diff --git a/app/controllers/accounts/users_controller.rb b/app/controllers/users/roles_controller.rb
similarity index 50%
rename from app/controllers/accounts/users_controller.rb
rename to app/controllers/users/roles_controller.rb
index 1ee4a15c6..8cffa232b 100644
--- a/app/controllers/accounts/users_controller.rb
+++ b/app/controllers/users/roles_controller.rb
@@ -1,24 +1,15 @@
-class Accounts::UsersController < ApplicationController
- before_action :set_user, only: %i[ update destroy ]
- before_action :ensure_permission_to_administer_user, only: %i[ update destroy ]
-
- def index
- @users = User.active
- end
+class Users::RolesController < ApplicationController
+ before_action :set_user
+ before_action :ensure_permission_to_administer_user
def update
@user.update(role_params)
redirect_to users_path
end
- def destroy
- @user.deactivate
- redirect_to users_path
- end
-
private
def set_user
- @user = User.active.find(params[:id])
+ @user = User.active.find(params[:user_id])
end
def ensure_permission_to_administer_user
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index f460b4d5c..4069e5aaa 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,8 +1,13 @@
class UsersController < ApplicationController
require_unauthenticated_access only: %i[ new create ]
- before_action :set_user, only: %i[ show edit update ]
+ before_action :set_user, only: %i[ show edit update destroy ]
before_action :set_account_from_join_code, only: %i[ new create ]
+ before_action :ensure_permission_to_administer_user, only: %i[ update destroy ]
+
+ def index
+ @users = User.active
+ end
def new
@user = User.new
@@ -25,6 +30,11 @@ class UsersController < ApplicationController
redirect_to @user
end
+ def destroy
+ @user.deactivate
+ redirect_to users_path
+ end
+
private
def set_account_from_join_code
@account = Account.find_by_join_code!(params[:join_code])
@@ -34,6 +44,10 @@ class UsersController < ApplicationController
@user = User.active.find(params[:id])
end
+ def ensure_permission_to_administer_user
+ head :forbidden unless Current.user.can_administer?(@user)
+ end
+
def user_params
params.expect(user: [ :name, :email_address, :password, :avatar ])
end
diff --git a/app/views/accounts/users/_invite.html.erb b/app/views/users/_invite.html.erb
similarity index 100%
rename from app/views/accounts/users/_invite.html.erb
rename to app/views/users/_invite.html.erb
diff --git a/app/views/accounts/users/_user.html.erb b/app/views/users/_user.html.erb
similarity index 78%
rename from app/views/accounts/users/_user.html.erb
rename to app/views/users/_user.html.erb
index ae9326c48..950df8ccc 100644
--- a/app/views/accounts/users/_user.html.erb
+++ b/app/views/users/_user.html.erb
@@ -2,12 +2,12 @@
<%= avatar_tag user, class: "flex-item-no-shrink" %>
- <%= link_to user.name, user_path(user), class: "txt-ink btn btn--plain" %>
+ <%= link_to user.name, user, class: "txt-ink btn btn--plain" %>
- <%= form_with model: user, url: account_user_path(user), data: { controller: "form" }, method: :patch do | form | %>
+ <%= form_with model: user, url: user_role_path(user), data: { controller: "form" }, method: :patch do | form | %>