class UsersController < ApplicationController before_action :logged_in_user, only: [:edit, :update, :show] def new @user = User.new end def show @user = User.find(params[:id]) end def create @user = User.new(user_params) if @user.save log_in @user flash[:success] = "Welcome to the Sample App!" redirect_to @user else render 'new' end end def order @user = User.find(params[:id]) end def edit @user = User.find(params[:id]) end def update @user = User.find(params[:id]) if @user.update_attributes(user_params) redirect_to @user else render 'edit' end end private def user_params params.require(:user).permit(:name, :marks) end # Confirms a logged-in user. def logged_in_user unless logged_in? flash[:danger] = "Please log in." redirect_to login_url end end end