From aa8e6d1dba76d11a75842e73e61af03b8edf7545 Mon Sep 17 00:00:00 2001
From: "sosuke.iwabuchi" <sosuke.iwabuchi@satellite-tech.co.jp>
Date: Sun, 24 Mar 2024 15:28:41 +0900
Subject: [PATCH] =?UTF-8?q?=E6=88=90=E3=82=8A=E4=BB=A3=E3=82=8F=E3=82=8A?=
 =?UTF-8?q?=E5=87=A6=E7=90=86=E3=81=AE=E6=95=B4=E5=82=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Controllers/Web/Auth/LogoutController.php |  1 +
 .../Controllers/Web/Auth/SwitchController.php | 39 ++++++++
 .../Web/Auth/SwitchEndController.php          | 34 +++++++
 .../Controllers/Web/Auth/SwitchEndParam.php   |  9 ++
 app/Http/Controllers/Web/Auth/SwitchParam.php | 18 ++++
 app/Http/Controllers/Web/WebController.php    | 28 +-----
 app/Http/Kernel.php                           |  3 +-
 app/Http/Middleware/RoleMiddleware.php        | 38 ++++++++
 app/Sessions/SessionUser.php                  | 90 +++++++++++++++++--
 app/Util/RouteHelper.php                      | 15 ++++
 routes/api.php                                | 11 ++-
 11 files changed, 255 insertions(+), 31 deletions(-)
 create mode 100644 app/Http/Controllers/Web/Auth/SwitchController.php
 create mode 100644 app/Http/Controllers/Web/Auth/SwitchEndController.php
 create mode 100644 app/Http/Controllers/Web/Auth/SwitchEndParam.php
 create mode 100644 app/Http/Controllers/Web/Auth/SwitchParam.php
 create mode 100644 app/Http/Middleware/RoleMiddleware.php

diff --git a/app/Http/Controllers/Web/Auth/LogoutController.php b/app/Http/Controllers/Web/Auth/LogoutController.php
index 0bba922..b7d2ad1 100644
--- a/app/Http/Controllers/Web/Auth/LogoutController.php
+++ b/app/Http/Controllers/Web/Auth/LogoutController.php
@@ -28,6 +28,7 @@ class LogoutController extends WebController
     protected function run(Request $request): JsonResponse
     {
         Auth::logout();
+        $this->sessionUser->switchEnd();
         return $this->successResponse();
     }
 }
diff --git a/app/Http/Controllers/Web/Auth/SwitchController.php b/app/Http/Controllers/Web/Auth/SwitchController.php
new file mode 100644
index 0000000..d3ccdc5
--- /dev/null
+++ b/app/Http/Controllers/Web/Auth/SwitchController.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Http\Controllers\Web\Auth;
+
+use App\Http\Controllers\Web\WebController;
+use App\Models\User;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+
+class SwitchController extends WebController
+{
+
+    public function name(): string
+    {
+        return "成り代わり";
+    }
+
+    public function description(): string
+    {
+        return "成り代わりを行う";
+    }
+
+
+    public function __construct(protected SwitchParam $param)
+    {
+        parent::__construct();
+    }
+
+    protected function run(Request $request): JsonResponse
+    {
+        $param = $this->param;
+
+        $user = User::findOrFail($param->userId);
+
+        $this->sessionUser->switch($user);
+
+        return $this->successResponse();
+    }
+}
diff --git a/app/Http/Controllers/Web/Auth/SwitchEndController.php b/app/Http/Controllers/Web/Auth/SwitchEndController.php
new file mode 100644
index 0000000..a9ff6ca
--- /dev/null
+++ b/app/Http/Controllers/Web/Auth/SwitchEndController.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace App\Http\Controllers\Web\Auth;
+
+use App\Http\Controllers\Web\WebController;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+
+class SwitchEndController extends WebController
+{
+
+    public function name(): string
+    {
+        return "成り代わりを終了する";
+    }
+
+    public function description(): string
+    {
+        return "成り代わりを終了する";
+    }
+
+
+    public function __construct(protected SwitchParam $param)
+    {
+        parent::__construct();
+    }
+
+    protected function run(Request $request): JsonResponse
+    {
+        $this->sessionUser->switchEnd();
+
+        return $this->successResponse();
+    }
+}
diff --git a/app/Http/Controllers/Web/Auth/SwitchEndParam.php b/app/Http/Controllers/Web/Auth/SwitchEndParam.php
new file mode 100644
index 0000000..f5bd421
--- /dev/null
+++ b/app/Http/Controllers/Web/Auth/SwitchEndParam.php
@@ -0,0 +1,9 @@
+<?php
+
+namespace App\Http\Controllers\Web\Auth;
+
+use App\Http\Controllers\Web\NoneParams;
+
+class SwitchParam extends NoneParams
+{
+}
diff --git a/app/Http/Controllers/Web/Auth/SwitchParam.php b/app/Http/Controllers/Web/Auth/SwitchParam.php
new file mode 100644
index 0000000..8e974f6
--- /dev/null
+++ b/app/Http/Controllers/Web/Auth/SwitchParam.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace App\Http\Controllers\Web\Auth;
+
+use App\Http\Controllers\Web\BaseParam;
+
+/**
+ * @property string userId
+ */
+class SwitchParam extends BaseParam
+{
+    public function rules(): array
+    {
+        return [
+            'user_id' => $this->str(),
+        ];
+    }
+}
diff --git a/app/Http/Controllers/Web/WebController.php b/app/Http/Controllers/Web/WebController.php
index 733b281..2ff7eeb 100644
--- a/app/Http/Controllers/Web/WebController.php
+++ b/app/Http/Controllers/Web/WebController.php
@@ -8,6 +8,7 @@ use App\Codes\UserRole;
 use App\Exceptions\AppCommonException;
 use App\Exceptions\ExclusiveException;
 use App\Exceptions\GeneralErrorMessageException;
+use App\Sessions\SessionUser;
 use App\Util\DBUtil;
 use Exception;
 use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
@@ -79,6 +80,8 @@ abstract class WebController extends BaseController
 
