demarches-normaliennes/app/controllers/users_controller.rb

class UsersController < ApplicationController
  before_action :authenticate_user!

  def index
    redirect_to root_path
  end

  def current_user_dossier dossier_id = nil
    dossier_id ||= params[:dossier_id] || params[:id]

    dossier = Dossier.find(dossier_id)

    return dossier if dossier.owner?(current_user.email) || dossier.invite_by_user?(current_user.email)

    raise ActiveRecord::RecordNotFound
  end

  def authorized_routes? controller
    if !UserRoutesAuthorizationService.authorized_route?(controller, current_user_dossier)
      redirect_to_root_path 'Le statut de votre dossier n\'autorise pas cette URL'
    end

  rescue ActiveRecord::RecordNotFound
    redirect_to_root_path 'Vous n’avez pas accès à ce dossier.'
  end

  private

  def redirect_to_root_path message
    flash.alert = message
    redirect_to url_for root_path
  end
end
-												move controller into users folder
											
										
										
											2015-09-23 19:20:03 +02:00
+								class UsersController < ApplicationController
 								  before_action :authenticate_user!
-												add current_user_dossier function at UserController

											
										
										
											2015-10-09 16:26:39 +02:00
-												add routes path /users

											
										
										
											2016-02-01 18:18:55 +01:00
+								  def index
 								    redirect_to root_path
 								  end
-												Enable the Layout/SpaceAroundEqualsInParameterDefault cop
											
										
										
											2018-01-15 21:47:55 +01:00
+								  def current_user_dossier dossier_id = nil
-												Add restriction on User's URL based on Dossier state

											
										
										
											2016-01-25 15:54:21 +01:00
+								    dossier_id ||= params[:dossier_id] || params[:id]
-												add current_user_dossier function at UserController

											
										
										
											2015-10-09 16:26:39 +02:00
-												User can invite other user to edit his dossier

											
										
										
											2016-09-14 16:36:01 +02:00
+								    dossier = Dossier.find(dossier_id)
 								    return dossier if dossier.owner?(current_user.email) || dossier.invite_by_user?(current_user.email)
 								    raise ActiveRecord::RecordNotFound
-												add current_user_dossier function at UserController

											
										
										
											2015-10-09 16:26:39 +02:00
+								  end
-												Add restriction on User's URL based on Dossier state

											
										
										
											2016-01-25 15:54:21 +01:00
-												Refactor Url restriction system

											
										
										
											2016-01-26 15:52:05 +01:00
+								  def authorized_routes? controller
-												Enable the Layout/MultilineMethodCallBraceLayout cop
											
										
										
											2018-01-15 19:29:44 +01:00
+								    if !UserRoutesAuthorizationService.authorized_route?(controller, current_user_dossier)
 								      redirect_to_root_path 'Le statut de votre dossier n\'autorise pas cette URL'
 								    end
-												Add restriction on User's URL based on Dossier state

											
										
										
											2016-01-25 15:54:21 +01:00
+								  rescue ActiveRecord::RecordNotFound
 								    redirect_to_root_path 'Vous n’avez pas accès à ce dossier.'
 								  end
 								  private
 								  def redirect_to_root_path message
 								    flash.alert = message
 								    redirect_to url_for root_path
 								  end
-												Files should end with a new line

											
										
										
											2017-04-04 15:27:04 +02:00
+								end