class UsersController < ApplicationController before_filter :this_user, only:

1. class UsersController < ApplicationController
2.   before_filter :this_user, only: [:edit, :update, :destroy]
3.   before_filter :unauthenticated, only: [:create, :new]
4.   before_action :set_user, only: [:show, :edit, :update, :destroy]
5.  
6.   # GET /users
7.   # GET /users.json
8.   def index
9.     @users = User.all
10.   end
11.  
12.   # GET /users/1
13.   # GET /users/1.json
14.   def show
15.   end
16.  
17.   # GET /users/new
18.   def new
19.     @user = User.new
20.   end
21.  
22.   # GET /users/1/edit
23.   def edit
24.   end
25.  
26.   # POST /users
27.   # POST /users.json
28.   def create
29.     user_params[:username] = user_params[:username].downcase
30.     @user = User.new(user_params)
31.  
32.     respond_to do |format|
33.       if @user.save
34.         format.html { redirect_to @user, notice: 'User was successfully created.' }
35.         format.json { render :show, status: :created, location: @user }
36.       else
37.         format.html { render :new }
38.         format.json { render json: @user.errors, status: :unprocessable_entity }
39.       end
40.     end
41.   end
42.  
43.   # PATCH/PUT /users/1
44.   # PATCH/PUT /users/1.json
45.   def update
46.     respond_to do |format|
47.       if @user.update(user_params)
48.         format.html { redirect_to @user, notice: 'User was successfully updated.' }
49.         format.json { render :show, status: :ok, location: @user }
50.       else
51.         format.html { render :edit }
52.         format.json { render json: @user.errors, status: :unprocessable_entity }
53.       end
54.     end
55.   end
56.  
57.   # DELETE /users/1
58.   # DELETE /users/1.json
59.   def destroy
60.     @user.destroy
61.     respond_to do |format|
62.       format.html { redirect_to users_url }
63.       format.json { head :no_content }
64.     end
65.   end
66.  
67.   private
68.     # Use callbacks to share common setup or constraints between actions.
69.     def set_user
70.       @user = User.find(params[:id])
71.     end
72.  
73.     # Never trust parameters from the scary internet, only allow the white list through.
74.     def user_params
75.       params.require(:user).permit(:username, :email, :password, :password_confirmation)
76.     end
77.  
78.     def unauthenticated
79.       if session[:user_id]
80.         redirect_to root_path
81.       end
82.     end
83.  
84.     def this_user
85.       user = User.find_by id: session[:user_id]
86.  
87.       unless user
88.         render nothing: true, status: :forbidden
89.       end
90.     end
91. end