mirror of
https://github.com/astuto/astuto.git
synced 2025-12-16 19:57:52 +01:00
37 lines
663 B
Ruby
37 lines
663 B
Ruby
class UsersController < ApplicationController
|
|
before_action :authenticate_user!, only: [:index, :update]
|
|
|
|
def index
|
|
authorize User
|
|
|
|
@users = User
|
|
.all
|
|
.order(role: :desc)
|
|
|
|
render json: @users
|
|
end
|
|
|
|
def update
|
|
@user = User.find(params[:id])
|
|
authorize @user
|
|
|
|
@user.assign_attributes user_update_params
|
|
|
|
if @user.save
|
|
render json: @user
|
|
else
|
|
render json: {
|
|
error: @user.errors.full_messages
|
|
}, status: :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def user_update_params
|
|
params
|
|
.require(:user)
|
|
.permit(policy(@user).permitted_attributes_for_update)
|
|
end
|
|
end
|