tabletop-companion/app/controllers/users_controller.rb

76 lines
1.7 KiB
Ruby

# frozen_string_literal: true
class UsersController < ApplicationController
skip_before_action :authenticate, only: [ :new, :create ]
before_action :set_user, only: [ :show, :edit, :update ]
before_action :ensure_self, only: [ :edit, :update ]
def new
@user = User.new
end
def create
@user = User.new(new_user_params)
if @user.save
token = @user.generate_token_for(:email_verification)
UserMailer.with(user: @user, token: token).email_verification.deliver_later
flash[:notice] = t(".success", name: @user.first_name)
redirect_to login_path
else
flash[:alert] = t(".error", error: @user.errors.full_messages.to_sentence)
render :new, status: :unprocessable_entity
end
end
def show
if @user == Current.user
@table_invites = TableInvite.where(email: @user.email).not_responded
end
end
def edit
end
def update
if @user.update(existing_user_params)
redirect_to @user, notice: t(".success")
else
flash.now[:alert] = t(".error")
render :edit, status: :unprocessable_entity
end
end
private
def new_user_params
params.require(:user).permit(
:username,
:password,
:password_confirmation,
:email,
:first_name,
:last_name,
)
end
def existing_user_params
params.require(:user).permit(
:password,
:password_confirmation,
:password_challenge,
:first_name,
:last_name,
:profile,
:avatar,
)
end
def set_user
@user = User.find_by(username: params[:id])
end
def ensure_self
head :forbidden unless @user == Current.user || Current.user.admin?
end
end