1 files changed, 7 insertions, 21 deletions

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 1404b0e..4d198b9 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -5,11 +5,9 @@
 class UsersController < ApplicationController
   include ControllerExtension::FetchUser
 
-  before_filter :require_login, :except => [:new]
-  before_filter :redirect_if_logged_in, :only => [:new]
+  before_filter :require_login
   before_filter :require_admin, :only => [:index, :deactivate, :enable]
-  before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable]
-  before_filter :require_registration_allowed, only: :new
+  before_filter :fetch_user, :only => [:show, :edit, :destroy, :deactivate, :enable]
 
   respond_to :html
 
@@ -27,25 +25,12 @@ class UsersController < ApplicationController
     @users = @users.limit(100)
   end
 
-  def new
-    @user = User.new
-  end
-
   def show
   end
 
   def edit
   end
 
-  ## added so updating service level works, but not sure we will actually want this. also not sure that this is place to prevent user from updating own effective service level, but here as placeholder:
-  def update
-    @user.update_attributes(params[:user]) unless (!admin? and params[:user][:effective_service_level])
-    if @user.valid?
-      flash[:notice] = I18n.t(:changes_saved)
-    end
-    respond_with @user, :location => edit_user_path(@user)
-  end
-
   def deactivate
     @user.account.disable
     flash[:notice] = I18n.t("actions.user_disabled_message", username: @user.username)
@@ -73,10 +58,11 @@ class UsersController < ApplicationController
 
   protected
 
-  def require_registration_allowed
-    unless APP_CONFIG[:allow_registration]
-      redirect_to home_path
+  def user_params
+    if admin?
+      params.require(:user).permit(:effective_service_level)
+    else
+      params.require(:user).permit(:password, :password_confirmation)
     end
   end
-
 end