2995c1571f
To ensure we don't get spurious 500s when we can serve 400s on bad data
23 lines
507 B
Ruby
23 lines
507 B
Ruby
class Accounts::UsersController < ApplicationController
|
|
before_action :set_user, only: %i[ destroy ]
|
|
before_action :ensure_permission_to_remove, only: :destroy
|
|
|
|
def index
|
|
@users = Current.account.users.active
|
|
end
|
|
|
|
def destroy
|
|
@user.deactivate
|
|
redirect_to users_url
|
|
end
|
|
|
|
private
|
|
def set_user
|
|
@user = Current.account.users.active.find(params.expect(:id))
|
|
end
|
|
|
|
def ensure_permission_to_remove
|
|
head :forbidden unless Current.user.can_remove?(@user)
|
|
end
|
|
end
|