Avoid using _id in queries This makes the queries shorter and easier to read.
Move user lookup and error render to concerns
Fix predicate method names in the user model
Use CanCanCan for user_roles auth
Refactor @this_user to @user Historically we used @user for the currently logged in user, but this was changed to `current_user` in 2017.
Use user_path links. Fixes #1785
Revoking administrator role on current user should fail Fixes #1697 Closes #1701
Avoid using or comparing explicit model ids The code is easier to read using higher-level concepts.
Use current_user to represent the currently logged in user. This is already used by the oauth plugin, and is a general rails convention.
Remove conditions from delete_all Passing conditions directory to delete_all is deprecated in rails 5.0 so use a separate where instead.
Fix some rubocop rails style issues
Standardise on double quoted strings
Fix most auto-correctable rubocop issues
Cleanup trailing whitespace
Replace attr_accessible with strong parameters
Factor out common code for looking up users
Use one "no_such_user" view everywhere
Add functional tests for the user_roles controller
Get rid of custom CSRF protection for user role changes By restricting role changes to POST requests, which they should be anyway, we get all the rails CSRF protection for free.
Turn on mass assignment protection Require any attribute that is going to be mass assigned to be whitelisted, and whitelist those attributes which need it