33 lines
870 B
Ruby
33 lines
870 B
Ruby
class UsersController < ApplicationController
|
||
before_action :authenticate_user!
|
||
|
||
def index
|
||
redirect_to root_path
|
||
end
|
||
|
||
def current_user_dossier(dossier_id = nil)
|
||
dossier_id ||= params[:dossier_id] || params[:id]
|
||
|
||
dossier = Dossier.find(dossier_id)
|
||
|
||
return dossier if dossier.owner?(current_user.email) || dossier.invite_by_user?(current_user.email)
|
||
|
||
raise ActiveRecord::RecordNotFound
|
||
end
|
||
|
||
def authorized_routes?(controller)
|
||
if !UserRoutesAuthorizationService.authorized_route?(controller, current_user_dossier)
|
||
redirect_to_root_path 'Le statut de votre dossier n\'autorise pas cette URL'
|
||
end
|
||
|
||
rescue ActiveRecord::RecordNotFound
|
||
redirect_to_root_path 'Vous n’avez pas accès à ce dossier.'
|
||
end
|
||
|
||
private
|
||
|
||
def redirect_to_root_path(message)
|
||
flash.alert = message
|
||
redirect_to url_for root_path
|
||
end
|
||
end
|