/** * * @Route("/api/save-rights") * * @param Request $request */ public function saveRightsAction(Request $request) { $return = []; try { $token = $this->getOwnerTokenFromCode($request->get('code')); $manager = $this->getDoctrine()->getManager(); $rights = $request->get('rights'); if (!is_array($rights) || empty($rights)) { $rights = []; } $menu = new MenuList($this->getTranslator(), $this->getCharacters($this->getAccount($token))); $allowedRights = array_keys($menu->getRights()); $allowedRights[] = 'other.limit_characters'; $allowedRights[] = 'other.disable_statistics'; $sanitizedRights = []; foreach ($rights as $right) { if (in_array($right, $allowedRights)) { $sanitizedRights[] = $right; } } $token->setRights($sanitizedRights); $manager->persist($token); $manager->flush(); if ($token->hasRight('other.disable_statistics') && $token->isValid()) { $stats = new Statistics($this, $this->getAccount($token)); $stats->removeStatistics(); } $return['ok'] = true; $return['message'] = $this->trans('global.saved_preferences'); } catch (\Exception $ex) { $return['error'] = $ex->getMessage(); } return new JsonResponse($return); }