Soverein/sanasto-wiki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a69be52b72138cd2a49b87ffb4f70f8cf5d01fe9
sanasto-wiki/app/controllers/admin/users_controller.rb
Runar Ingebrigtsen a69be52b72
CI / scan_ruby (push) Successful in 23s
Details
CI / scan_js (push) Failing after 10s
Details
CI / lint (push) Failing after 19s
Details
CI / test (push) Failing after 16s
Details
CI / system-test (push) Failing after 15s
Details
fix vulnerabilities
2026-01-26 21:38:17 +01:00

59 lines
1.4 KiB
Ruby
Raw Blame History

class Admin::UsersController < Admin::BaseController
before_action :set_user, only: [ :edit, :update, :destroy ]
def index
@users = User.order(created_at: :desc)
.by_role(params[:role])
.search_email(params[:q])
end
def edit
end
def update
# Prevent users from modifying their own role
if @user == current_user && user_params[:role].present?
redirect_to admin_users_path, alert: "You cannot modify your own role."
return
end
if @user.update(user_params)
redirect_to admin_users_path, notice: "User updated successfully."
else
render :edit, status: :unprocessable_entity
end
end
def destroy
if @user == current_user
redirect_to admin_users_path, alert: "You cannot delete your own account."
return
end
if @user == User.first
redirect_to admin_users_path, alert: "Cannot delete the first admin user (system default contact)."
return
end
@user.destroy
redirect_to admin_users_path, notice: "User deleted successfully."
end
private
def set_user
@user = User.find(params[:id])
end
def user_params
permitted = params.require(:user).permit(:name, :email, :primary_language)
# Only allow role if it's a valid role enum value
if params[:user][:role].present? && User.roles.key?(params[:user][:role])
permitted[:role] = params[:user][:role]
end
permitted
end
end
Reference in New Issue View Git Blame Copy Permalink