Do we really need all these routes on /users ?
We create and manage users mostly through Devise, and we store Profile information on the Profile. These pages are mostly empty, and I think we can get rid of a lot of them.
We also need to update the UserPolicy - right now it gives access to all Users.
Here's my thoughts on each of the current routes/views, and whether we need them:
users (index)
Do we need this? Could it be useful for admins? I think no, and we can add it back if we decide it is useful.
users/:id (show)
Include links to update password/email
Include links to profile(s) associated with the user
Admin access? I think yes.
users/:id/edit (and update)
Kill this route. We don't need it. (Unless some of the edit-y stuff from show moves here).
users/:id/new (and create)
Oh, definitely kill this one. I don't want them making users outside devise.
users/:id/destroy
We might need this one for GDPR. How does this work? Are we cascade deleting?
Description
Do we really need all these routes on /users ? We create and manage users mostly through Devise, and we store Profile information on the Profile. These pages are mostly empty, and I think we can get rid of a lot of them.
We also need to update the UserPolicy - right now it gives access to all Users.
Here's my thoughts on each of the current routes/views, and whether we need them: