Files
fizzy/app/controllers/users_controller.rb
T
2025-11-18 15:49:50 +01:00

34 lines
614 B
Ruby

class UsersController < ApplicationController
before_action :set_user
before_action :ensure_permission_to_change_user, only: %i[ update destroy ]
def show
end
def edit
end
def update
@user.update! user_params
redirect_to @user
end
def destroy
@user.deactivate
redirect_to users_path
end
private
def set_user
@user = Current.account.users.active.find(params[:id])
end
def ensure_permission_to_change_user
head :forbidden unless Current.user.can_change?(@user)
end
def user_params
params.expect(user: [ :name, :avatar ])
end
end