module NewUser class DossiersController < UserController before_action :ensure_ownership! def attestation send_data(dossier.attestation.pdf.read, filename: 'attestation.pdf', type: 'application/pdf') end def identite @dossier = dossier @user = current_user end def update_identite @dossier = dossier individual_updated = @dossier.individual.update(individual_params) dossier_updated = @dossier.update(dossier_params) if individual_updated && dossier_updated flash.notice = "Identité enregistrée" if @dossier.procedure.module_api_carto.use_api_carto redirect_to users_dossier_carte_path(@dossier.id) else redirect_to users_dossier_description_path(@dossier) # Simon should replace this with dossier_path when done end else flash.now.alert = @dossier.errors.full_messages render :identite end end private def dossier Dossier.find(params[:id] || params[:dossier_id]) end def ensure_ownership! if dossier.user != current_user flash[:alert] = "Vous n'avez pas accès à ce dossier" redirect_to root_path end end def individual_params params.require(:individual).permit(:gender, :nom, :prenom, :birthdate) end def dossier_params params.require(:dossier).permit(:autorisation_donnees) end end end