cartodb-4.42/app/controllers/carto/api/permissions_controller.rb

28 lines
738 B
Ruby
Raw Normal View History

2024-04-06 13:25:13 +08:00
class Carto::Api::PermissionsController < ::Api::ApplicationController
extend Carto::DefaultRescueFroms
ssl_required :update
def update
permission = Carto::Permission.where(id: params[:id]).first
return head(404) if permission.nil?
return head(401) unless permission.is_owner?(current_user)
begin
acl = params[:acl]
acl ||= []
permission.acl = acl.map(&:deep_symbolize_keys)
rescue CartoDB::PermissionError => e
log_error(exception: e)
return head(400)
end
permission.save!
render json: Carto::Api::PermissionPresenter.new(permission,
current_viewer: current_viewer, fetch_user_groups: true).to_poro
end
end