This may be a bit subtle, but you might want to encapsulate the
concept of "approve" into the model. As it stands presently, you've
essentially mixed some business logic (what it means to approve a
user) into your controller. If you ever decide to change that concept
you're going to have to visit the controller... and every other place
that relies on User.status = 1 meaning "approved". You might consider
something like this:
By doing this you've encapsulated the 'approved' concept into your
model and you can change your mind about the implementation later. For
example, maybe you want to use the acts_as_state_machine plugin and
introduce the idea of suspending the user. That would likely change
how you approve the user and how you test for it. With the code above
you can simply say...
@user = User.find(params[:id])
redirect :back unless @user.approved?