From db9f668e40c8a7a653f9ae8810075134d9b0b14f Mon Sep 17 00:00:00 2001
From: Jesse Tilro <jesse@jessetilro.nl>
Date: Sat, 20 May 2017 13:44:58 +0200
Subject: [PATCH] Clean up users controller for password updates.

---
 app/controllers/admin/users_controller.rb | 20 ++++++++--------
 app/controllers/users_controller.rb       | 28 +++++++++++------------
 2 files changed, 22 insertions(+), 26 deletions(-)

diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 1b187cd3f..f13b3f481 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -58,7 +58,7 @@ class Admin::UsersController < Admin::ApplicationController
   end
 
   def update_user
-    if @user.update params[:user][:password].to_s.empty? ? user_params : user_params_pwd
+    if @user.update user_params
       flash[:success] = "Succesfully updated user"
       redirect_to admin_user_path(@user)
     else
@@ -118,23 +118,21 @@ class Admin::UsersController < Admin::ApplicationController
 
   protected
   def user_params
-    params.require(:user).permit(
+    prms = params.require(:user).permit(
       :first_name,
       :last_name,
       :email,
-      :authorization_level
-    )
-  end
-
-  def user_params_pwd
-    params.require(:user).permit(
-      :first_name,
-      :last_name,
       :password,
       :password_confirmation,
-      :email,
       :authorization_level
     )
+
+    if prms[:password].blank?
+      prms.delete :password
+      prms.delete :password_confirmation
+    end
+
+    prms
   end
 
   def group_params
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 388a62aa4..1a4343fe0 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -9,32 +9,30 @@ class UsersController < ApplicationController
   end
 
   def update
-    if @user = User.find(params[:id])
-      if @user.update params[:user][:password].to_s.empty? ? user_params : user_params_pwd
-        render 'show' and return
-      end
+    if @user.update user_params
+      redirect_to user_path(@user)
+    else
+      render 'edit'
     end
-
-    render 'edit'
   end
 
   protected
-  def user_params
-    params.require(:user).permit(
-      :first_name,
-      :last_name,
-      :email
-    )
-  end
 
-  def user_params_pwd
-    params.require(:user).permit(
+  def user_params
+    prms = params.require(:user).permit(
       :first_name,
       :last_name,
       :email,
       :password,
       :password_confirmation
     )
+
+    if prms[:password].blank?
+      prms.delete :password
+      prms.delete :password_confirmation
+    end
+
+    prms
   end
 
 end
-- 
GitLab