2015-09-23 19:20:03 +02:00
|
|
|
|
class UsersController < ApplicationController
|
|
|
|
|
before_action :authenticate_user!
|
2015-10-09 16:26:39 +02:00
|
|
|
|
|
2016-02-01 18:18:55 +01:00
|
|
|
|
def index
|
|
|
|
|
redirect_to root_path
|
|
|
|
|
end
|
|
|
|
|
|
2015-10-09 16:26:39 +02:00
|
|
|
|
def current_user_dossier dossier_id=nil
|
2016-01-25 15:54:21 +01:00
|
|
|
|
dossier_id ||= params[:dossier_id] || params[:id]
|
2015-10-09 16:26:39 +02:00
|
|
|
|
|
2016-09-14 16:36:01 +02:00
|
|
|
|
dossier = Dossier.find(dossier_id)
|
|
|
|
|
|
|
|
|
|
return dossier if dossier.owner?(current_user.email) || dossier.invite_by_user?(current_user.email)
|
|
|
|
|
|
|
|
|
|
raise ActiveRecord::RecordNotFound
|
2015-10-09 16:26:39 +02:00
|
|
|
|
end
|
2016-01-25 15:54:21 +01:00
|
|
|
|
|
2016-01-26 15:52:05 +01:00
|
|
|
|
def authorized_routes? controller
|
2016-01-25 15:54:21 +01:00
|
|
|
|
redirect_to_root_path 'Le status de votre dossier n\'autorise pas cette URL' unless UserRoutesAuthorizationService.authorized_route?(
|
2016-01-26 15:52:05 +01:00
|
|
|
|
controller,
|
|
|
|
|
current_user_dossier)
|
2016-01-25 15:54:21 +01:00
|
|
|
|
rescue ActiveRecord::RecordNotFound
|
|
|
|
|
redirect_to_root_path 'Vous n’avez pas accès à ce dossier.'
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
def redirect_to_root_path message
|
|
|
|
|
flash.alert = message
|
|
|
|
|
redirect_to url_for root_path
|
|
|
|
|
end
|
2017-04-04 15:27:04 +02:00
|
|
|
|
end
|