Files
fizzy/app/controllers/accounts/users_controller.rb
T
David Heinemeier Hansson 2995c1571f Use the new params#expect syntax where applicable
To ensure we don't get spurious 500s when we can serve 400s on bad data
2024-10-19 18:53:41 -07:00

23 lines
507 B
Ruby

class Accounts::UsersController < ApplicationController
before_action :set_user, only: %i[ destroy ]
before_action :ensure_permission_to_remove, only: :destroy
def index
@users = Current.account.users.active
end
def destroy
@user.deactivate
redirect_to users_url
end
private
def set_user
@user = Current.account.users.active.find(params.expect(:id))
end
def ensure_permission_to_remove
head :forbidden unless Current.user.can_remove?(@user)
end
end