user policy to allow profile edits

2016-09-21 11:03:45 -05:00
parent 8ad98215c1
commit 75a4fbf71a
4 changed files with 81 additions and 18 deletions
--- a/app/controllers/admin/profile_controller.rb
+++ b/app/controllers/admin/profile_controller.rb
@ -2,14 +2,17 @@
 module Admin
  class ProfileController < AdminController
    def view
+      authorize current_user
    end

    def edit
      @user = current_user
+      authorize @user
    end

    def update
      @user = current_user
+      authorize @user

      if @user.update_attributes(user_params)
        redirect_to admin_profile_path,
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@ -4,8 +4,8 @@ class AdminController < ApplicationController
  layout 'admin'
  before_action :authorize_user

-  # TODO: after_action :verify_authorized, except: :index
-  # TODO: after_action :verify_policy_scoped, only: :index
+  # after_action :verify_authorized, except: :index
+  # after_action :verify_policy_scoped, only: :index

  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized