From 81df249d5c79c452dcb7b1ddd6a94762e3679e01 Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Sat, 30 Dec 2023 22:51:26 +0200 Subject: [PATCH] refactor user roles validate --- app/controllers/users_controller.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 387686a6..a4baaa4d 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -28,9 +28,9 @@ class UsersController < ApplicationController return redirect_to settings_users_path, notice: 'Unable to update user.' if Docuseal.demo? attrs = user_params.compact_blank - attrs.delete(:role) if User::ROLES.exclude?(attrs[:role]) + attrs.delete(:role) if !role_valid?(attrs[:role]) || current_user == @user - if @user.update(attrs.except(current_user == @user ? :role : nil)) + if @user.update(attrs) redirect_to settings_users_path, notice: 'User has been updated' else render turbo_stream: turbo_stream.replace(:modal, template: 'users/edit'), status: :unprocessable_entity @@ -49,6 +49,10 @@ class UsersController < ApplicationController private + def role_valid?(role) + User::ROLES.include?(role) + end + def build_user @user = current_account.users.find_by(email: user_params[:email])&.tap do |user| user.assign_attributes(user_params)