user policies

2016-09-20 14:22:20 -05:00
parent 12c7e9e77c
commit ead9564fe8
8 changed files with 160 additions and 2 deletions
--- a/app/controllers/admin/user_controller.rb
+++ b/app/controllers/admin/user_controller.rb
@ -2,14 +2,16 @@
 module Admin
  class UserController < AdminController
    def index
-      @users = User.order(:name)
+      @users = policy_scope User.order(:name)
    end

    def new
      @user = User.new
+      authorize @user
    end

    def create
+      authorize User
      default_passwd = SecureRandom.urlsafe_base64(12)
      @user = User.create({ password: default_passwd }.merge(user_params.to_h))

@ -24,14 +26,17 @@ module Admin

    def view
      @user = User.find(params[:user_id])
+      authorize @user
    end

    def edit
      @user = User.find(params[:user_id])
+      authorize @user
    end

    def update
      @user = User.find(params[:user_id])
+      authorize @user

      if @user.update_attributes(user_params)
        redirect_to admin_user_path(@user.to_i),