vidpush/app/controllers/accounts_controller.rb

class AccountsController < ApplicationController
  before_action :set_user, only: [:show, :edit, :update, :destroy]
  before_action :admin?

  def index
    @users = User.all
  end

  def show
  end

  def new
    @user = User.new
  end

  def edit
    if @user.is_admin?
      redirect_to users_path, notice: 'Admins are not editable by other admins.'
    end
  end

  def create
    @user = User.new(user_params)

    respond_to do |format|
      if @user.save
        format.html { redirect_to @user, notice: 'User was successfully created.' }
        format.json { render action: 'show', status: :created, location: @user }
      else
        format.html { render action: 'new' }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end

  def update
     password = params[:user][:current_password]
     params[:user].delete(:current_password)
     respond_to do |format|
       if @user.update(user_params)
         format.html { redirect_to @user, notice: 'User was successfully updated.' }
         format.json { head :no_content }
       else
         format.html { render action: 'edit', notice: @user.errors }
         format.json { render json: @user.errors, status: :unprocessable_entity }
       end
    end
  end

  # DELETE /users/1
  # DELETE /users/1.json
  def destroy
    @user.destroy
    respond_to do |format|
      format.html { redirect_to users_url }
      format.json { head :no_content }
    end
  end

  private
  # Use callbacks to share common setup or constraints between actions.
  def set_user
    @user = User.find(params[:id])
  end

  # Never trust parameters from the scary internet, only allow the white list through.
  def user_params
    params.require(:user).permit(:email, :password, :password_confirmation, :current_password)
  end


  def admin?
    if current_admin.nil?
      redirect_to new_admin_session_path, notice: 'Please login as an Admin.'
    end

  end
end
account management is ready 2014-05-14 18:01:19 +00:00			`class AccountsController < ApplicationController`
			`before_action :set_user, only: [:show, :edit, :update, :destroy]`
			`before_action :admin?`

			`def index`
			`@users = User.all`
			`end`

			`def show`
			`end`

			`def new`
			`@user = User.new`
			`end`

			`def edit`
			`if @user.is_admin?`
			`redirect_to users_path, notice: 'Admins are not editable by other admins.'`
			`end`
			`end`

			`def create`
			`@user = User.new(user_params)`

			`respond_to do \|format\|`
			`if @user.save`
			`format.html { redirect_to @user, notice: 'User was successfully created.' }`
			`format.json { render action: 'show', status: :created, location: @user }`
			`else`
			`format.html { render action: 'new' }`
			`format.json { render json: @user.errors, status: :unprocessable_entity }`
			`end`
			`end`
			`end`

			`def update`
			`password = params[:user][:current_password]`
			`params[:user].delete(:current_password)`
			`respond_to do \|format\|`
			`if @user.update(user_params)`
			`format.html { redirect_to @user, notice: 'User was successfully updated.' }`
			`format.json { head :no_content }`
			`else`
			`format.html { render action: 'edit', notice: @user.errors }`
			`format.json { render json: @user.errors, status: :unprocessable_entity }`
			`end`
			`end`
			`end`

			`# DELETE /users/1`
			`# DELETE /users/1.json`
			`def destroy`
			`@user.destroy`
			`respond_to do \|format\|`
			`format.html { redirect_to users_url }`
			`format.json { head :no_content }`
			`end`
			`end`

			`private`
			`# Use callbacks to share common setup or constraints between actions.`
			`def set_user`
			`@user = User.find(params[:id])`
			`end`

			`# Never trust parameters from the scary internet, only allow the white list through.`
			`def user_params`
			`params.require(:user).permit(:email, :password, :password_confirmation, :current_password)`
			`end`


			`def admin?`
			`if current_admin.nil?`
			`redirect_to new_admin_session_path, notice: 'Please login as an Admin.'`
			`end`

			`end`
			`end`