class UsersController < ApplicationController before_action :logged_in_user, only: [ :index, :edit, :update, :show] before_action :correct_user, only: [:edit, :update] def index @users = User.all end def new @user = User.new end def show @user = User.find(params[:id]) end def create @user = User.new(user_params) if @user.save log_in @user flash[:success] = "Welcome to the Sample App!" redirect_to @user else render 'new' end end def order @user = User.find(params[:id]) end def edit @user = User.find(params[:id]) end def update @user = User.find(params[:id]) if @user.update_attributes(user_params) redirect_to @user else render 'edit' end end private def user_params params.require(:user).permit(:name, :marks) end # Confirms a logged-in user. def logged_in_user unless logged_in? store_location flash[:danger] = "Please log in." redirect_to login_url end end # Confirms the correct user. def correct_user @user = User.find(params[:id]) redirect_to(root_url) unless current_user?(@user) end end