This repository has been archived by the owner on Sep 24, 2019. It is now read-only.
forked from errbit/errbit
/
users_controller.rb
70 lines (54 loc) · 1.62 KB
/
users_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
class UsersController < ApplicationController
respond_to :html
before_filter :require_admin!, :except => [:edit, :update]
before_filter :find_user, :only => [:show, :edit, :update, :destroy]
before_filter :require_user_edit_priviledges, :only => [:edit, :update]
def index
@users = User.paginate(:page => params[:page])
end
def show
@user = User.find(params[:id])
end
def new
@user = User.new
end
def edit
end
def create
@user = User.new(params[:user])
if @user.save
flash[:success] = "#{@user.name} is now part of the team. Be sure to add them as a project watcher."
redirect_to user_path(@user)
else
render :new
end
end
def update
# Devise Hack
if params[:user][:password].blank? && params[:user][:password_confirmation].blank?
params[:user].delete(:password)
params[:user].delete(:password_confirmation)
end
# Set protected attributes
@user.admin = params[:user][:admin] if current_user.admin?
if @user.update_attributes(params[:user])
flash[:success] = "#{@user.name}'s information was successfully updated"
redirect_to user_path(@user)
else
render :edit
end
end
def destroy
@user.destroy
flash[:success] = "That's sad. #{@user.name} is no longer part of your team."
redirect_to users_path
end
protected
def find_user
@user = User.find(params[:id])
end
def require_user_edit_priviledges
can_edit = current_user == @user || current_user.admin?
redirect_to(root_path) and return(false) unless can_edit
end
end