demarches-normaliennes/app/controllers/new_user/dossiers_controller.rb

module NewUser
  class DossiersController < UserController
    before_action :ensure_ownership!

    def attestation
      send_data(dossier.attestation.pdf.read, filename: 'attestation.pdf', type: 'application/pdf')
    end

    private

    def dossier
      Dossier.find(params[:dossier_id])
    end

    def ensure_ownership!
      if dossier.user != current_user
        flash[:alert] = "Vous n'avez pas accès à ce dossier"
        redirect_to root_path
      end
    end
  end
end
New Routes: add new_user/dossier_controller 2017-06-29 14:18:12 +02:00			`module NewUser`
			`class DossiersController < UserController`
			`before_action :ensure_ownership!`

New Routes: add new_user/dossier_controller attestation 2017-06-29 14:18:59 +02:00			`def attestation`
			`send_data(dossier.attestation.pdf.read, filename: 'attestation.pdf', type: 'application/pdf')`
			`end`

New Routes: add new_user/dossier_controller 2017-06-29 14:18:12 +02:00			`private`

			`def dossier`
			`Dossier.find(params[:dossier_id])`
			`end`

			`def ensure_ownership!`
			`if dossier.user != current_user`
			`flash[:alert] = "Vous n'avez pas accès à ce dossier"`
			`redirect_to root_path`
			`end`
			`end`
			`end`
			`end`