summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/alerts_controller.rb10
-rw-r--r--app/controllers/application_controller.rb3
-rw-r--r--app/controllers/matches_controller.rb23
-rw-r--r--app/controllers/servers_controller.rb10
-rw-r--r--app/controllers/sessions_controller.rb122
-rw-r--r--app/controllers/static_controller.rb2
-rw-r--r--app/controllers/tournaments_controller.rb77
-rw-r--r--app/controllers/users_controller.rb30
8 files changed, 181 insertions, 96 deletions
diff --git a/app/controllers/alerts_controller.rb b/app/controllers/alerts_controller.rb
index 873e9b7..ac11854 100644
--- a/app/controllers/alerts_controller.rb
+++ b/app/controllers/alerts_controller.rb
@@ -1,5 +1,6 @@
class AlertsController < ApplicationController
before_action :set_alert, only: [:show, :edit, :update, :destroy]
+ before_action :check_perms, only: [:new, :create, :edit, :update, :destroy]
# GET /alerts
# GET /alerts.json
@@ -67,6 +68,15 @@ class AlertsController < ApplicationController
@alert = Alert.find(params[:id])
end
+ def check_perms
+ unless (signed_in? and (current_user.in_group?(:admin) or current_user.in_group?(:host)))
+ respond_to do |format|
+ format.html { render action: 'permission_denied', status: :forbidden }
+ format.json { render json: "Permission denied", status: :forbidden }
+ end
+ end
+ end
+
# Never trust parameters from the scary internet, only allow the white list through.
def alert_params
params.require(:alert).permit(:author_id, :message)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d83690e..7487f87 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,4 +2,7 @@ class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
+
+ #include sessionhelper for the session controller and view
+ include SessionsHelper
end
diff --git a/app/controllers/matches_controller.rb b/app/controllers/matches_controller.rb
index d79a7fc..b312e9e 100644
--- a/app/controllers/matches_controller.rb
+++ b/app/controllers/matches_controller.rb
@@ -1,10 +1,10 @@
class MatchesController < ApplicationController
+ before_action :set_tournament, only: [:index, :new, :create]
before_action :set_match, only: [:show, :edit, :update, :destroy]
-
# GET /matches
# GET /matches.json
def index
- @matches = Match.all
+ @matches = @tournament.matches
end
# GET /matches/1
@@ -14,7 +14,7 @@ class MatchesController < ApplicationController
# GET /matches/new
def new
- @match = Match.new
+
end
# GET /matches/1/edit
@@ -24,11 +24,11 @@ class MatchesController < ApplicationController
# POST /matches
# POST /matches.json
def create
- @match = Match.new(match_params)
+ @match = @tournament.matches.build(match_params)
respond_to do |format|
if @match.save
- format.html { redirect_to @match, notice: 'Match was successfully created.' }
+ format.html { redirect_to tournament_matches_path, notice: 'Match was successfully created.' }
format.json { render action: 'show', status: :created, location: @match }
else
format.html { render action: 'new' }
@@ -42,7 +42,7 @@ class MatchesController < ApplicationController
def update
respond_to do |format|
if @match.update(match_params)
- format.html { redirect_to @match, notice: 'Match was successfully updated.' }
+ format.html { redirect_to [@tournament, @match], notice: 'Match was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
@@ -54,19 +54,22 @@ class MatchesController < ApplicationController
# DELETE /matches/1
# DELETE /matches/1.json
def destroy
+
@match.destroy
respond_to do |format|
- format.html { redirect_to matches_url }
- format.json { head :no_content }
+ format.html { redirect_to tournament_matches_path }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_match
- @match = Match.find(params[:id])
+ @tournament = Tournament.find(params[:tournament_id])
+ @match = @tournament.matches.find(params[:id]);
+ end
+ def set_tournament
+ @tournament = Tournament.find(params[:tournament_id])
end
-
# Never trust parameters from the scary internet, only allow the white list through.
def match_params
params.require(:match).permit(:status, :tournament_id, :name, :winner_id)
diff --git a/app/controllers/servers_controller.rb b/app/controllers/servers_controller.rb
index 7d54eb6..bb5d5f7 100644
--- a/app/controllers/servers_controller.rb
+++ b/app/controllers/servers_controller.rb
@@ -1,5 +1,6 @@
class ServersController < ApplicationController
before_action :set_server, only: [:show, :edit, :update, :destroy]
+ before_action :check_perms
# GET /servers
# GET /servers.json
@@ -67,6 +68,15 @@ class ServersController < ApplicationController
@server = Server.find(params[:id])
end
+ def check_perms
+ unless (signed_in? and current_user.in_group?(:admin))
