user policies
This commit is contained in:
Mark Moser
@ -2,14 +2,16 @@
|
||||
module Admin
|
||||
class UserController < AdminController
|
||||
def index
|
||||
@users = User.order(:name)
|
||||
@users = policy_scope User.order(:name)
|
||||
end
|
||||
|
||||
def new
|
||||
@user = User.new
|
||||
authorize @user
|
||||
end
|
||||
|
||||
def create
|
||||
authorize User
|
||||
default_passwd = SecureRandom.urlsafe_base64(12)
|
||||
@user = User.create({ password: default_passwd }.merge(user_params.to_h))
|
||||
|
||||
@ -24,14 +26,17 @@ module Admin
|
||||
|
||||
def view
|
||||
@user = User.find(params[:user_id])
|
||||
authorize @user
|
||||
end
|
||||
|
||||
def edit
|
||||
@user = User.find(params[:user_id])
|
||||
authorize @user
|
||||
end
|
||||
|
||||
def update
|
||||
@user = User.find(params[:user_id])
|
||||
authorize @user
|
||||
|
||||
if @user.update_attributes(user_params)
|
||||
redirect_to admin_user_path(@user.to_i),
|
||||
|
||||
@ -4,8 +4,12 @@ class AdminController < ApplicationController
|
||||
layout 'admin'
|
||||
before_action :authorize_user
|
||||
|
||||
# TODO: after_action :verify_authorized, except: :index
|
||||
# TODO: after_action :verify_policy_scoped, only: :index
|
||||
|
||||
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
|
||||
|
||||
# TODO: move to DashboardController#index
|
||||
def dashboard
|
||||
authorize :admin, :dashboard?
|
||||
@quizzes = Quiz.includes(:questions).all
|
||||
@ -25,6 +29,6 @@ class AdminController < ApplicationController
|
||||
|
||||
def user_not_authorized
|
||||
flash[:error] = "You are not authorized to perform this action."
|
||||
redirect_to(request.referer || root_path)
|
||||
redirect_to(request.referer || admin_login_path)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user