Complete judging authorization through the AuditionPolicy

Complete judging authorization through the AuditionPolicy

app/Http/Controllers/JudgingController.php

@@ -51,8 +51,9 @@ class JudgingController extends Controller
 
     public function saveScoreSheet(Request $request, Entry $entry)
     {
-        Gate::authorize('create', [ScoreSheet::class, $entry]);
-        // TODO verify user is assigned to judge this audition
+        if ($request->user()->cannot('judge', $entry->audition)) {
+            abort(403, 'You are not assigned to judge this entry');
+        }
         $scoringGuide = $entry->audition->scoringGuide()->with('subscores')->first();
         $scoreValidation = $scoringGuide->validateScores($request->input('score'));
         if ($scoreValidation != 'success') {
@@ -81,6 +82,9 @@ class JudgingController extends Controller
 
     public function updateScoreSheet(Request $request, Entry $entry)
     {
+        if ($request->user()->cannot('judge', $entry->audition)) {
+            abort(403, 'You are not assigned to judge this entry');
+        }
         $scoreSheet = ScoreSheet::where('user_id', Auth::id())->where('entry_id', $entry->id)->first();
         if (! $scoreSheet) {
             return redirect()->back()->with('error', 'Attempt to edit non existent entry');
@@ -112,6 +116,9 @@ class JudgingController extends Controller
 
     protected function advancementVote(Request $request, Entry $entry)
     {
+        if ($request->user()->cannot('judge', $entry->audition)) {
+            abort(403, 'You are not assigned to judge this entry');
+        }
 
         if ($entry->for_advancement and auditionSetting('advanceTo')) {
             $request->validate([

resources/views/judging/entry_score_sheet.blade.php

@@ -1,6 +1,4 @@
 <x-layout.app>
-    {{--    TODO A user should only be able to get this form for an entry they're actually assigned to judge--}}
-
     @php
         $oldScores = session()->get('oldScores') ?? null;
     @endphp