+ respond_to do |format|
+ format.html { render action: 'permission_denied', status: :forbidden }
+ format.json { render json: "Permission denied", status: :forbidden }
+ end
+ end
+ end
+
# Never trust parameters from the scary internet, only allow the white list through.
def server_params
params[:server]
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 2f72bf7..7cb16e8 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,74 +1,52 @@
class SessionsController < ApplicationController
- before_action :set_session, only: [:show, :edit, :update, :destroy]
-
- # GET /sessions
- # GET /sessions.json
- def index
- @sessions = Session.all
- end
-
- # GET /sessions/1
- # GET /sessions/1.json
- def show
- end
-
- # GET /sessions/new
- def new
- @session = Session.new
- end
-
- # GET /sessions/1/edit
- def edit
- end
-
- # POST /sessions
- # POST /sessions.json
- def create
- @session = Session.new(session_params)
-
- respond_to do |format|
- if @session.save
- format.html { redirect_to @session, notice: 'Session was successfully created.' }
- format.json { render action: 'show', status: :created, location: @session }
- else
- format.html { render action: 'new' }
- format.json { render json: @session.errors, status: :unprocessable_entity }
- end
- end
- end
-
- # PATCH/PUT /sessions/1
- # PATCH/PUT /sessions/1.json
- def update
- respond_to do |format|
- if @session.update(session_params)
- format.html { redirect_to @session, notice: 'Session was successfully updated.' }
- format.json { head :no_content }
- else
- format.html { render action: 'edit' }
- format.json { render json: @session.errors, status: :unprocessable_entity }
- end
- end
- end
-
- # DELETE /sessions/1
- # DELETE /sessions/1.json
- def destroy
- @session.destroy
- respond_to do |format|
- format.html { redirect_to sessions_url }
- format.json { head :no_content }
- end
- end
-
- private
- # Use callbacks to share common setup or constraints between actions.
- def set_session
- @session = Session.find(params[:id])
- end
-
- # Never trust parameters from the scary internet, only allow the white list through.
- def session_params
- params.require(:session).permit(:user_id)
- end
+ before_action :set_session, only: [:destroy]
+
+ # GET /sessions/new
+ def new
+ @user = User.new
+ #@session = Session.new
+ end
+
+ # POST /sessions
+ # POST /sessions.json
+ def create
+ # find the user...
+ @user = User.find_by_email(params[:session][:username_or_email]) || User.find_by_user_name(params[:session][:username_or_email])
+
+ #@session = Session.new(@user)
+ # ... and create a new session
+ respond_to do |format|
+ if @user && @user.authenticate(params[:session][:password])
+ sign_in @user
+ format.html { redirect_to root_path }
+ #format.json { #TODO }
+ else
+ format.html { render action: 'new' }
+ format.json { render json: @user.errors, status: :unprocessable_entity }
+ end
+ end
+ end
+
+ # DELETE /sessions/1
+ # DELETE /sessions/1.json
+ def destroy
+ #@session.destroy
+ sign_out
+ respond_to do |format|
+ format.html { redirect_to root_path }
+ format.json { head :no_content }
+ end
+ end
+
+ private
+
+ # Use callbacks to share common setup or constraints between actions.
+ def set_session
+ #@session = Session.find(cookies[:remember_token])
+ end
+
+ # Never trust parameters from the scary internet, only allow the white list through.
+ def session_params
+ params.require(:session).permit(:session_email, :session_user_name, :session_password)
+ end
end
diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb
index c6df11e..6fc9490 100644
--- a/app/controllers/static_controller.rb
+++ b/app/controllers/static_controller.rb
@@ -1,2 +1,4 @@
class StaticController < ApplicationController
+ def homepage
+ end
end
diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb
index d7db632..8d90758 100644
--- a/app/controllers/tournaments_controller.rb
+++ b/app/controllers/tournaments_controller.rb
@@ -1,5 +1,6 @@
class TournamentsController < ApplicationController
- before_action :set_tournament, only: [:show, :edit, :update, :destroy]
+ before_action :set_tournament, only: [:show, :edit, :update, :destroy, :join]
+ before_action :check_perms, only: [:new, :create, :edit, :destroy]
# GET /tournaments
# GET /tournaments.json
@@ -10,24 +11,37 @@ class TournamentsController < ApplicationController
# GET /tournaments/1
# GET /tournaments/1.json
def show
+ case @tournament.status
+ when 0
+ when 1..2
+ redirect_to "/tournaments/" + @tournament.id.to_s + "/matches" #tournament_matches_page(@tournament)
+ end
end
# GET /tournaments/new
def new
- @tournament = Tournament.new
+ @games = Game.all
+ @tournament = Tournament.new(game: Game.find_by_id(params[:game]))
end
# GET /tournaments/1/edit
def edit
+ if params['close_action'] == 'close'
+ @tournament.status = 1
+ @tournament.save
+ @tournament.setup(@tournament)
+ redirect_to "/tournaments"
+ end
end
# POST /tournaments
# POST /tournaments.json
def create
@tournament = Tournament.new(tournament_params)
-
+ @tournament.status = 0
respond_to do |format|
if @tournament.save
+ @tournament.hosts.push(current_user)
format.html { redirect_to @tournament, notice: 'Tournament was successfully created.' }
format.json { render action: 'show', status: :created, location: @tournament }
else
@@ -40,13 +54,45 @@ class TournamentsController < ApplicationController
# PATCH/PUT /tournaments/1
# PATCH/PUT /tournaments/1.json
def update
- respond_to do |format|
- if @tournament.update(tournament_params)
- format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' }
- format.json { head :no_content }
+
+ if params[:update_action].nil?
