540254def4
The show action makes more sense in the controller. Also, the filter scoped was failing due to Rails raising on missing actions (because we have deleted the index action). Inlining the concern fixes it and clarifies where this action is implemented.
53 lines
1.2 KiB
Ruby
53 lines
1.2 KiB
Ruby
class UsersController < ApplicationController
|
|
require_unauthenticated_access only: %i[ new create ]
|
|
|
|
before_action :set_user, only: %i[ show edit update destroy ]
|
|
before_action :ensure_join_code_is_valid, only: %i[ new create ]
|
|
before_action :ensure_permission_to_change_user, only: %i[ update destroy ]
|
|
|
|
def new
|
|
@user = User.new
|
|
end
|
|
|
|
def create
|
|
user = User.create!(user_params)
|
|
start_new_session_for user
|
|
redirect_to root_path
|
|
end
|
|
|
|
def edit
|
|
end
|
|
|
|
def show
|
|
@filter = Current.user.filters.new(creator_ids: [ @user.id ])
|
|
@day_timeline = Current.user.timeline_for(Time.current, filter: @filter)
|
|
end
|
|
|
|
def update
|
|
@user.update! user_params
|
|
redirect_to @user
|
|
end
|
|
|
|
def destroy
|
|
@user.deactivate
|
|
redirect_to users_path
|
|
end
|
|
|
|
private
|
|
def ensure_join_code_is_valid
|
|
head :forbidden unless Account.sole.join_code == params[:join_code]
|
|
end
|
|
|
|
def set_user
|
|
@user = User.active.find(params[:id])
|
|
end
|
|
|
|
def ensure_permission_to_change_user
|
|
head :forbidden unless Current.user.can_change?(@user)
|
|
end
|
|
|
|
def user_params
|
|
params.expect(user: [ :name, :email_address, :password, :avatar ])
|
|
end
|
|
end
|