class UsersController < ApplicationController before_filter :ensure_authenticated!, :only => [:edit, :update] attr_reader :user def show if params[:username] user = User.for_username!(params[:username]) else user = User.find(params[:id]) end render locals: { page: UserPagePresenter.build(user, current_user, params[:page]) } end def edit authorize current_user render locals: { page: UserEditPagePresenter.new(current_user) } end def update authorize current_user @user = User.find(current_user.id) if user.update_attributes(update_params) redirect_to profile_path(user), notice: 'Account settings saved.' else render :edit, status: 422, locals: { page: UserEditPagePresenter.new(user) } end end private def update_params params.require(:user).permit(*policy(user).permitted_attributes) end end