policy strong_params

2016-09-21 15:50:02 -05:00
parent d3205a6080
commit 4a70b795e5
3 changed files with 7 additions and 2 deletions
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@ -17,6 +17,11 @@ class UserPolicy < ApplicationPolicy
    user.admin? || user == record
  end

+  def permitted_attributes
+    return [:name, :email, :role, :password, quiz_ids: []] if user.admin?
+    [:name, :email, :password, :password_confirmation]
+  end
+
  class Scope < Scope
    def resolve
      return scope if user.admin?