Files
fizzy/app/controllers/accounts/users_controller.rb
T

32 lines
754 B
Ruby

class Accounts::UsersController < ApplicationController
before_action :set_user, only: %i[ update destroy ]
before_action :ensure_permission_to_administer_user, only: %i[ update destroy ]
def index
@users = Current.account.users.active
end
def update
@user.update(role_params)
redirect_to account_users_path
end
def destroy
@user.deactivate
redirect_to account_users_path
end
private
def set_user
@user = Current.account.users.active.find(params[:id])
end
def ensure_permission_to_administer_user
head :forbidden unless Current.user.can_administer?(@user)
end
def role_params
{ role: params.require(:user)[:role].presence_in(%w[ member admin ]) || "member" }
end
end