     protected DBUtil $transaction;
 
+    protected SessionUser $sessionUser;
+
     /**
      * 返却する結果コード
      *
@@ -89,6 +92,7 @@ abstract class WebController extends BaseController
     public function __construct()
     {
         $this->transaction = DBUtil::instance();
+        $this->sessionUser = SessionUser::instance();
     }
 
 
@@ -168,8 +172,6 @@ abstract class WebController extends BaseController
             $this->validated = $validator->validated();
             $this->getParam()->setData($this->validated);
 
-            $this->authorize();
-
             $this->transaction->beginTransaction();
             $ret =  $this->run($request);
 
@@ -326,28 +328,6 @@ abstract class WebController extends BaseController
         return $header;
     }
 
-    // 以下　認可関係
-    protected array|null $roleAllow = null;
-    protected array|null $roleDisallow = null;
-    protected array|null $customAllow = null;
-
-    protected function roleAllow(UserRole $role)
-    {
-        $this->roleAllow = [];
-        foreach (UserRole::cases() as $ele) {
-            if ($role->value <= $ele->value) {
-                $this->roleAllow[] = $ele;
-            }
-        }
-    }
-
-    private function authorize()
-    {
-        if (!Auth::check()) {
-            return;
-        }
-    }
-
     // 返却用データの登録
     protected function setEmailId(int $emailId)
     {
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 494c050..0d820b2 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -40,7 +40,7 @@ class Kernel extends HttpKernel
 
         'api' => [
             // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
-            \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
+            \Illuminate\Routing\Middleware\ThrottleRequests::class . ':api',
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
         ],
     ];
@@ -64,5 +64,6 @@ class Kernel extends HttpKernel
         'signed' => \App\Http\Middleware\ValidateSignature::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
+        'role' => \App\Http\Middleware\RoleMiddleware::class,
     ];
 }
diff --git a/app/Http/Middleware/RoleMiddleware.php b/app/Http/Middleware/RoleMiddleware.php
new file mode 100644
index 0000000..b74e413
--- /dev/null
+++ b/app/Http/Middleware/RoleMiddleware.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Codes\UserRole;
+use App\Sessions\SessionUser;
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class RoleMiddleware
+{
+
+    public function __construct(private SessionUser $sessionUser)
+    {
+    }
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next, string $rolesStr): Response
+    {
+        $allowRoles = [];
+
+        foreach (explode(",", $rolesStr) as $roleSrt) {
+            $role = UserRole::from($roleSrt);
+            $allowRoles[] = $role;
+        }
+
+
+        if (in_array($this->sessionUser->user()->role, $allowRoles, true) === false) {
+            abort(403);
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Sessions/SessionUser.php b/app/Sessions/SessionUser.php
index a0e1f54..be293a0 100644
--- a/app/Sessions/SessionUser.php
+++ b/app/Sessions/SessionUser.php
@@ -2,20 +2,100 @@
 
 namespace App\Sessions;
 
+use App\Codes\UserRole;
+use App\Exceptions\AppCommonException;
 use App\Features\InstanceAble;
+use App\Models\HtpmsCustomer\HtpmsCustomerConnectionSwitch;
+use App\Models\User;
+use Illuminate\Auth\AuthenticationException;
 use Illuminate\Support\Facades\Auth;
-use Illuminate\Validation\UnauthorizedException;
+use Illuminate\Support\Facades\Session;
+use LogicException;
 
 class SessionUser
 {
     use InstanceAble;
 
