protect page with check the owner's dossier

2015-10-09 17:33:33 +02:00 · 2015-10-09 17:33:33 +02:00 · c6ed98b978
commit c6ed98b978
parent 0bd43e538a
11 changed files with 98 additions and 16 deletions
--- a/app/controllers/users/dossiers_controller.rb
+++ b/app/controllers/users/dossiers_controller.rb
@ -5,7 +5,7 @@ class Users::DossiersController < UsersController
  end
  def show

-    @dossier = Dossier.find(params[:id])
+    @dossier = current_user_dossier params[:id]

    @etablissement =  @dossier.etablissement
    @entreprise =  @dossier.entreprise.decorate
@ -43,7 +43,7 @@ class Users::DossiersController < UsersController

  def update

-    @dossier = Dossier.find(params[:id])
+    @dossier = current_user_dossier params[:id]
    if checked_autorisation_donnees?
      @dossier.update_attributes(update_params)