This commit improves the admin user management interface while preserving
the intentional mass assignment vulnerability for educational purposes.
Changes:
1. Removed layout false from admin controller to enable full styling
2. Modernized admin users table view with Bootstrap components:
- Added page header with icon and description
- Wrapped table in card component for better visual hierarchy
- Updated admin indicator to use Bootstrap icons
- Modernized Edit button styling
3. Fixed admin update_user action form submission error:
- Previous code caused ForbiddenAttributesError in Rails
- Used to_unsafe_h to explicitly bypass strong parameters
- VULNERABILITY PRESERVED: This intentionally allows mass assignment
- See wiki: Extras:-Mass-Assignment-Admin-Role.md
- Fixed password field filtering to handle blank passwords correctly
The mass assignment vulnerability is maintained as a teaching example per
the OWASP RailsGoat mission. Students can learn about privilege escalation
attacks through the admin parameter.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Ken Johnson
7b77d8281c