From bd2a50a191889cacfeba403cdf130cbc7909a774 Mon Sep 17 00:00:00 2001
From: rsmokeUM <rsmoke@umich.edu>
Date: Thu, 2 Oct 2025 18:11:16 -0400
Subject: [PATCH] Allow unrestricted access to containers and contest
 descriptions in eligibility_rules action

- Updated set_container and set_contest_description methods to permit all users to access any container and contest description when the action is eligibility_rules.
- For other actions, access is restricted using policy_scope to ensure proper authorization.
---
 .../contest_descriptions_controller.rb            | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/app/controllers/contest_descriptions_controller.rb b/app/controllers/contest_descriptions_controller.rb
index beb67648..2296d0ee 100644
--- a/app/controllers/contest_descriptions_controller.rb
+++ b/app/controllers/contest_descriptions_controller.rb
@@ -97,11 +97,22 @@ def handle_save(success, action)
   end
 
   def set_container
-    @container = policy_scope(Container).find(params[:container_id])
+    # For eligibility_rules action, allow all users to access any container
+    if action_name == 'eligibility_rules'
+      @container = Container.find(params[:container_id])
+    else
+      @container = policy_scope(Container).find(params[:container_id])
+    end
   end
 
   def set_contest_description
-    @contest_description = policy_scope(ContestDescription).find(params[:id])
+    # For eligibility_rules action, allow all users to access any contest description
+    if action_name == 'eligibility_rules'
+      @contest_description = ContestDescription.find(params[:id])
+    else
+      # For other actions, use policy scope to restrict access
+      @contest_description = policy_scope(ContestDescription).find(params[:id])
+    end
   end
 
   def contest_description_params