2015-09-23 19:20:03 +02:00
|
|
|
|
class UsersController < ApplicationController
|
|
|
|
|
|
before_action :authenticate_user!
|
2015-10-09 16:26:39 +02:00
|
|
|
|
|
|
|
|
|
|
def current_user_dossier dossier_id=nil
|
2016-01-25 15:54:21 +01:00
|
|
|
|
dossier_id ||= params[:dossier_id] || params[:id]
|
2015-10-09 16:26:39 +02:00
|
|
|
|
|
|
|
|
|
|
current_user.dossiers.find(dossier_id)
|
|
|
|
|
|
end
|
2016-01-25 15:54:21 +01:00
|
|
|
|
|
|
|
|
|
|
def authorized_routes?
|
|
|
|
|
|
sub_path = "/users/dossiers/#{current_user_dossier.id}"
|
|
|
|
|
|
|
|
|
|
|
|
redirect_to_root_path 'Le status de votre dossier n\'autorise pas cette URL' unless UserRoutesAuthorizationService.authorized_route?(
|
|
|
|
|
|
(request.env['PATH_INFO']).gsub(sub_path, ''),
|
|
|
|
|
|
current_user_dossier.state,
|
|
|
|
|
|
current_user_dossier.procedure.use_api_carto)
|
|
|
|
|
|
rescue ActiveRecord::RecordNotFound
|
|
|
|
|
|
redirect_to_root_path 'Vous n’avez pas accès à ce dossier.'
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
|
|
def redirect_to_root_path message
|
|
|
|
|
|
flash.alert = message
|
|
|
|
|
|
redirect_to url_for root_path
|
|
|
|
|
|
end
|
2015-09-23 19:20:03 +02:00
|
|
|
|
end
|
