app/controllers/admin/users_controller.rb
class Admin::UsersController < Admin::BaseController
before_action :set_admin, only: [:show, :edit, :update, :destroy]
before_action :ensure_that_admin_is_superuser, only: [:create, :edit, :update, :destroy, :destroy_multiple]
# GET /admins
# GET /admins.json
def index
@admins = Admin.all
end
# GET /admins/1
# GET /admins/1.json
def show
end
# GET /admins/new
def new
@admin = Admin.new
end
# GET /admins/1/edit
def edit
end
# POST /admins
# POST /admins.json
def create
@admin = Admin.new(admin_params)
respond_to do |format|
if @admin.save
format.html { redirect_to admin_user_path(@admin), notice: 'Admin was successfully created.' }
format.json { render :show, status: :created, location: @admin }
else
format.html { render :new }
format.json { render json: @admin.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /admins/1
# PATCH/PUT /admins/1.json
def update
respond_to do |format|
if @admin.update(admin_params)
format.html { redirect_to admin_user_path(@admin), notice: 'Admin was successfully updated.' }
format.json { render :show, status: :ok, location: @admin }
else
format.html { render :edit }
format.json { render json: @admin.errors, status: :unprocessable_entity }
end
end
end
def destroy_multiple
@admins = Admin.find(params[:admin_ids])
@admins.each do |admin|
admin.delete
end
redirect_to admin_users_path, notice: "Admins deleted."
end
# DELETE /admins/1
# DELETE /admins/1.json
def destroy
@admin.destroy
respond_to do |format|
format.html { redirect_to admin_users_url, notice: 'Admin was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_admin
@admin = Admin.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def admin_params
params.require(:admin).permit(:username, :password, :password_confirmation, :superuser)
end
end