Add admin permission logic to destroy action in users controller

Author: Ashley Yang

app/controllers/users_controller.rb

@@ -36,11 +36,15 @@ def create
   end
 
   def destroy
-    @user = User.find(params[:id])
-    p @user
-    @user.destroy
+    if admin?
+      @user = User.find(params[:id])
+      @user.destroy
 
-    redirect_to users_path
+      redirect_to users_path
+    else
+      flash[:not_admin] = "You do not have permission to view this page."
+      redirect_to "/"
+    end
   end
 
   private

app/views/categories/index.html.erb

@@ -1,5 +1,6 @@
 <h1 class='title'>Welcome to Chez Ken</h1>
 <h3><%= flash[:notice] %></h3>
+<h3><%= flash[:not_admin] %></h3>
 
 <div class='container'>
       <div class='container col-4-md wd-17-m mg-0'>