Sha256: b9f643362685f30db230ea0ada1bbbfa10059c95aff99d477a972a78181558d8
Contents?: true
Size: 1.25 KB
Versions: 11
Compression:
Stored size: 1.25 KB
Contents
class UsersController < ApplicationController
before_filter :authenticate_user!
before_filter :accessible_user, :except => [:find]
def edit
end
def update
unless params[:user][:app_infos].blank?
@user.merge_app_infos(params[:user][:app_infos])
params[:user].delete(:app_infos)
end
if @user.update_attributes(params[:user])
redirect_to groups_users_url, :notice => 'Benutzer wurde erfolgreich gespeichert.'
else
render :action => "edit"
end
end
# find users by email for autocomplete
def find
users = User.where("email ILIKE ?", "#{params[:term]}%").order(:email).pluck(:email)
render :json => users
end
private
# FIXME: use ability -> User.accessible_by(current_ability)
def accessible_user
@user = User.find(params[:id])
user_accessible = (@user.id == current_user.id) # can edit self
unless user_accessible
# check if user is in accessible group
groups = Group.accessible_by(current_ability)
@user.groups_users.each do |groups_user|
if groups.include?(groups_user.group)
user_accessible = true
break
end
end
end
unless user_accessible
raise CanCan::AccessDenied.new("Permission error")
end
end
end
Version data entries
11 entries across 11 versions & 1 rubygems