ok = true
+		if params[:user][:remote_usernames].nil?
+			ok &= @user.update(user_params)
+		else
+			params[:user][:remote_usernames].each do |game_name,user_name|
+				game = Game.find_by_name(game_name)
+				Sampling::RiotApi::set_remote_name(@user, game, user_name)
+			end
+		end
 		respond_to do |format|
-			if @user.update(user_params)
+			if ok
 				format.html { redirect_to @user, notice: 'User was successfully updated.' }
 				format.json { head :no_content }
 			else
@@ -61,14 +86,23 @@ class UsersController < ApplicationController
 		end
 	end
 
+
 	private
 	# Use callbacks to share common setup or constraints between actions.
 	def set_user
 		@user = User.find(params[:id])
 	end
 
+	def is_owner?(object)
+		object == current_user
+	end
+
 	# Never trust parameters from the scary internet, only allow the white list through.
 	def user_params
-		params.require(:user).permit(:name, :email, :user_name)
+		permitted = [ :name, :email, :user_name, :password, :password_confirmation ]
+		if current_user.can? :edit_permissions
+			permitted.push(:abilities => User.permission_bits.keys)
+		end
+		params.require(:user).permit(permitted)
 	end
 end