app/controllers/landable/api/access_tokens_controller.rb in landable-1.13.2 vs app/controllers/landable/api/access_tokens_controller.rb in landable-1.14.0
- old
+ new
@@ -9,13 +9,16 @@
respond_with find_own_access_token
end
def create
ident = AuthenticationService.call(asset_token_params[:username], asset_token_params[:password])
+
author = RegistrationService.call(ident)
- respond_with AccessToken.create!(author: author), status: :created
+ permissions = determine_permissions(ident[:groups])
+
+ respond_with AccessToken.create!(author: author, permissions: permissions), status: :created
rescue Landable::AuthenticationFailedError
head :unauthorized
end
def update
@@ -39,9 +42,24 @@
current_author.access_tokens.fresh.find(id)
end
def asset_token_params
params.require(:access_token).permit(:username, :password)
+ end
+
+ def determine_permissions(user_groups)
+ yaml_groups = Landable.configuration['ldap'][:permissions]
+ permissions_groups = user_groups.select { |group| yaml_groups.include?(group) }
+
+ user_permissions = {}
+ permissions_groups.each do |group|
+ group_permissions = yaml_groups[group].keys
+ group_permissions.each do |perm|
+ user_permissions[perm] ||= yaml_groups[group][perm]
+ end
+ end
+
+ user_permissions
end
end
end
end