demarches-normaliennes/app/controllers/users/profil_controller.rb

module Users
  class ProfilController < UserController
    before_action :redirect_if_instructeur,
      only: :update_email,
      if: -> { instructeur_signed_in? }

    def show
      @waiting_transfers = current_user.dossiers.joins(:transfer).group('dossier_transfers.email').count.to_a
    end

    def renew_api_token
      @token = current_administrateur.renew_api_token
      flash.now.notice = 'Votre jeton a été regénéré.'
      render :show
    end

    def update_email
      if current_user.update(update_email_params)
        flash.notice = t('devise.registrations.update_needs_confirmation')
      elsif current_user.errors&.details&.dig(:email)&.any? { |e| e[:error] == :taken }
        UserMailer.account_already_taken(current_user, requested_email).deliver_later
        # avoid leaking information about whether an account with this email exists or not
        flash.notice = t('devise.registrations.update_needs_confirmation')
      else
        flash.alert = current_user.errors.full_messages
      end

      redirect_to profil_path
    end

    def transfer_all_dossiers
      DossierTransfer.initiate(next_owner_email, current_user.dossiers)
      flash.notice = t('.new_transfer', count: current_user.dossiers.count, email: next_owner_email)
      redirect_to profil_path
    end

    private

    def update_email_params
      params.require(:user).permit(:email)
    end

    def requested_email
      update_email_params[:email]
    end

    def redirect_if_instructeur
      redirect_to profil_path
    end

    def next_owner_email
      params[:next_owner]
    end
  end
end
Profil: accessible to all roles 2019-07-02 18:15:03 +02:00			`module Users`
			`class ProfilController < UserController`
[link to #4557] An instructeur cannot change its email on its own 2019-12-09 17:11:12 +01:00			`before_action :redirect_if_instructeur,`
			`only: :update_email,`
			`if: -> { instructeur_signed_in? }`

Profile: move to new design 2018-08-23 18:53:35 +02:00			`def show`
[Fix #6481] a user see its waiting transfers 2021-09-20 13:26:57 +02:00			`@waiting_transfers = current_user.dossiers.joins(:transfer).group('dossier_transfers.email').count.to_a`
Profile: move to new design 2018-08-23 18:53:35 +02:00			`end`

			`def renew_api_token`
Api Token: store token in an encrypted form 2018-08-24 16:45:43 +02:00			`@token = current_administrateur.renew_api_token`
Profil: display token only once 2018-08-24 14:19:44 +02:00			`flash.now.notice = 'Votre jeton a été regénéré.'`
			`render :show`
Profile: move to new design 2018-08-23 18:53:35 +02:00			`end`
[fix #1709] A user can change its email 2019-07-08 10:40:50 +02:00
			`def update_email`
@current_user -> current_user 2019-12-09 16:50:30 +01:00			`if current_user.update(update_email_params)`
[fix #1709] A user can change its email 2019-07-08 10:40:50 +02:00			`flash.notice = t('devise.registrations.update_needs_confirmation')`
@current_user -> current_user 2019-12-09 16:50:30 +01:00			`elsif current_user.errors&.details&.dig(:email)&.any? { \|e\| e[:error] == :taken }`
			`UserMailer.account_already_taken(current_user, requested_email).deliver_later`
profile: send an email when the account is already taken 2019-07-09 17:08:27 +02:00			`# avoid leaking information about whether an account with this email exists or not`
[fix #1709] A user can change its email 2019-07-08 10:40:50 +02:00			`flash.notice = t('devise.registrations.update_needs_confirmation')`
			`else`
@current_user -> current_user 2019-12-09 16:50:30 +01:00			`flash.alert = current_user.errors.full_messages`
[fix #1709] A user can change its email 2019-07-08 10:40:50 +02:00			`end`

			`redirect_to profil_path`
			`end`

a user can transfer all its dossier 2021-09-20 13:14:03 +02:00			`def transfer_all_dossiers`
			`DossierTransfer.initiate(next_owner_email, current_user.dossiers)`
			`flash.notice = t('.new_transfer', count: current_user.dossiers.count, email: next_owner_email)`
			`redirect_to profil_path`
			`end`

[fix #1709] A user can change its email 2019-07-08 10:40:50 +02:00			`private`

			`def update_email_params`
			`params.require(:user).permit(:email)`
			`end`
profile: send an email when the account is already taken 2019-07-09 17:08:27 +02:00
			`def requested_email`
			`update_email_params[:email]`
			`end`
[link to #4557] An instructeur cannot change its email on its own 2019-12-09 17:11:12 +01:00
			`def redirect_if_instructeur`
			`redirect_to profil_path`
			`end`
a user can transfer all its dossier 2021-09-20 13:14:03 +02:00
			`def next_owner_email`
			`params[:next_owner]`
			`end`
Profile: move to new design 2018-08-23 18:53:35 +02:00			`end`
			`end`