class Dunlop::UsersController < Dunlop::ApplicationController skip_authorize_resource if respond_to?(:skip_authorize_resource) skip_authorization_check if respond_to?(:skip_authorization_check) respond_to :html before_action :find_record, only: %i[show edit update destroy] before_action :set_current_user_as_user, only: %i[profile edit_profile update_profile] before_action :log_current_user, on: [:create, :update, :destroy, :become_user] def profile end def edit_profile end def update_profile user_params = params.require(:user).permit(:password, :confirmation_password) if @user.update_attributes(user_params) sign_in @user, bypass_sign_in: true redirect_to dunlop.profile_users_path else render action: :edit_profile end end def index authorize! :index, User @users = User.active.page(params[:page]) end def new @user = User.new authorize! :create, @user end def create @user = User.new user_params authorize! :create, @user if @user.save redirect_to dunlop.users_path else render action: :edit end end def show authorize! :show, @user end def edit authorize! :update, @user end def update authorize! :update, @user if user_params[:password].blank? @user.update_without_password(user_params) else @user.update_attributes(user_params) end if @user.errors.present? render action: :edit else redirect_to dunlop.users_path end end def become_user @user = User.find(params[:id]) authorize! :become_user, @user raise CanCan::AccessDenied if @user.admin? and not current_user.admin? # Do not allow non admin users with user management authorization to become an admin user sign_in @user, bypass_sign_in: true respond_with(@user, location: user_path) end def destroy authorize! :destroy, @user @user.destroy redirect_to dunlop.users_path end def permissions_table authorize! :permissions_table, User @table = Hash.new{|h,k| h[k] = Hash.new{|h2, k2| h2[k2] = []} } @users = User.active @users.each do |user| user.role_names.each do |role| if match = role.match(/(^[a-z0-9]+)-class-(.*)/) role_class = match[2].safe_constantize if role_class.respond_to?(:model_name) role = role_class.model_name.human else role = role_class.try(:name) end @table[role][user] << match[1] else @table[role][user] << "check" end end end end private def find_record @user = User.find(params[:id]) end def set_current_user_as_user @user = current_user end def user_params permitted_params = [:ruisnaam, :email, :password, :password_confirmation, {role_names: []}] if current_user.admin? permitted_params.push(:admin, role_names_admin: []) end params.require(:user).permit(*permitted_params) end def log_current_user logger.info "#{current_user.try(:email)} having id #{current_user.try(:id)} did user change" end end