From cbed060fa16ce62821f637ff5d8fde7aa421d31e Mon Sep 17 00:00:00 2001 From: hukl Date: Wed, 7 Oct 2009 21:20:18 +0200 Subject: enabling users to edit their own details - tested as well - yay --- app/controllers/users_controller.rb | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index b15f83b..ead989d 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,12 +1,13 @@ class UsersController < ApplicationController - + # Private - + before_filter :login_required - before_filter :verify_admin_status, :except => [:index, :show] - + before_filter :find_user, :only => [:show, :edit, :update, :destroy] + before_filter :verify_status, :except => [:index, :show] + layout 'admin' - + def index @users = User.all(:order => "login ASC") end @@ -17,7 +18,7 @@ class UsersController < ApplicationController def create @user = User.new params[:user] - + if @user.save redirect_to user_path(@user) else @@ -26,12 +27,9 @@ class UsersController < ApplicationController end def edit - @user = User.find(params[:id]) end def update - @user = User.find(params[:id]) - if @user.update_attributes(params[:user]) redirect_to user_path(@user) else @@ -40,20 +38,27 @@ class UsersController < ApplicationController end def show - @user = User.find(params[:id]) end def destroy - user = User.find(params[:id]) - user.destroy if user + @user.destroy if @user redirect_to users_path end private - def verify_admin_status - unless current_user.admin - flash[:notice] = "Sorry, you need to be an admin for this action" - redirect_to users_path + def find_user + @user = User.find(params[:id]) + end + + def verify_status + @user ||= User.new + unless @user.id == current_user.id || current_user.admin + deny_user_access end end + + def deny_user_access + flash[:notice] = "Sorry, you need to be an admin for this action" + redirect_to users_path + end end -- cgit v1.3