-    public function user()
+    private const KEY_成り代わりログインユーザーID = "KEY_成り代わりログインユーザーID";
+
+    private User|null $user;
+    private bool $isSwtiched = false;
+
+    public function __construct()
+    {
+        // 認証していない場合はスキップ
+        $this->user = Auth::user();
+        if ($this->user === null) {
+            return;
+        }
+
+        $userId = Session::get($this->getStoreKey(self::KEY_成り代わりログインユーザーID));
+
+        if ($userId === null) {
+            return;
+        }
+
+        $user = User::find($userId);
+
+        if ($user) {
+            $this->user = $user;
+            if ($user->customer_id) {
+                HtpmsCustomerConnectionSwitch::switch($user->customer_id);
+                $this->isSwtiched = true;
+            }
+        } else {
+            logger("無効な成り代わり 破棄");
+            $this->switchEnd();
+        }
+    }
+
+    public function switch(User $targetUser): void
     {
         $user = Auth::user();
-        if ($user === null) {
-            throw new UnauthorizedException();
+        if ($user === null) throw new AuthenticationException();
+
+        // 成り代わりできるかパターンチェック
+        if ($user->role === UserRole::ADMIN) {
+            if (in_array($targetUser->role, [UserRole::CUSTOMER, UserRole::SHOP], true) === false) {
+                throw new LogicException("不適切な成り代わり");
+            }
+        } else if ($user->role === UserRole::CUSTOMER) {
+            if (in_array($targetUser->role, [UserRole::SHOP], true) === false) {
+                throw new LogicException("不適切な成り代わり");
+            }
+        } else {
+            throw new LogicException("不適切な成り代わり");
+        }
+
+        // 顧客IDチェック
+        if ($targetUser->customer_id === null) {
+            throw new AppCommonException("顧客IDがnullのため成り代わり不可");
         }
-        return $user;
+
+
+        Session::put($this->getStoreKey(self::KEY_成り代わりログインユーザーID), $targetUser->id);
+        HtpmsCustomerConnectionSwitch::switch($targetUser->customer_id);
+        $this->isSwtiched = true;
+    }
+
+    public function switchEnd()
+    {
+        $this->isSwtiched = false;
+        Session::remove($this->getStoreKey(self::KEY_成り代わりログインユーザーID));
+    }
+
+    public function user(): ?User
+    {
+        return $this->user ?? Auth::user();
+    }
+
+    public function isSwtiched(): bool
+    {
+        return $this->isSwtiched;
+    }
+
+    private function getStoreKey(string $key): string
+    {
+        return sprintf("%s-%s", self::class, $key);
     }
 }
diff --git a/app/Util/RouteHelper.php b/app/Util/RouteHelper.php
index ec50a5e..2da683d 100644
--- a/app/Util/RouteHelper.php
+++ b/app/Util/RouteHelper.php
@@ -2,6 +2,7 @@
 
 namespace App\Util;
 
+use App\Codes\UserRole;
 use Illuminate\Support\Facades\Route;
 use Illuminate\Support\Str;
 
@@ -43,4 +44,18 @@ class RouteHelper
     {
         return Str::replaceFirst('/api', '', $route);
     }
+
+    /**
+     * @param UserRole[] $roles
+     */
+    static public function role(array $roles): string
+    {
+        $rolesStrArr  = [];
+
+        foreach ($roles as $role) {
+            $rolesStrArr[] = $role->value;
+        }
+
+        return "role:" . implode(",", $rolesStrArr);
+    }
 }
diff --git a/routes/api.php b/routes/api.php
index 2b83200..685d0c1 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -1,5 +1,6 @@
 <?php
 
+use App\Codes\UserRole;
 use App\Util\RouteHelper;
 use Illuminate\Support\Facades\Route;
 
@@ -15,10 +16,18 @@ use Illuminate\Support\Facades\Route;
 */
 
 RouteHelper::post('/login', App\Http\Controllers\Web\Auth\LoginController::class);
-RouteHelper::get('/logout', App\Http\Controllers\Web\Auth\LogoutController::class);
 RouteHelper::get('/me', App\Http\Controllers\Web\Auth\MeController::class);
+RouteHelper::get('/logout', App\Http\Controllers\Web\Auth\LogoutController::class);
 
 RouteHelper::get('/qr-service/get-ticket', App\Http\Controllers\Web\QRService\CreateTicketController::class);
 
 Route::middleware('auth:sanctum')->group(function () {
+
+    Route::middleware(RouteHelper::role([UserRole::ADMIN]))->group(function () {
+    });
+
+    Route::middleware(RouteHelper::role([UserRole::ADMIN, UserRole::CUSTOMER]))->group(function () {
+        RouteHelper::post('/role/switch', App\Http\Controllers\Web\Auth\SwitchController::class);
+        RouteHelper::get('/role/switch/end', App\Http\Controllers\Web\Auth\SwitchEndController::class);
+    });
 });