From 668584c68b7aa6e98603964de44d3c6ff6553c58 Mon Sep 17 00:00:00 2001
From: Thor77 <thor77@thor77.org>
Date: Sat, 24 Nov 2018 19:14:31 +0100
Subject: [PATCH] Add require_owner! filter action

---
 app/controllers/application_controller.rb | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 450068c..fa8fc24 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -10,4 +10,18 @@ class ApplicationController < ActionController::API
   def configure_permitted_parameters
     devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
   end
+
+  private
+
+  def require_owner! owner
+    render_forbidden_error if owner != current_user
+  end
+
+  def render_forbidden_error
+    render json: {
+      errors: [
+        'Only the parent tournament owner can update this resource'
+      ]
+    }, status: :forbidden
+  end
 end