Files
fizzy/app/controllers/users/roles_controller.rb
T
2025-04-12 20:30:47 +02:00

23 lines
536 B
Ruby

class Users::RolesController < ApplicationController
before_action :set_user
before_action :ensure_permission_to_administer_user
def update
@user.update(role_params)
redirect_to users_path
end
private
def set_user
@user = User.active.find(params[:user_id])
end
def ensure_permission_to_administer_user
head :forbidden unless Current.user.can_administer?(@user)
end
def role_params
{ role: params.require(:user)[:role].presence_in(%w[ member admin ]) || "member" }
end
end