minimal_user_controller.rb

class MinimalUserController < ApplicationController
  
  # list all users
  def index
    @users = User.all.to_json
  end
  
  # view a user
  def show
    @user = User.find(params[:id])
  end
  
end

my_profile_controller.rb

class MyProfileController < ApplicationController
  
  before_action :set_user
  
  # view the currently logged-in user
  def show
    @user.to_json
  end
  
  # update the currently logged-in user
  def update
    @user.update_attributes(params[:user])
    @user.to_json
  end
  
  private
  
  def set_user
    @user = current_user
  end
  
end

user_controller.rb

class UserController < ApplicationController
  
  before_action :set_user
  
  # list all users
  def index
    @users = User.all.to_json
  end
  
  # view a user
  def show
    if current_user == @user
      render :my_profile_page
    else
      render :generic_profile_page, locals: {user: @user}
    end
  end
  
  # update the currently logged-in user
  def update
    
    # users can only update their own details
    if current_user == @user
      @user.update(params[:user])
      @user.to_json
    else
      # the currently logged-in user isn't the same as
      # target, return a 401
      head :unauthorized
    end
    
  end
  
  private
  
  def set_user
    @user = User.find(params[:id])
  end
  
end