barbie-bot/fixin.me
0
0
Fork 0
forked from fixin.me/fixin.me
Code Pull Requests Activity

Only user can delete his profile

Browse Source
This commit is contained in:
cryptogopher
2023-05-03 16:48:47 +02:00
parent 23b8c82602
commit 74965c5c0e
7 changed files with 50 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/controllers/users_controller.rb
View File

@@ -1,17 +1,20 @@
class UsersController < ApplicationController
before_action :find_user, only: [:destroy]
before_action do
raise AccessForbidden unless (current_user == @user) || current_user.at_least(:admin)
raise AccessForbidden unless current_user.at_least(:admin)
end
def index
@users = User.all
end
def destroy
@user.destroy
redirect_to action: :index, notice: t(".success")
end
# TODO: add #show and #update to change user status
# TODO: remove admin dependent fields from registrations#edit and move them to
# #show
# NOTE: limited actions availabe to :admin by design. Users are meant to
# manage their accounts by themselves through registrations. In future :admin
# may be allowed to sing-in as user and make changes there.
private