obdev/app/controllers/users_controller.rb

class UsersController < ApplicationController
  before_action :authenticate_user!
  before_action :set_user, only: [:edit, :update, :destroy]
  before_action :require_admin
  load_and_authorize_resource

  def index
    @users = User.all
  end

  def edit
  end

  def create
    @user = User.new(user_params.except(:roles))
    if @user.save
      update_user_roles(@user, params[:user][:roles] || ['user'])
      redirect_to users_path, notice: 'User was successfully created.'
    else
      render :new
    end
  end

  def update
    # Assumes @user is already set from a before_action callback
    if @user.update(user_params.except(:roles))
      update_user_roles(@user, user_params[:roles])
      redirect_to users_path, notice: 'User was successfully updated.'
    else
      render :edit
    end
  end

  def destroy
    @user.destroy
    redirect_to users_path, notice: 'User was successfully deleted.'
  end

  private

  def set_user
    @user = User.find(params[:id])
  end

  def user_params
    params.require(:user).permit(
      :email, :password, :password_confirmation, :remember_me,
      :first_name, :last_name, :phone, :company, 
      :access_revoked, :access_start_date, :access_end_date, 
      roles: []
    )
  end
  

  def require_admin
    unless current_user.admin?
      redirect_to root_path, alert: 'Only admins are allowed to access this section.'
    end
  end

  def assign_roles(user)
    user.roles = []
    params[:user][:roles].each do |role_name|
      user.add_role(role_name) unless role_name.blank?
    end if params[:user][:roles].present?
  end
  

  def update_user_roles(user, roles_names)
    user.roles.delete_all # Remove existing roles if you want to reset roles on update
    roles_names = ['user'] if roles_names.blank? # Ensure there's a default role
    roles_names.each do |role_name|
      user.add_role(role_name)
    end
  end
  

end