# frozen_string_literal: true class UsersController < ApplicationController skip_before_action :authenticate, only: [ :new, :create ] before_action :set_user, only: [ :show, :edit, :update ] before_action :ensure_self, only: [ :edit, :update ] def new @user = User.new end def create @user = User.new(new_user_params) if @user.save token = @user.generate_token_for(:email_verification) UserMailer.with(user: @user, token: token).email_verification.deliver_later flash[:notice] = t(".success", name: @user.first_name) redirect_to login_path else flash[:alert] = t(".error", error: @user.errors.full_messages.to_sentence) render :new, status: :unprocessable_entity end end def show if @user == Current.user @table_invites = TableInvite.where(email: @user.email).not_responded end end def edit end def update if @user.update(existing_user_params) redirect_to @user, notice: t(".success") else flash.now[:alert] = t(".error") render :edit, status: :unprocessable_entity end end private def new_user_params params.require(:user).permit( :username, :password, :password_confirmation, :email, :first_name, :last_name, ) end def existing_user_params params.require(:user).permit( :password, :password_confirmation, :password_challenge, :first_name, :last_name, :profile, ) end def set_user @user = User.find_by(username: params[:id]) end def ensure_self head :forbidden unless @user == Current.user || Current.user.admin? end end