user policy to allow profile edits

2016-09-21 11:03:45 -05:00
parent 8ad98215c1
commit 75a4fbf71a
4 changed files with 81 additions and 18 deletions
--- a/app/controllers/admin/profile_controller.rb
+++ b/app/controllers/admin/profile_controller.rb
@ -2,14 +2,17 @@
 module Admin
  class ProfileController < AdminController
    def view
+      authorize current_user
    end

    def edit
      @user = current_user
+      authorize @user
    end

    def update
      @user = current_user
+      authorize @user

      if @user.update_attributes(user_params)
        redirect_to admin_profile_path,