12 changed files with 7 additions and 108 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -3,7 +3,8 @@ class ApplicationController < ActionController::Base
  include Pundit::Authorization

  before_action :set_title, :set_current_user
-  after_action :verify_authorized
+  # TODO: add later
+  # after_action :verify_authorized

  # Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
  allow_browser versions: :modern
--- a/app/controllers/completions_controller.rb
+++ b/app/controllers/completions_controller.rb
@ -4,14 +4,10 @@ class CompletionsController < ApplicationController
  before_action :set_completion, only: %i[ destroy edit update ]

  def edit
-    authorize @contest
-
    @title = "Edit completion"
  end

  def new
-    authorize @contest
-
    @completion = Completion.new
    if params[:contestant_id]
      @completion.contestant_id = params[:contestant_id]
@ -20,8 +16,6 @@ class CompletionsController < ApplicationController
  end

  def create
-    authorize @contest
-
    @completion = Completion.new(completion_params)
    @completion.contest_id = @contest.id
    if @completion.save
@ -35,8 +29,6 @@ class CompletionsController < ApplicationController
  end

  def update
-    authorize @contest
-
    if params[:contestant_id]
      @completion.contestant_id = params[:contestant_id]
    end
@ -49,8 +41,6 @@ class CompletionsController < ApplicationController
  end

  def destroy
-    authorize @contest
-
    @completion.destroy
    if params[:contestant_id]
      redirect_to contest_contestant_path(@contest, params[:contestant_id])
--- a/app/controllers/contestants_controller.rb
+++ b/app/controllers/contestants_controller.rb
@ -4,21 +4,15 @@ class ContestantsController < ApplicationController
  before_action :set_completions, only: %i[edit update ]

  def edit
-    authorize @contest
-
    @title = "Contestant"
  end

  def new
-    authorize @contest
-
    @contestant = Contestant.new
    @title = "New contestant"
  end

  def create
-    authorize @contest
-
    @contestant = Contestant.new(contestant_params)
    @contestant.contest_id = @contest.id
    if @contestant.save
@ -30,8 +24,6 @@ class ContestantsController < ApplicationController
  end

  def update
-    authorize @contest
-
    if @contestant.update(contestant_params)
      redirect_to @contest
    else
@ -41,8 +33,6 @@ class ContestantsController < ApplicationController
  end

  def destroy
-    authorize @contest
-
    @contestant.destroy
    redirect_to contest_path(@contest)
  end
--- a/app/controllers/contests_controller.rb
+++ b/app/controllers/contests_controller.rb
@ -2,15 +2,11 @@ class ContestsController < ApplicationController
  before_action :set_contest, only: %i[ destroy edit show update ]

  def index
-    authorize :contest
-
    @contests = current_user.contests
    @title = "Welcome #{current_user.username}!"
  end

  def show
-    authorize @contest
-
    @title = @contest.name
    @contestants = @contest.contestants.order(:name)
    @puzzles = @contest.puzzles.order(:id)
@ -18,21 +14,15 @@ class ContestsController < ApplicationController
  end

  def edit
-    authorize @contest
-
    @title = "Edit contest settings"
  end

  def new
-    authorize :contest
-
    @contest = Contest.new
    @title = "New jigsaw puzzle competition"
  end

  def create
-    authorize :contest
-
    @contest = Contest.new(contest_params)
    @contest.user_id = current_user.id
    if @contest.save
@ -43,8 +33,6 @@ class ContestsController < ApplicationController
  end

  def update
-    authorize @contest
-
    if @contest.update(contest_params)
      redirect_to @contest
    else
@ -53,7 +41,6 @@ class ContestsController < ApplicationController
  end

  def destroy
-    authorize @contest
  end

  private
--- a/app/controllers/puzzles_controller.rb
+++ b/app/controllers/puzzles_controller.rb
@ -3,21 +3,15 @@ class PuzzlesController < ApplicationController
  before_action :set_puzzle, only: %i[ destroy edit update]

  def edit
-    authorize @contest
-
    @title = "Edit contest puzzle"
  end

  def new
-    authorize @contest
-
    @puzzle = Puzzle.new
    @title = "New contest puzzle"
  end

  def create
-    authorize @contest
-
    @puzzle = Puzzle.new(puzzle_params)
    @puzzle.contest_id = @contest.id
    if @puzzle.save
@ -29,8 +23,6 @@ class PuzzlesController < ApplicationController
  end

  def update
-    authorize @contest
-
    if @puzzle.update(puzzle_params)
      redirect_to @contest
    else
@ -40,8 +32,6 @@ class PuzzlesController < ApplicationController
  end

  def destroy
-    authorize @contest
-
    @puzzle.destroy
    redirect_to contest_path(@contest)
  end
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -3,11 +3,9 @@ class SessionsController < ApplicationController
  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_url, alert: "Try again later." }

  def new
-    skip_authorization
  end

  def create
-    skip_authorization
    if user = User.authenticate_by(params.permit(:email_address, :password))
      start_new_session_for user
      redirect_to after_authentication_url
--- a/app/models/completion.rb
+++ b/app/models/completion.rb
@ -31,5 +31,5 @@ class Completion < ApplicationRecord

  validates :time_seconds, presence: true
  validates_numericality_of :time_seconds
-  validates :puzzle_id, uniqueness: { scope: :contestant }
+  validates :puzzle_id, uniqueness: { score: :contestant }
 end
--- a/app/policies/completion_policy.rb
+++ b/app/policies/completion_policy.rb
@ -1,9 +0,0 @@
-class CompletionPolicy < ContestPolicy
-  def index?
-    false
-  end
-
-  def show?
-    false
-  end
-end
--- a/app/policies/contest_policy.rb
+++ b/app/policies/contest_policy.rb
@ -1,29 +0,0 @@
-class ContestPolicy < ApplicationPolicy
-  def index?
-    true
-  end
-
-  def show?
-    record.user.id == user.id || user.admin?
-  end
-
-  def new?
-    true
-  end
-
-  def create?
-    true
-  end
-
-  def edit?
-    record.user.id == user.id || user.admin?
-  end
-
-  def update?
-    record.user.id == user.id || user.admin?
-  end
-
-  def destroy?
-    record.user.id == user.id || user.admin?
-  end
-end
--- a/app/policies/contestant_policy.rb
+++ b/app/policies/contestant_policy.rb
@ -1,9 +0,0 @@
-class ContestantPolicy < ContestPolicy
-  def index?
-    false
-  end
-
-  def show?
-    false
-  end
-end
--- a/app/policies/puzzle_policy.rb
+++ b/app/policies/puzzle_policy.rb
@ -1,9 +0,0 @@
-class PuzzlePolicy < ContestPolicy
-  def index?
-    false
-  end
-
-  def show?
-    false
-  end
-end
--- a/app/views/contests/index.html.slim
+++ b/app/views/contests/index.html.slim
@ -15,10 +15,9 @@
        .card-header
          = contest.name
        .card-body
-          .card-text.mb-2 = "#{contest.puzzles.length} puzzles - #{contest.contestants.length} participants"
          .row
-            .col
-              - contest.puzzles.each do |puzzle|
-                - if puzzle.image.attached?
-                  = image_tag puzzle.image, style: "max-height: 50px;", class: "mb-2 me-2"
+            - contest.puzzles.each do |puzzle|
+              - if puzzle.image.attached?
+                .col
+                  = image_tag puzzle.image, style: "max-height: 80px;"
          a.stretched-link href=contest_path(contest)