users_controller.rb 3.1KB

    class Admin::UsersController < ApplicationController before_action :authenticate_admin!, except: [:switch_back] before_action :find_user, only: [:edit, :destroy, :update, :deactivate, :activate, :switch_to_user] helper_method :resource def index @users = User.reorder('created_at DESC').page(params[:page]) respond_to do |format| format.html format.json { render json: @users } end end def new @user = User.new end def create @user = User.new(user_params) @user.requires_no_invitation_code! respond_to do |format| if @user.save DefaultScenarioImporter.import(@user) format.html { redirect_to admin_users_path, notice: "User '#{@user.username}' was successfully created." } format.json { render json: @user, status: :ok, location: admin_users_path(@user) } else format.html { render action: 'new' } format.json { render json: @user.errors, status: :unprocessable_entity } end end end def edit end def update params[:user].except!(:password, :password_confirmation) if params[:user][:password].blank? @user.assign_attributes(user_params) respond_to do |format| if @user.save format.html { redirect_to admin_users_path, notice: "User '#{@user.username}' was successfully updated." } format.json { render json: @user, status: :ok, location: admin_users_path(@user) } else format.html { render action: 'edit' } format.json { render json: @user.errors, status: :unprocessable_entity } end end end def destroy @user.destroy respond_to do |format| format.html { redirect_to admin_users_path, notice: "User '#{@user.username}' was deleted." } format.json { head :no_content } end end def deactivate @user.deactivate! respond_to do |format| format.html { redirect_to admin_users_path, notice: "User '#{@user.username}' was deactivated." } format.json { render json: @user, status: :ok, location: admin_users_path(@user) } end end def activate @user.activate! respond_to do |format| format.html { redirect_to admin_users_path, notice: "User '#{@user.username}' was activated." } format.json { render json: @user, status: :ok, location: admin_users_path(@user) } end end # allow an admin to sign-in as any other user def switch_to_user if current_user != @user old_user = current_user sign_in(:user, @user, { bypass: true }) session[:original_admin_user_id] = old_user.id end redirect_to agents_path end def switch_back if session[:original_admin_user_id].present? sign_in(:user, User.find(session[:original_admin_user_id]), { bypass: true }) session.delete(:original_admin_user_id) else redirect_to(root_path, alert: 'You must be an admin acting as a different user to do that.') and return end redirect_to admin_users_path end private def user_params params.require(:user).permit(:email, :username, :password, :password_confirmation, :admin) end def find_user @user = User.find(params[:id]) end def resource @user end end