dice/impress
1
0
Fork 0
forked from OpenNeo/impress
Code Pull requests Activity
impress/app/controllers/users_controller.rb
Matchu 248e710fcb Use strong parameters for User
2023-10-23 19:05:04 -07:00

57 lines
1.4 KiB
Ruby
Raw Blame History

class UsersController < ApplicationController
before_filter :find_and_authorize_user!, :only => [:update]
def index # search, really
name = params[:name]
@user = User.find_by_name(name)
if @user
redirect_to user_closet_hangers_path(@user)
else
flash[:alert] = t('users.index.not_found', :name => name)
redirect_to root_path
end
end
def top_contributors
@users = User.top_contributors.paginate :page => params[:page], :per_page => 20
end
def update
success = @user.update_attributes user_params
respond_to do |format|
format.html {
if success
flash[:success] = t('users.update.success')
redirect_back! user_closet_hangers_path(@user)
else
flash[:alert] = t('users.update.invalid',
:errors => @user.errors.full_messages.to_sentence)
end
}
format.json {
if success
render :json => true
else
render :json => {:errors => @user.errors.full_messages}, :status => :unprocessable_entity
end
}
end
end
protected
def user_params
params.require(:user).permit(:owned_closet_hangers_visibility,
:wanted_closet_hangers_visibility, :contact_neopets_connection_id)
end
def find_and_authorize_user!
if current_user.id == params[:id].to_i
@user = current_user
else
raise AccessDenied
end
end
end
View git blame Copy permalink