moved delete button away from submit button (duh), and changed delete a user to a POST request after realizing a spider might wreak havoc on that and delete all users

2013-05-21 00:42:56 -04:00
parent bd95958f17
commit b2e2a1b4b0
3 changed files with 8 additions and 3 deletions
@@ -10,6 +10,8 @@ class AdminController < ApplicationController
  
  def get_user
    @user = User.find_by_id(params[:admin_id].to_s)
+    arr = ["true", "false"]
+    @admin_select = @user.admin ? arr : arr.reverse
    render :partial => "layouts/admin/get_user"
  end
  
@@ -27,6 +27,9 @@
 		
 		  <%= f.label :password_confirmation, nil, {:class => "control-label"}%>
 		  <%= f.password_field :password_confirmation, {:class => "span12", :placeholder => "Enter Password"} %>
+		  
+		  <%= f.label :admin, nil, {:class => "control-label"}%>
+		  <%= f.select(:admin, @admin_select) %>
        </div>
      </div>
      <div class="row-fluid">  
@@ -36,7 +39,7 @@
      <button class="btn" data-dismiss="modal" aria-hidden="true">
        Close
      </button>
-         <%= link_to "Delete", "#", {:id => "delete_button", :class => "btn btn-danger"} %>	
+         <%= link_to "Delete", "#", {:id => "delete_button", :class => "btn btn-danger pull-left"} %>	
         <%= f.submit "Submit", {:id => 'submit_button', :class => "btn btn-primary pull-right"} %>
    </div>
 	     <% end %>
@@ -69,7 +72,7 @@ $('#delete_button').click(function() {
 	
 	$.ajax({
      url: "/admin/" +  <%= @user.id %> + "/delete_user.json",
-	  type: "GET",
+	  type: "POST",
 	  success: function(response) {
 	  	$('#success').show(500).delay(1500).fadeOut();
 		loadTable();
@@ -31,7 +31,7 @@ end
 resources :admin do
  get "dashboard"
  get "get_user"
-  get "delete_user"
+  post "delete_user"
  put "update_user"
  get "get_all_users"
 end