app/controllers/symphonia/users_controller.rb in symphonia-4.2.0 vs app/controllers/symphonia/users_controller.rb in symphonia-5.0.0
- old
+ new
@@ -1,13 +1,13 @@
module Symphonia
class UsersController < ApplicationController
helper Symphonia::RendererHelper
+ include ::CanCan::ControllerAdditions
- before_action :find_user, except: %i[index new create show]
+ before_action :user, except: %i[index new create show]
before_action :authorize, except: [:show]
- before_action -> { menu_item(:my_account) }, only: %i[current edit_current update_current]
def index
@query = Symphonia::User.query.new
@query.from_params params
@entities = @query.entities
@@ -20,21 +20,20 @@
end
end
def show
@user = Symphonia::User.find(params[:id]) if params[:id]
- @user ||= Symphonia::User.current
- authorize
+ @user ||= current_user
+ authorize! :show, @user
respond_to do |format|
format.html
format.json { render json: @user, except: %w[crypted_password password_salt persistence_token perishable_token] }
end
end
def new
@user = Symphonia::User.new
- @roles = Symphonia::Role.sorted
respond_to do |format|
format.html
end
end
@@ -44,42 +43,30 @@
if @user.save
format.html { redirect_to @user, notice: t(:text_created) }
format.xml { render xml: @user, status: :created, location: @user }
format.json { render json: @user, status: :created, location: @user }
else
- format.html do
- @roles = Symphonia::Role.sorted
- render action: 'new'
- end
+ format.html { render action: 'new' }
format.xml { render xml: @user.errors, status: :unprocessable_entity }
format.json { render json: @user.errors, status: :unprocessable_entity }
end
end
end
- def edit
- @roles = Role.all
- end
+ def edit; end
def update
@user.attributes = user_params
- @user.admin = params[:admin] if params[:admin] && Symphonia::User.current.admin?
- if params[:role_id].present? && Symphonia::User.current.admin?
- @role = Role.find(params[:role_id])
- @user.role = @role
- end
+ @user.admin = params[:admin] if params[:admin] && current_user.admin?
respond_to do |format|
@user.edited_by = current_user
@user.edited_at = DateTime.now
if @user.save
format.html { redirect_back_or_default user_path(@user), notice: t(:text_updated) }
format.any(:json, :xml) { head :no_content }
else
- format.html do
- @roles = Symphonia::Role.sorted
- render action: 'edit'
- end
+ format.html { render action: 'edit' }
format.xml { render xml: @user.errors, status: :unprocessable_entity }
format.json { render json: @user.errors, status: :unprocessable_entity }
end
end
end
@@ -112,24 +99,25 @@
end
end
private
- def find_user
- @user = Symphonia::User.find(params[:id])
+ def user
+ @user ||= Symphonia::User.find(params[:id])
end
def authorize
- if User.current.logged_in? && User.current.id == @user&.id
- true
- else
- super
- end
+ authorize! action_name.to_sym, @user
end
def user_params
allowed = [:login, :first_name, :last_name, :password, :password_confirmation, :email, :mail, preference_ids: []]
- allowed.concat(%i[admin role_id]) if Symphonia::User.current.admin?
+ allowed << :admin if current_user.admin?
params.require(:user).permit(allowed)
end
+
+ def current_ability
+ @current_ability ||= UserAbility.new current_user
+ end
+
end
end