/**
*
* @Route("/api/save-rights")
*
* @param Request $request
*/
public function saveRightsAction(Request $request)
{
$return = [];
try {
$token = $this->getOwnerTokenFromCode($request->get('code'));
$manager = $this->getDoctrine()->getManager();
$rights = $request->get('rights');
if (!is_array($rights) || empty($rights)) {
$rights = [];
}
$menu = new MenuList($this->getTranslator(), $this->getCharacters($this->getAccount($token)));
$allowedRights = array_keys($menu->getRights());
$allowedRights[] = 'other.limit_characters';
$allowedRights[] = 'other.disable_statistics';
$sanitizedRights = [];
foreach ($rights as $right) {
if (in_array($right, $allowedRights)) {
$sanitizedRights[] = $right;
}
}
$token->setRights($sanitizedRights);
$manager->persist($token);
$manager->flush();
if ($token->hasRight('other.disable_statistics') && $token->isValid()) {
$stats = new Statistics($this, $this->getAccount($token));
$stats->removeStatistics();
}
$return['ok'] = true;
$return['message'] = $this->trans('global.saved_preferences');
} catch (\Exception $ex) {
$return['error'] = $ex->getMessage();
}
return new JsonResponse($return);
}
