2022-06-24 14:39:35 +02:00
|
|
|
class UsersController < ApplicationController
|
|
|
|
|
before_action :authenticate_user!, only: [:index, :update]
|
|
|
|
|
|
|
|
|
|
def index
|
|
|
|
|
authorize User
|
|
|
|
|
|
|
|
|
|
@users = User
|
|
|
|
|
.all
|
2024-04-10 23:28:58 +02:00
|
|
|
.order(role: :desc, created_at: :desc)
|
2022-06-24 14:39:35 +02:00
|
|
|
|
|
|
|
|
render json: @users
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def update
|
|
|
|
|
@user = User.find(params[:id])
|
|
|
|
|
authorize @user
|
|
|
|
|
|
|
|
|
|
@user.assign_attributes user_update_params
|
|
|
|
|
|
2023-01-18 21:11:27 +01:00
|
|
|
# Handle special case: trying to set user role to 'owner'
|
|
|
|
|
raise Pundit::NotAuthorizedError if @user.owner?
|
|
|
|
|
|
2022-06-24 14:39:35 +02:00
|
|
|
if @user.save
|
|
|
|
|
render json: @user
|
|
|
|
|
else
|
|
|
|
|
render json: {
|
|
|
|
|
error: @user.errors.full_messages
|
|
|
|
|
}, status: :unprocessable_entity
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
def user_update_params
|
|
|
|
|
params
|
|
|
|
|
.require(:user)
|
|
|
|
|
.permit(policy(@user).permitted_attributes_for_update)
|
|
|
|
|
end
|
|
|
|
|
end
|
