Sha256: 910b5c0ffbe51b7424618dda10a34e2c94cbb1f04ad2b15d6b4dbbefebdc6d11
Contents?: true
Size: 998 Bytes
Versions: 4
Compression:
Stored size: 998 Bytes
Contents
class UsersController < ApplicationController before_filter :authenticate_user! after_action :verify_authorized, except: [:show] def index @users = User.all authorize @users end def show @user = User.find(params[:id]) unless current_user.admin? unless @user == current_user redirect_to root_path, :alert => "Access denied." end end end def update @user = User.find(params[:id]) authorize @user if @user.update_attributes(secure_params) redirect_to users_path, :notice => "User updated." else redirect_to users_path, :alert => "Unable to update user." end end def destroy user = User.find(params[:id]) authorize user unless user == current_user user.destroy redirect_to users_path, :notice => "User deleted." else redirect_to users_path, :notice => "Can't delete yourself." end end private def secure_params params.require(:user).permit(:role) end end
Version data entries
4 entries across 4 versions & 1 rubygems