better better quota

app/components/admin/users/show.rb

@@ -105,7 +105,7 @@ class Components::Admin::Users::Show < Components::Base
           end
 
           # Admin controls
-          form(action: helpers.set_quota_admin_user_path(@user), method: :post, style: "display: flex; gap: 8px; align-items: center;") do
+          form(action: helpers.admin_user_path(@user), method: :post, style: "display: flex; gap: 8px; align-items: center;") do
             input(type: "hidden", name: "_method", value: "patch")
             input(type: "hidden", name: "authenticity_token", value: helpers.form_authenticity_token)
 
@@ -114,7 +114,7 @@ class Components::Admin::Users::Show < Components::Base
               fetch_strategy: :local,
               dynamic_label: true,
               dynamic_label_prefix: "Quota Policy",
-              form_arguments: { name: :quota_policy }
+              form_arguments: { name: "user[quota_policy]" }
             )) do |panel|
               panel.with_show_button(scheme: :secondary, size: :small) { current_quota_label }
               panel.with_item(label: "Auto-detect (via HCA)", content_arguments: { data: { value: "" } }, active: @user.quota_policy.nil?)

app/controllers/admin/users_controller.rb

@@ -7,34 +7,27 @@ module Admin
     def show
     end
 
+    def update
+      @user.update!(user_params)
+      redirect_to admin_user_path(@user), notice: "User updated."
+    end
+
     def destroy
       @user.destroy!
       redirect_to admin_search_path, notice: "User #{@user.name || @user.email} deleted."
     end
 
-    def set_quota
-      quota_policy = params[:quota_policy]
-
-      # Empty string means auto-detect (clear override)
-      if quota_policy.blank?
-        @user.update!(quota_policy: nil)
-        redirect_to admin_user_path(@user), notice: "Quota policy cleared. Will auto-detect via HCA."
-        return
-      end
-
-      unless %w[verified functionally_unlimited].include?(quota_policy)
-        redirect_to admin_user_path(@user), alert: "Invalid quota policy."
-        return
-      end
-
-      @user.update!(quota_policy: quota_policy)
-      redirect_to admin_user_path(@user), notice: "Quota policy set to #{quota_policy.humanize}."
-    end
-
     private
 
     def set_user
       @user = User.find_by_public_id!(params[:id])
     end
+
+    def user_params
+      params.require(:user).permit(:quota_policy).tap do |p|
+        # Normalize empty string to nil for auto-detect
+        p[:quota_policy] = nil if p[:quota_policy].blank?
+      end
+    end
   end
 end

config/routes.rb

@@ -1,11 +1,7 @@
 Rails.application.routes.draw do
   namespace :admin do
     get "search", to: "search#index"
-    resources :users, only: [ :show, :destroy ] do
-      member do
-        patch "set_quota"
-      end
-    end
+    resources :users, only: [ :show, :update, :destroy ]
     resources :uploads, only: [ :destroy ]
     resources :api_keys, only: [ :destroy ]
   end