class UsersController < ApplicationController before_action :authenticate_user! before_action :set_user, only: [:edit, :update, :destroy] before_action :require_admin def index @users = User.all end def edit end def update if @user.update(user_params) redirect_to users_path, notice: 'User was successfully updated.' else render :edit end end def destroy @user.destroy redirect_to users_path, notice: 'User was successfully deleted.' end private def set_user @user = User.find(params[:id]) end def user_params params.require(:user).permit(:email, :admin) end def require_admin unless current_user.admin? redirect_to root_path, alert: 'Only admins are allowed to access this section.' end end end