railsgoat/app/controllers/admin_controller.rb

class AdminController < ApplicationController
  before_action :administrative, :if => :admin_param, :except => [:get_user]
  skip_before_action :has_info

  def dashboard
  end

  def analytics
    if params[:field].nil?
      fields = "*"
    else
      fields = params[:field].map {|k,v| k }.join(",")
    end

    if params[:ip]
      @analytics = Analytics.hits_by_ip(params[:ip], fields)
    else
      @analytics = Analytics.all
    end
  end

  def get_all_users
    @users = User.all
    render layout: false
  end

  def get_user
    @user = User.find_by_id(params[:admin_id].to_s)
    arr = ["true", "false"]
    @admin_select = @user.admin ? arr : arr.reverse
    render layout: false
  end

  def update_user
    user = User.find_by_id(params[:admin_id])
    if user
      user.update_attributes(params[:user].reject { |k| k == ("password" || "password_confirmation") })
      pass = params[:user][:password]
      user.password = pass if !(pass.blank?)
      user.save!
      message = true
    end
    respond_to do |format|
      format.json { render :json => { :msg => message ? "success" : "failure"} }
    end
  end

  def delete_user
    user = User.find_by_user_id(params[:admin_id])
    if user && !(current_user.user_id == user.user_id)
      # Call destroy here so that all association records w/ user_id are destroyed as well
      # Example user.retirement records would be destroyed
      user.destroy
      message = true
    end
    respond_to do |format|
      format.json { render :json => { :msg => message ? "success" : "failure"} }
    end
  end

  private

  def admin_param
    params[:admin_id] != '1'
  end
end