app/controllers/users_controller.rb
class UsersController < ApplicationController
skip_before_action :authorize, only: [:new, :show, :create]
before_action :correct_user, only: [:edit, :update, :destroy]
before_action :set_user, only: [:show, :edit, :update, :destroy]
# GET /users
# GET /users.json
def index
@users = User.all
end
# GET /users/1
# GET /users/1.json
def show
@friendships = @user.friendships
end
# GET /users/new
def new
@user = User.new
end
# GET /users/1/edit
def edit
end
# POST /users
# POST /users.json
def create
@user = User.new(user_params)
if @user.save
log_in @user
UserMailer.welcome_email(@user).deliver_now
flash.now[:success] = "Welcome to Carpe Diem"
redirect_to @user
else
render 'new'
end
end
# PATCH/PUT /users/1
# PATCH/PUT /users/1.json
def update
if @user.update_attributes(user_params)
flash[:success] = "Profile updated"
redirect_to @user
else
render 'edit'
end
end
# DELETE /users/1
# DELETE /users/1.json
def destroy
@user.destroy
flash[:success] = "User deleted"
redirect_to users_path
end
private
# Use callbacks to share common setup or constraints between actions.
def set_user
@user = User.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def user_params
params.require(:user).permit(:name, :email,
:password, :password_confirmation)
end
# Confirms the correct user or admin
def correct_user
set_user
unless current_user?(@user) || is_admin?
redirect_to root_path
end
end
end