From e948bfe0c58e31ef186d1216ef7f0bd9f84c2526 Mon Sep 17 00:00:00 2001
From: Matt Young <matt@mattyoung.us>
Date: Thu, 27 Jun 2024 15:48:15 -0500
Subject: [PATCH] Users can only get a score sheet for an entry they are
 assigned to judge

---
 app/Http/Controllers/JudgingController.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/JudgingController.php b/app/Http/Controllers/JudgingController.php
index ed34ab4..17a1eaf 100644
--- a/app/Http/Controllers/JudgingController.php
+++ b/app/Http/Controllers/JudgingController.php
@@ -37,9 +37,11 @@ class JudgingController extends Controller
         return view('judging.audition_entry_list', compact('audition', 'entries', 'subscores', 'votes'));
     }
 
-    public function entryScoreSheet(Entry $entry)
+    public function entryScoreSheet(Request $request, Entry $entry)
     {
-        // TODO verify user is assigned to judge this audition
+        if ($request->user()->cannot('judge', $entry->audition)) {
+            return redirect()->route('judging.index')->with('error', 'You are not assigned to judge this entry');
+        }
         $oldSheet = ScoreSheet::where('user_id', Auth::id())->where('entry_id', $entry->id)->value('subscores') ?? null;
         $oldVote = JudgeAdvancementVote::where('user_id', Auth::id())->where('entry_id', $entry->id)->first();
         $oldVote = $oldVote ? $oldVote->vote : 'novote';