improve handling of User resource
This commit is contained in:
JuliusR
1resu
parent
d705402d8b
commit
9f3d301550
5 changed files with 51 additions and 38 deletions
|
|
@ -22,6 +22,14 @@ class ApplicationController < ActionController::Base
|
|||
end
|
||||
end
|
||||
|
||||
def admin_required!
|
||||
user = current_user
|
||||
if user.nil? || !user.admin?
|
||||
flash[:error] = "Not authorized!"
|
||||
redirect_to root_url
|
||||
end
|
||||
end
|
||||
|
||||
def authenticate_supplier_admin!
|
||||
@supplier = Supplier.find((params[:supplier_id] || params[:id]))
|
||||
unless current_user.has_access_to?(@supplier)
|
||||
|
|
|
|||
|
|
@ -6,14 +6,14 @@ class SessionsController < ApplicationController
|
|||
end
|
||||
|
||||
def create
|
||||
user = User.authenticate(params[:email], params[:password])
|
||||
if user
|
||||
user = User.find_by(email: params[:email])
|
||||
if user && user.authenticate(params[:password])
|
||||
session[:user_id] = user.id
|
||||
flash[:notice] = "Logged in!"
|
||||
redirect_to root_url
|
||||
else
|
||||
flash.now[:error] = "Invalid email or password"
|
||||
render "new"
|
||||
render :new
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -1,14 +1,18 @@
|
|||
class UsersController < ApplicationController
|
||||
|
||||
before_action :admin_required!
|
||||
|
||||
def new
|
||||
@user=User.new
|
||||
end
|
||||
|
||||
def create
|
||||
@user=User.new(user_params)
|
||||
@user = User.new(user_params)
|
||||
if @user.save
|
||||
render 'show'
|
||||
flash[:notice] = "Konto wurde erfolgreich erstellt."
|
||||
redirect_to @user
|
||||
else
|
||||
redirect_to new_user_path
|
||||
render :new
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -18,16 +22,11 @@ class UsersController < ApplicationController
|
|||
|
||||
def update
|
||||
@user = User.find(params[:id])
|
||||
attrs = user_params
|
||||
respond_to do |format|
|
||||
if @user.update(attrs)
|
||||
flash[:notice] = 'Konto wurde erfolgreich aktualisiert.'
|
||||
format.html { redirect_to user_url(@user) }
|
||||
format.xml { head :ok }
|
||||
else
|
||||
format.html { render :action => "edit" }
|
||||
format.xml { render :xml => @user.errors.to_xml }
|
||||
end
|
||||
if @user.update(user_params)
|
||||
flash[:notice] = 'Konto wurde erfolgreich aktualisiert.'
|
||||
redirect_to @user
|
||||
else
|
||||
render :edit
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -50,6 +49,6 @@ class UsersController < ApplicationController
|
|||
|
||||
private
|
||||
def user_params
|
||||
params.require(:user).permit(:email, :password)
|
||||
params.require(:user).permit(:email, :password, :password_confirmation, :admin)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue