class UsersController < ApplicationController #TODO fificium can send notification about the forgot password to the user access_control do allow :admin allow logged_in, :except => [:index, :new, :create] end def index @users = User.paginate :page => params[:page] end def show @user = get_user_from_params(params) end def new @user = User.new end def create @user = User.new(params[:user]) if @user.save flash[:notice] = t :registration_successful_flash redirect_to root_path else render :action => 'new' end end def edit @user = get_user_from_params(params) unless @user.can_be_modified_by(current_user) flash[:notice] = t(:access_denied_flash) @user.nil? ? redirect_to(root_path) : redirect_to("/users/#{@user.username}/edit") end end def update # dont you params here, should know the username @user = User.find(params['id']) if @user.can_be_modified_by(current_user) if @user.update_attributes(params['user']) flash[:notice] = t(:profil_change_success_flash) redirect_to root_path else render :action => 'edit' end else @user = current_user flash[:notice] = t(:access_denied_flash) render :action => 'edit' end end private def get_user_from_params(params) User.find_by_username(params[:id]) || User.find(params[:id]) || current_user end end