app/controllers/users_controller.rb from hpi-schuelerklub/workshop-portal

app/controllers/users_controller.rb

Summary

Maintainability

0 mins

Test Coverage

Issues

class UsersController < ApplicationController
  before_action :set_user, only: [:update_role]
 
  # GET /users
  def index
    authorize! :index, User
    @users = User.with_profiles.paginate(page: params[:page], per_page: 20)
Favor modifier `if` usage when having a single-line body. Another good alternative is the usage of control flow `&&`/`||`.
    if params[:search]
      @users = User.search(params[:search]).paginate(page: params[:page], per_page: 20)
    end
  end
 
  # PATCH/PUT /users/1/role
  def update_role
    authorize! :update_role, @user
    authorize! :update_role_to_admin, @user if user_params[:role] == 'admin'
 
Favor modifier `if` usage when having a single-line body. Another good alternative is the usage of control flow `&&`/`||`.
    if @user.update(user_params)
      redirect_back(fallback_location: root_path, notice: I18n.t('users.successful_role_update'))
    end
  end
 
  def user_params
Potentially dangerous key allowed for mass assignment
    params.require(:user).permit(:role)
  end
 
  private
 
  def set_user
    @user = User.find(params[:id])
  end
end