app/controllers/users_controller.rb
class UsersController < ApplicationController
before_action :set_user, only: [:show, :edit, :update, :destroy]
def index
@users = User.all
end
def new
@new_user = true
@user = User.new
end
def edit
if current_user.id != @user.id
raise AccessDenied
end
end
def create
@user = User.new(user_params)
respond_to do |format|
if @user.save
format.html { redirect_to users_path, notice: 'User was successfully created.' }
else
format.html { render :new }
end
end
end
def update
respond_to do |format|
if @user.update(user_params)
format.html { redirect_to users_path, notice: 'User was successfully updated.' }
else
format.html { render :edit }
end
end
end
def destroy
@user.destroy
respond_to do |format|
format.html { redirect_to users_url, notice: 'User was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_user
@user = User.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def user_params
if admin_check
params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation, :admin)
else
params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation, :admin)
end
end
end