+ check_perms
+ respond_to do |format|
+ if @tournament.update(tournament_params)
+ format.html { redirect_to @tournament, notice: 'Tournament was successfully updated.' }
+ format.json { head :no_content }
+ else
+ format.html { render action: 'edit' }
+ format.json { render json: @tournament.errors, status: :unprocessable_entity }
+ end
+ end
+ else
+ case params[:update_action]
+ when "join"
+ respond_to do |format|
+ if @tournament.join(current_user)
+ format.html { render action: 'show', notice: 'You have joined this tournament.' }
+ format.json { head :no_content }
+ end
+ format.html { render action: 'permission_denied', status: :forbidden }
+ format.json { render json: "Permission denied", status: :forbidden }
+ end
+ when "open"
+ respond_to do |format|
+ if @tournament.setup
+ format.html { render action: 'show', notice: 'You have joined this tournament.' }
+ format.json { head :no_content }
+ end
+ format.html { render action: 'permission_denied', status: :forbidden }
+ format.json { render json: "Permission denied", status: :forbidden }
+ end
+ #when "close"
+ # TODO
else
- format.html { render action: 'edit' }
- format.json { render json: @tournament.errors, status: :unprocessable_entity }
+ respond_to do |format|
+ format.html { render action: 'show', notice: "Invalid action", status: :unprocessable_entity }
+ format.json { render json: @tournament.errors, status: :unprocessable_entity }
+ end
end
end
end
@@ -67,8 +113,19 @@ class TournamentsController < ApplicationController
@tournament = Tournament.find(params[:id])
end
+ def check_perms
+ unless (signed_in? and current_user.in_group?(:host))
+ respond_to do |format|
+ format.html { render action: 'permission_denied', status: :forbidden }
+ format.json { render json: "Permission denied", status: :forbidden }
+ end
+ end
+ end
+
# Never trust parameters from the scary internet, only allow the white list through.
def tournament_params
- params.require(:tournament).permit(:name, :game_id, :status, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :set_rounds, :randomized_teams)
+
+ params.require(:tournament).permit(:game, :name, :game_id, :status, :min_players_per_team, :max_players_per_team, :min_teams_per_match, :max_teams_per_match, :set_rounds, :randomized_teams)
+
end
end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index b18efed..70facca 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,5 +1,7 @@
class UsersController < ApplicationController
before_action :set_user, only: [:show, :edit, :update, :destroy]
+ before_action :perms_edit, only: [:edit, :update, :destroy]
+ before_action :perms_create, only: [:new, :create]
# GET /users
# GET /users.json
@@ -10,6 +12,7 @@ class UsersController < ApplicationController
# GET /users/1
# GET /users/1.json
def show
+ @user = User.find(params[:id])
end
# GET /users/new
@@ -25,13 +28,14 @@ class UsersController < ApplicationController
# POST /users.json
def create
@user = User.new(user_params)
-
+ @user.groups = 0
respond_to do |format|
if @user.save
- format.html { redirect_to @user, notice: 'User was successfully created.' }
+ sign_in @user
+ format.html { redirect_to root_path, notice: 'User was successfully created.' }
format.json { render action: 'show', status: :created, location: @user }
else
- format.html { render action: 'new' }
+ format.html { render action: 'new', status: :unprocessable_entity }
format.json { render json: @user.errors, status: :unprocessable_entity }
end
end
@@ -67,8 +71,26 @@ class UsersController < ApplicationController
@user = User.find(params[:id])
end
+ def perms_edit
+ unless (current_user == @user) or (signed_in? and current_user.in_group? :admin)
+ respond_to do |format|
+ format.html { render action: 'permission_denied', status: :forbidden }
+ format.json { render json: "Permission denied", status: :forbidden }
+ end
+ end
+ end
+
+ def perms_create
+ if signed_in?
+ respond_to do |format|
+ format.html { render action: 'already_signed_in', status: :unprocessable_entity }
+ format.json { render json: "Already signed in", status: :unprocessable_entity }
+ end
+ end
+ end
+
# Never trust parameters from the scary internet, only allow the white list through.
def user_params
- params.require(:user).permit(:name, :email, :user_name)
+ params.require(:user).permit(:name, :email, :user_name, :password, :password_confirmation)
end
end