module Scrivito
  class SessionsController < WebserviceController
    def update
      @session = fetch_session(params.fetch(:id))
    end

    private

    def fetch_session(id)
      payload = {
        session: {
          role: 'editor',
          user_id: scrivito_user.id,
          permissions: permissions(scrivito_user),
        }
      }

      CmsRestApi.task_unaware_request(:put, "sessions/#{id}", payload)
    end

    def permissions(user)
      Hash[user.explicit_rules.map do |permission, verb, _, _|
        [verb, permission.to_s]
      end]
    end
  end
end