app/controllers/api/v1/users_controller.rb
class API::V1::UsersController < API::V1::APIController
before_action :authenticate
before_action :set_user, only: [:show, :update]
# GET /users
# GET /users.json
def index
@users = policy_scope(User)
end
# GET /users/1
# GET /users/1.json
def show
end
# PATCH/PUT /users/1
# PATCH/PUT /users/1.json
def update
respond_to do |format|
if @user.update(user_params)
format.json { render :show, status: :ok, location: @user }
else
format.json { render json: @user.errors, status: :unprocessable_entity }
end
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_user
@user = User.find(params[:id])
authorize @user
end
# Never trust parameters from the scary internet, only allow the white list through.
def user_params
params.require(:user).permit(:name)
end
end