Add auth in all controllers

app/controllers/contests_controller.rb

@@ -2,11 +2,15 @@ class ContestsController < ApplicationController
   before_action :set_contest, only: %i[ destroy edit show update ]
 
   def index
+    authorize :contest
+
     @contests = current_user.contests
     @title = "Welcome #{current_user.username}!"
   end
 
   def show
+    authorize @contest
+
     @title = @contest.name
     @contestants = @contest.contestants.order(:name)
     @puzzles = @contest.puzzles.order(:id)
@@ -14,15 +18,21 @@ class ContestsController < ApplicationController
   end
 
   def edit
+    authorize @contest
+
     @title = "Edit contest settings"
   end
 
   def new
+    authorize :contest
+
     @contest = Contest.new
     @title = "New jigsaw puzzle competition"
   end
 
   def create
+    authorize :contest
+
     @contest = Contest.new(contest_params)
     @contest.user_id = current_user.id
     if @contest.save
@@ -33,6 +43,8 @@ class ContestsController < ApplicationController
   end
 
   def update
+    authorize @contest
+
     if @contest.update(contest_params)
       redirect_to @contest
     else
@@ -41,6 +53,7 @@ class ContestsController < ApplicationController
   end
 
   def destroy
+    authorize @contest
   end
 
   private