diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/users_controller.rb | 37 |
1 files changed, 21 insertions, 16 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index b15f83b..ead989d 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb | |||
| @@ -1,12 +1,13 @@ | |||
| 1 | class UsersController < ApplicationController | 1 | class UsersController < ApplicationController |
| 2 | 2 | ||
| 3 | # Private | 3 | # Private |
| 4 | 4 | ||
| 5 | before_filter :login_required | 5 | before_filter :login_required |
| 6 | before_filter :verify_admin_status, :except => [:index, :show] | 6 | before_filter :find_user, :only => [:show, :edit, :update, :destroy] |
| 7 | 7 | before_filter :verify_status, :except => [:index, :show] | |
| 8 | |||
| 8 | layout 'admin' | 9 | layout 'admin' |
| 9 | 10 | ||
| 10 | def index | 11 | def index |
| 11 | @users = User.all(:order => "login ASC") | 12 | @users = User.all(:order => "login ASC") |
| 12 | end | 13 | end |
| @@ -17,7 +18,7 @@ class UsersController < ApplicationController | |||
| 17 | 18 | ||
| 18 | def create | 19 | def create |
| 19 | @user = User.new params[:user] | 20 | @user = User.new params[:user] |
| 20 | 21 | ||
| 21 | if @user.save | 22 | if @user.save |
| 22 | redirect_to user_path(@user) | 23 | redirect_to user_path(@user) |
| 23 | else | 24 | else |
| @@ -26,12 +27,9 @@ class UsersController < ApplicationController | |||
| 26 | end | 27 | end |
| 27 | 28 | ||
| 28 | def edit | 29 | def edit |
| 29 | @user = User.find(params[:id]) | ||
| 30 | end | 30 | end |
| 31 | 31 | ||
| 32 | def update | 32 | def update |
| 33 | @user = User.find(params[:id]) | ||
| 34 | |||
| 35 | if @user.update_attributes(params[:user]) | 33 | if @user.update_attributes(params[:user]) |
| 36 | redirect_to user_path(@user) | 34 | redirect_to user_path(@user) |
| 37 | else | 35 | else |
| @@ -40,20 +38,27 @@ class UsersController < ApplicationController | |||
| 40 | end | 38 | end |
| 41 | 39 | ||
| 42 | def show | 40 | def show |
| 43 | @user = User.find(params[:id]) | ||
| 44 | end | 41 | end |
| 45 | 42 | ||
| 46 | def destroy | 43 | def destroy |
| 47 | user = User.find(params[:id]) | 44 | @user.destroy if @user |
| 48 | user.destroy if user | ||
| 49 | redirect_to users_path | 45 | redirect_to users_path |
| 50 | end | 46 | end |
| 51 | 47 | ||
| 52 | private | 48 | private |
| 53 | def verify_admin_status | 49 | def find_user |
| 54 | unless current_user.admin | 50 | @user = User.find(params[:id]) |
| 55 | flash[:notice] = "Sorry, you need to be an admin for this action" | 51 | end |
| 56 | redirect_to users_path | 52 | |
| 53 | def verify_status | ||
| 54 | @user ||= User.new | ||
| 55 | unless @user.id == current_user.id || current_user.admin | ||
| 56 | deny_user_access | ||
| 57 | end | 57 | end |
| 58 | end | 58 | end |
| 59 | |||
| 60 | def deny_user_access | ||
| 61 | flash[:notice] = "Sorry, you need to be an admin for this action" | ||
| 62 | redirect_to users_path | ||
| 63 | end | ||
| 59 | end | 64 | end |
