impress/app/controllers/users_controller.rb

class UsersController < ApplicationController
  before_action :find_and_authorize_user!, :only => [:update]

  def index # search, really
    name = params[:name]
    @user = User.find_by_name(name)
    if @user
      redirect_to user_closet_hangers_path(@user)
    else
      flash[:alert] = t('users.index.not_found', :name => name)
      redirect_to root_path
    end
  end

  def top_contributors
    @users = User.top_contributors.paginate :page => params[:page], :per_page => 20
  end

  def update
    success = @user.update_attributes user_params
    respond_to do |format|
      format.html {
        if success
          flash[:success] = t('users.update.success')
          redirect_back! user_closet_hangers_path(@user)
        else
          flash[:alert] = t('users.update.invalid',
                            :errors => @user.errors.full_messages.to_sentence)
        end
      }

      format.json {
        if success
          render :json => true
        else
          render :json => {:errors => @user.errors.full_messages}, :status => :unprocessable_entity
        end
      }
    end
  end

  protected

  def user_params
    params.require(:user).permit(:owned_closet_hangers_visibility,
      :wanted_closet_hangers_visibility, :contact_neopets_connection_id)
  end

  def find_and_authorize_user!
    if current_user.id == params[:id].to_i
      @user = current_user
    else
      raise AccessDenied
    end
  end
end
top contributors 2010-11-06 09:15:10 -07:00			`class UsersController < ApplicationController`
Upgrade to Rails 5.2.8.1 Some important little upgrades but mostly straightforward! Note that there's still a known issue where item searches crash, I was hoping that this was a bug in Rails 4.2 that would be fixed on upgading to 5, but nope, oh well! Also uhh I just got a bit silly and didn't actually mean to go all the way to 5.2 in one go, I had meant to start at 5.0… but tbh the 5.1 and 5.2 changes seem small, and this seems to be working, so. Yeah ok let's roll! 2023-08-02 16:05:02 -07:00			`before_action :find_and_authorize_user!, :only => [:update]`
neomail link on closets 2011-07-20 12:16:22 -07:00
search by username 2011-08-05 08:28:11 -07:00			`def index # search, really`
			`name = params[:name]`
			`@user = User.find_by_name(name)`
			`if @user`
			`redirect_to user_closet_hangers_path(@user)`
			`else`
i18n for users#index, users#update flashes 2013-01-01 19:34:30 -08:00			`flash[:alert] = t('users.index.not_found', :name => name)`
search by username 2011-08-05 08:28:11 -07:00			`redirect_to root_path`
			`end`
			`end`

top contributors 2010-11-06 09:15:10 -07:00			`def top_contributors`
			`@users = User.top_contributors.paginate :page => params[:page], :per_page => 20`
			`end`
neomail link on closets 2011-07-20 12:16:22 -07:00
			`def update`
Use strong parameters for User 2023-07-29 11:07:14 -07:00			`success = @user.update_attributes user_params`
closet neopets username 2011-07-22 11:02:04 -07:00			`respond_to do \|format\|`
			`format.html {`
			`if success`
i18n for users#index, users#update flashes 2013-01-01 19:34:30 -08:00			`flash[:success] = t('users.update.success')`
closet neopets username 2011-07-22 11:02:04 -07:00			`redirect_back! user_closet_hangers_path(@user)`
			`else`
i18n for users#index, users#update flashes 2013-01-01 19:34:30 -08:00			`flash[:alert] = t('users.update.invalid',`
			`:errors => @user.errors.full_messages.to_sentence)`
closet neopets username 2011-07-22 11:02:04 -07:00			`end`
			`}`

			`format.json {`
			`if success`
			`render :json => true`
			`else`
			`render :json => {:errors => @user.errors.full_messages}, :status => :unprocessable_entity`
			`end`
			`}`
			`end`
neomail link on closets 2011-07-20 12:16:22 -07:00			`end`

			`protected`

Use strong parameters for User 2023-07-29 11:07:14 -07:00			`def user_params`
			`params.require(:user).permit(:owned_closet_hangers_visibility,`
			`:wanted_closet_hangers_visibility, :contact_neopets_connection_id)`
			`end`

neomail link on closets 2011-07-20 12:16:22 -07:00			`def find_and_authorize_user!`
			`if current_user.id == params[:id].to_i`
			`@user = current_user`
			`else`
			`raise AccessDenied`
			`end`
			`end`
top contributors 2010-11-06 09:15:10 -07:00			`end`
neomail link on closets 2011-07-20 12:16:22 -07:00