2015-09-23 19:20:03 +02:00
|
|
|
|
class UsersController < ApplicationController
|
|
|
|
|
before_action :authenticate_user!
|
2015-10-09 16:26:39 +02:00
|
|
|
|
|
2016-02-01 18:18:55 +01:00
|
|
|
|
def index
|
|
|
|
|
redirect_to root_path
|
|
|
|
|
end
|
|
|
|
|
|
2018-01-15 21:47:55 +01:00
|
|
|
|
def current_user_dossier dossier_id = nil
|
2016-01-25 15:54:21 +01:00
|
|
|
|
dossier_id ||= params[:dossier_id] || params[:id]
|
2015-10-09 16:26:39 +02:00
|
|
|
|
|
2016-09-14 16:36:01 +02:00
|
|
|
|
dossier = Dossier.find(dossier_id)
|
|
|
|
|
|
|
|
|
|
return dossier if dossier.owner?(current_user.email) || dossier.invite_by_user?(current_user.email)
|
|
|
|
|
|
|
|
|
|
raise ActiveRecord::RecordNotFound
|
2015-10-09 16:26:39 +02:00
|
|
|
|
end
|
2016-01-25 15:54:21 +01:00
|
|
|
|
|
2016-01-26 15:52:05 +01:00
|
|
|
|
def authorized_routes? controller
|
2018-01-15 19:29:44 +01:00
|
|
|
|
if !UserRoutesAuthorizationService.authorized_route?(controller, current_user_dossier)
|
|
|
|
|
redirect_to_root_path 'Le statut de votre dossier n\'autorise pas cette URL'
|
|
|
|
|
end
|
|
|
|
|
|
2016-01-25 15:54:21 +01:00
|
|
|
|
rescue ActiveRecord::RecordNotFound
|
|
|
|
|
redirect_to_root_path 'Vous n’avez pas accès à ce dossier.'
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
def redirect_to_root_path message
|
|
|
|
|
flash.alert = message
|
|
|
|
|
redirect_to url_for root_path
|
|
|
|
|
end
|
2017-04-04 15:27:04 +02:00
|
|
|
|
end
|