Sha256: 5a8c140ea63d613d7e88f7704188e8a2ce33f5f7b9168b33802e7adc292017b5
Contents?: true
Size: 1 KB
Versions: 3
Compression:
Stored size: 1 KB
Contents
class UsersController < ApplicationController
before_filter :authenticate_user!
before_filter :admin_only, :except => :show
def index
@users = User.all
end
def show
@user = User.find(params[:id])
unless current_user.admin?
unless @user == current_user
redirect_to :back, :alert => "Access denied."
end
end
end
def update
@user = User.find(params[:id])
if @user.update_attributes(secure_params)
redirect_to :back, :notice => "User updated."
else
redirect_to :back, :alert => "Unable to update user."
end
end
def destroy
user = User.find(params[:id])
user.destroy
redirect_to users_path, :notice => "User deleted."
end
private
def admin_only
unless current_user.admin?
redirect_to :back, :alert => "Access denied."
end
end
def secure_params
if @user == current_user
params.require(:user).permit(:email)
elsif current_user.admin?
params.require(:user).permit(:role)
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems