class API::UsersController < API::ApiController before_action :authenticate_user! def index if current_user.admin? && params[:role] == 'partner' @users = User.with_role(:partner).includes(:profile) else head 403 end end def create if current_user.admin? generated_password = Devise.friendly_token.first(8) @user = User.new(email: partner_params[:email], username: "#{partner_params[:first_name]}#{partner_params[:last_name]}", password: generated_password, password_confirmation: generated_password, group_id: Group.first.id) @user.build_profile(first_name: partner_params[:first_name], last_name: partner_params[:last_name], gender: true, birthday: Time.now, phone: '0000000000') if @user.save @user.remove_role :member @user.add_role :partner render status: :created else render json: @user.errors.full_messages, status: :unprocessable_entity end else head 403 end end private def partner_params params.require(:user).permit(:email, :first_name, :last_name) end end