app/controllers/tickets_controller.rb

@@ -3,7 +3,7 @@
 # This controller now primarily handles legacy redirects and backward compatibility
 # Most ticket creation functionality has been moved to OrdersController
 class TicketsController < ApplicationController
-  before_action :authenticate_user!, only: [ :payment_success, :payment_cancel, :show, :download_ticket ]
+  before_action :authenticate_user!, only: [ :payment_success, :payment_cancel, :show, :download ]
   before_action :set_event, only: [ :checkout, :retry_payment ]
 
 
@@ -50,17 +50,9 @@ class TicketsController < ApplicationController
 
   # Display ticket details
   def show
-    # Try to find by qr_code first (for backward compatibility)
-    if params[:qr_code].present?
-      @ticket = Ticket.joins(order: :user).includes(:event, :ticket_type, order: :user)
-        .find_by(tickets: { qr_code: params[:qr_code] })
-    else
-      # Find by ticket_id with user ownership check
-      @ticket = Ticket.joins(order: :user).includes(:event, :ticket_type, order: :user).find_by(
-        tickets: { id: params[:ticket_id] },
-        orders: { user_id: current_user.id }
-      )
-    end
+    # Find ticket by qr code id
+    @ticket = Ticket.joins(order: :user).includes(:event, :ticket_type, order: :user)
+      .find_by(tickets: { qr_code: params[:qr_code] })
 
     if @ticket.nil?
       redirect_to dashboard_path, alert: "Billet non trouvé"
@@ -74,12 +66,10 @@ class TicketsController < ApplicationController
   # Download PDF ticket - only accessible by ticket owner
   # User must be authenticated to download ticket
   # TODO: change ID to an unique identifier (UUID)
-  def download_ticket
-    # Find ticket and ensure it belongs to current user
-    @ticket = Ticket.joins(order: :user).includes(:event, :ticket_type, order: :user).find_by(
-      tickets: { id: params[:ticket_id] },
-      orders: { user_id: current_user.id }
-    )
+  def download
+    # Find ticket by qr code id
+    @ticket = Ticket.joins(order: :user).includes(:event, :ticket_type, order: :user)
+      .find_by(tickets: { qr_code: params[:qr_code] })
 
     if @ticket.nil?
       redirect_to dashboard_path, alert: "Billet non trouvé ou vous n'avez pas l'autorisation d'accéder à ce billet"

app/views/tickets/show.html.erb

@@ -159,7 +159,7 @@
             <% end %>
 
             <% if @ticket.status == 'active' %>
-              <%= link_to download_ticket_path(@ticket.id),
+              <%= link_to ticket_download_path(@ticket.qr_code),
                           class: "flex-1 bg-gradient-to-r from-purple-600 to-indigo-600 hover:from-purple-700 hover:to-indigo-700 text-white font-medium py-3 px-6 rounded-xl shadow-sm transition-all duration-200 focus:outline-none focus:ring-2 focus:ring-purple-500 focus:ring-offset-2 transform hover:-translate-y-0.5 text-center" do %>
                 <svg class="w-4 h-4 inline-block mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                   <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 10v6m0 0l-3-3m3 3l3-3m2 8H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z"/>

config/routes.rb

@@ -61,9 +61,8 @@ Rails.application.routes.draw do
 
   # === Tickets ===
   # Support both ticket_id and qr_code for backward compatibility
-  get   "tickets/:qr_code", to: "tickets#show", as: "ticket", constraints: { qr_code: /[^\/]+/ }
-  get   "tickets/:ticket_id", to: "tickets#show", as: "ticket_by_id"
-  get   "tickets/:ticket_id/download", to: "tickets#download_ticket", as: "download_ticket"
+  get   "tickets/:qr_code", to: "tickets#show", as: "ticket"
+  get   "tickets/:qr_code/download", to: "tickets#download", as: "ticket_download"
 
   # === Promoter Routes ===
   namespace :promoter do