42 lines
798 B
Ruby
42 lines
798 B
Ruby
|
class UsersController < ApplicationController
|
||
|
before_action :authenticate_user!
|
||
|
before_action :set_user, only: [:edit, :update, :destroy]
|
||
|
before_action :require_admin
|
||
|
|
||
|
def index
|
||
|
@users = User.all
|
||
|
end
|
||
|
|
||
|
def edit
|
||
|
end
|
||
|
|
||
|
def update
|
||
|
if @user.update(user_params)
|
||
|
redirect_to users_path, notice: 'User was successfully updated.'
|
||
|
else
|
||
|
render :edit
|
||
|
end
|
||
|
end
|
||
|
|
||
|
def destroy
|
||
|
@user.destroy
|
||
|
redirect_to users_path, notice: 'User was successfully deleted.'
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
def set_user
|
||
|
@user = User.find(params[:id])
|
||
|
end
|
||
|
|
||
|
def user_params
|
||
|
params.require(:user).permit(:email, :admin)
|
||
|
end
|
||
|
|
||
|
def require_admin
|
||
|
unless current_user.admin?
|
||
|
redirect_to root_path, alert: 'Only admins are allowed to access this section.'
|
||
|
end
|
||
|
end
|
||
|
end
|