76 lines
1.8 KiB
Ruby
76 lines
1.8 KiB
Ruby
class UsersController < ApplicationController
|
|
before_action :authenticate_user!
|
|
before_action :set_user, only: [:edit, :update, :destroy]
|
|
before_action :require_admin
|
|
load_and_authorize_resource
|
|
|
|
def index
|
|
@users = User.all
|
|
end
|
|
|
|
def edit
|
|
end
|
|
|
|
def create
|
|
@user = User.new(user_params)
|
|
if @user.save
|
|
assign_roles(@user)
|
|
redirect_to users_path, notice: 'User was successfully created.'
|
|
else
|
|
render :new
|
|
end
|
|
end
|
|
|
|
def update
|
|
# Assumes @user is already set from a before_action callback
|
|
if @user.update(user_params.except(:roles))
|
|
update_user_roles(@user, user_params[:roles])
|
|
redirect_to users_path, notice: 'User was successfully updated.'
|
|
else
|
|
render :edit
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
@user.destroy
|
|
redirect_to users_path, notice: 'User was successfully deleted.'
|
|
end
|
|
|
|
private
|
|
|
|
def set_user
|
|
@user = User.find(params[:id])
|
|
end
|
|
|
|
def user_params
|
|
params.require(:user).permit(:email, :password, :password_confirmation, roles: [])
|
|
end
|
|
|
|
def require_admin
|
|
unless current_user.admin?
|
|
redirect_to root_path, alert: 'Only admins are allowed to access this section.'
|
|
end
|
|
end
|
|
|
|
def assign_roles(user)
|
|
user.roles.delete_all # Clear all roles before reassigning to prevent duplicates
|
|
|
|
# Assuming roles are passed as an array of role names from the form
|
|
# and that the form sends an empty string if no roles are selected.
|
|
selected_roles = params[:user][:roles].reject(&:blank?)
|
|
|
|
selected_roles.each do |role_name|
|
|
user.add_role(role_name) unless user.has_role?(role_name)
|
|
end
|
|
end
|
|
|
|
def update_user_roles(user, roles_names)
|
|
user.roles.delete_all # Remove existing roles
|
|
roles_names.each do |role_name|
|
|
user.add_role(role_name) unless role_name.blank?
|
|
end
|
|
end
|
|
|
|
|
|
end
|