class UsersController < ApplicationController before_action :set_user, only: [:show, :edit, :update, :destroy] before_action :correct_user, only: [:edit, :update] def show end def new end def edit end def update if @user.update(user_params) flash[:success] = 'Profile updated' redirect_to @user else render :edit end end private # Use callbacks to share common setup or constraints between actions. def set_user @user = User.find(params[:id]) end # Only allow certain attributes to be updated over the web. def user_params params.require(:user).permit(:login, :email, :password, :password_confirmation, :gender, :phone, :picture) end # Confirms the correct user. def correct_user @user = User.find(params[:id]) redirect_to(root_url) unless current_user?(@user) end end