class AccountsController < ApplicationController before_action :set_user, only: [:show, :edit, :update, :destroy] before_action :admin? def index @users = User.all end def show end def new @user = User.new end def edit if @user.is_admin? redirect_to accounts_path, notice: 'Admins are not editable by other admins.' end end def create @user = User.new(user_params) respond_to do |format| if @user.save format.html { redirect_to account_path(@user), notice: 'User was successfully created.' } format.json { render action: 'show', status: :created, location: @user } else format.html { render action: 'new' } format.json { render json: @user.errors, status: :unprocessable_entity } end end end def update password = params[:user][:current_password] params[:user].delete(:current_password) respond_to do |format| if @user.update(user_params) format.html { redirect_to account_path(@user), notice: 'User was successfully updated.' } format.json { head :no_content } else format.html { render action: 'edit', notice: @user.errors } format.json { render json: @user.errors, status: :unprocessable_entity } end end end # DELETE /users/1 # DELETE /users/1.json def destroy @user.destroy respond_to do |format| format.html { redirect_to accounts_url } format.json { head :no_content } end end private # Use callbacks to share common setup or constraints between actions. def set_user @user = User.find(params[:id]) end # Never trust parameters from the scary internet, only allow the white list through. def user_params params.require(:user).permit(:email, :password, :password_confirmation, :current_password) end def admin? if current_admin.nil? redirect_to new_admin_session_path, notice: 'Please login as an Admin.' end end end