class UsersController < ApplicationController def index redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user @admins = Person.admins @staff = Person.staff end def new redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user @user = Person.new end def register redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user @user = Person.create(user_params) if @user redirect_to :root, notice: 'Success! We will authorize you soon.' return else render :new end end def edit redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user @user = Person.find_by_id(params[:id]) end def show redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user @user = Person.find_by_id(params[:id]) end def update redirect_to root_path, error: "NOT AUTHORIZED" unless verify_admin! current_user @user = Person.find(params[:id]) if @user.update(user_params) redirect_to user_path(@user), notice: 'Updated!' else render :edit end end private def verify_admin! user user && user.admin? end def user_params params.require(:user).permit( :first_name, :last_name, :phone, :email, :admin, :staff, :active ) end end