alts, admin page, login

app/controllers/admin_controller.rb

@@ -0,0 +1,55 @@
+class AdminController < ApplicationController
+  PASSWORD = "butts"
+  before_action :authenticate_admin, only: [:index, :set_alt, :clear_alt ]
+
+  def index
+    @mains = Player.joins(:alternate_players).distinct
+    @player_names = Player.all.map(&:name)
+  end
+
+  def set_alt
+    main = Player.find_by(name: params[:main_selected])
+    alt = Player.find_by(name: params[:alt_selected])
+
+    if main && alt && main.id != alt.id
+      main.alternate_players << alt
+      alt.main_player_id = main.id
+
+      main.save
+      alt.save
+    end
+
+    refresh_or_redirect_to admin_path
+  end
+
+  def clear_alt
+    main = Player.find_by(id: params[:main_id])
+    alt = Player.find_by(id: params[:alt_id])
+
+    if main && alt && main.alternate_players.include?(alt)
+      main.alternate_players.delete(alt)
+      main.save
+    end
+
+    refresh_or_redirect_to admin_path
+  end
+
+  def login
+
+  end
+
+  def login_submit
+    pw = params[:password]
+    if pw == PASSWORD
+      session[:user_id] = 1
+      redirect_to admin_path, notice: "Logged in!"
+    else
+      refresh_or_redirect_to admin_login_path, notice: "Login failed!"
+    end
+  end
+
+  def destroy
+    session.delete(:user_id)
+    redirect_to root_path, notice: "Logged out!"
+  end
+end

app/controllers/application_controller.rb

@@ -20,4 +20,10 @@ class ApplicationController < ActionController::Base
   def unauthorized_response
     render json: { error: "API key is missing or empty" }, status: :unauthorized
   end
+
+  def authenticate_admin
+    unless session[:user_id]
+      redirect_to admin_login_path, alert: "Login first"
+    end
+  end
 end