school-platform/app/controllers/users_controller.rb

class UsersController < ApplicationController

  before_action :set_user, only: [:show, :edit, :update, :destroy]
  before_action :correct_user, only: [:edit, :update]

  def index
    respond_to do |format|
      @users = User.all
      format.json
      format.html
    end
  end

  def show
  end

  def new
  end

  def edit
  end

  def update
    if @user.update(user_params)
      flash[:success] = 'Profile updated'
      redirect_to @user
    else
      render :edit
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_user
      @user = User.find(params[:id])
    end

    # Only allow certain attributes to be updated over the web.
    def user_params
      params.require(:user).permit(:login, :email, :password,
                                   :password_confirmation,
                                   :gender, :phone, :picture)
    end

    # Confirms the correct user.
    def correct_user
      @user = User.find(params[:id])
      redirect_to(root_url) unless current_user?(@user)
    end
end