class UsersController < ApplicationController before_action :set_user, only: %i[show edit update destroy] # GET /users or /users.json def index authorize User # @users = policy_scope(User) @users = User.all end # GET /users/1 or /users/1.json def show authorize @user end # GET /users/new def new @user = User.new end # GET /users/1/edit def edit authorize @user end # POST /users or /users.json def create @user = User.new(user_params) authorize @user respond_to do |format| if @user.save format.html { redirect_to user_url(@user), notice: "User was successfully created." } format.json { render :show, status: :created, location: @user } else format.html { render :new, status: :unprocessable_entity } format.json { render json: @user.errors, status: :unprocessable_entity } end end end # PATCH/PUT /users/1 or /users/1.json def update authorize @user respond_to do |format| if @user.update(user_params) if @user.unconfirmed? && params.fetch(:user, {}).fetch(:confirm, "0") == "1" @user.confirm! end format.html { redirect_to user_url(@user), notice: "User was successfully updated." } format.json { render :show, status: :ok, location: @user } else format.html { render :edit, status: :unprocessable_entity } format.json { render json: @user.errors, status: :unprocessable_entity } end end end # DELETE /users/1 or /users/1.json def destroy @user.destroy authorize @user respond_to do |format| format.html { redirect_to users_url, notice: "User was successfully destroyed." } format.json { head :no_content } end end private # Use callbacks to share common setup or constraints between actions. def set_user @user = User.find(params[:id]) end # Only allow a list of trusted parameters through. def user_params params.require(:user).permit(:name, :email, :admin) end end