users_controller

1. class UsersController < ApplicationController
2. before_filter :signed_in_user, :only => [:edit, :update, :index]
3. before_filter :correct_user, :only => [:edit, :update]
4.  
5.  
6.   def show
7.     @user = User.find(params[:id])
8.   end
9.  
10.   def new
11.     @user = User.new
12.   end
13.  
14.   def index
15.     @users = User.all
16.   end
17.  
18.  
19.   def create
20.     @user = User.new(params[:user])
21.     if @user.save
22.       sign_in @user
23.       flash[:success] = "Welcome to the Sample App!"
24.       redirect_to @user
25.     else
26.       render 'new'
27.     end
28.   end
29.  
30.   def edit
31.   # no longer need this b/c we force users to only go to their own edit page
32.     @user = User.find(params[:id])
33.   end
34.  
35.   def update
36.     # no longer need this b/c we force users to only go to their own update page
37.     @user = User.find(params[:id])
38.     if @user.update_attributes(params[:user])
39.       flash[:success] = "Profile updated"
40.       sign_in @user
41.       redirect_to @user
42.     else
43.       render 'edit'
44.     end
45.   end
46.  
47.   private
48.     def signed_in_user
49.       unless signed_in?
50.         store_location
51.         redirect_to signin_path, :notice => "Please sign in."
52.       end
53.     end
54.    
55.     def correct_user
56.       @user = User.find(params[:id])
57.       redirect_to(root_path) unless current_user?(@user)
58.     end
59.    
60.    
61.  
62.  
63.  
64.  
65. end