From 753c15bac87a04b690f59daf86f66168618756c8 Mon Sep 17 00:00:00 2001 From: "sosuke.iwabuchi" Date: Mon, 31 Jul 2023 13:40:49 +0900 Subject: [PATCH] =?UTF-8?q?=E3=83=91=E3=82=B9=E3=83=AF=E3=83=BC=E3=83=89?= =?UTF-8?q?=E5=A4=89=E6=9B=B4=E3=83=AD=E3=82=B8=E3=83=83=E3=82=AF=E4=BF=AE?= =?UTF-8?q?=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../LoginUser/ChangePasswordController.php | 28 +++++++-- .../Web/LoginUser/LoginUsersController.php | 11 +++- app/Logic/User/AdminUserManager.php | 14 +++-- app/Logic/User/UserManager.php | 59 ++++++++++++++++++- app/Models/Ex/LoginUser.php | 2 + app/Repositories/LoginUserRepository.php | 12 +++- 6 files changed, 111 insertions(+), 15 deletions(-) diff --git a/app/Http/Controllers/Web/LoginUser/ChangePasswordController.php b/app/Http/Controllers/Web/LoginUser/ChangePasswordController.php index d7aec65..48d050b 100644 --- a/app/Http/Controllers/Web/LoginUser/ChangePasswordController.php +++ b/app/Http/Controllers/Web/LoginUser/ChangePasswordController.php @@ -8,7 +8,10 @@ use App\Exceptions\ExclusiveException; use App\Features\LoginUser; use App\Http\Controllers\Web\IParam; use App\Http\Controllers\Web\WebController; +use App\Logic\User\AdminUserManager; use App\Logic\User\LoginUserManager; +use App\Logic\User\UserManager; +use App\Models\User; use App\Repositories\LoginUserRepository; use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; @@ -19,6 +22,8 @@ class ChangePasswordController extends WebController use LoginUser; + private UserManager $manager; + public function name(): string { return "ログインユーザーパスワード変更"; @@ -31,7 +36,6 @@ class ChangePasswordController extends WebController public function __construct( protected ChangePasswordParam $param, - private LoginUserManager $manager ) { parent::__construct(); $this->roleAllow(UserRole::NORMAL_ADMIN); @@ -46,19 +50,31 @@ class ChangePasswordController extends WebController { $param = $this->param; + $targetUserId = $this->getTartgetUserId(); + $targetUser = User::findOrFail($targetUserId); try { $this->transaction->beginTransaction(); $currentContract = $this->loginUser()->getCurrentContract(); - if (!$currentContract) { + if (!$currentContract && $this->loginUser()->user()->role !== UserRole::SUPER_ADMIN) { throw new AppCommonException("認証不正"); } - $this->manager->initForModify($currentContract, $this->getTartgetUserId()); + $this->manager = UserManager::getManager($targetUser); + if ($currentContract) { + $this->manager->initForModify($currentContract, $targetUserId); + } else { + $this->manager->initForModifyAdmin($targetUserId); + } if (!$this->param->checkTimestamp($this->manager->getTimestamp())) { + logger(sprintf( + "request:%s origin:%s", + $this->param->timestamp->format('Y/m/d H:i:s'), + $this->manager->getTimestamp()->format(('Y/m/d H:i:s')) + )); throw new ExclusiveException(); } @@ -82,7 +98,11 @@ class ChangePasswordController extends WebController private function getTartgetUserId(): string { - + /* + 変更対象のユーザーIDを指定できるのは管理者のみとする + 管理者以外が指定した場合はNG + 指定しない場合は自身を変更対象とする + */ $loginUserRole = $this->loginUser()->user()->role; if ($this->param->id !== null) { if ($loginUserRole === UserRole::CONTRACT_ADMIN || $loginUserRole === UserRole::SUPER_ADMIN) { diff --git a/app/Http/Controllers/Web/LoginUser/LoginUsersController.php b/app/Http/Controllers/Web/LoginUser/LoginUsersController.php index 283aea2..a08eff7 100644 --- a/app/Http/Controllers/Web/LoginUser/LoginUsersController.php +++ b/app/Http/Controllers/Web/LoginUser/LoginUsersController.php @@ -10,6 +10,7 @@ use App\Http\Controllers\Web\WebController; use App\Repositories\LoginUserRepository; use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; +use Illuminate\Support\Arr; class LoginUsersController extends WebController { @@ -31,7 +32,7 @@ class LoginUsersController extends WebController private LoginUserRepository $repository ) { parent::__construct(); - $this->roleAllow(UserRole::CONTRACT_ADMIN); + $this->roleAllow(UserRole::NORMAL_ADMIN); } protected function getParam(): IParam @@ -43,8 +44,10 @@ class LoginUsersController extends WebController { $param = $this->param; + $role = $this->loginUser()->user()->role; + $currentContractId = $this->loginUser()->getCurrentContractId(); - if (!$currentContractId) { + if (!$currentContractId && $role !== UserRole::SUPER_ADMIN) { throw new AppCommonException("認証不正"); } @@ -53,6 +56,10 @@ class LoginUsersController extends WebController LoginUserRepository::CONDITION_CONTRACT_ID => $currentContractId, ]; + if ($role === UserRole::NORMAL_ADMIN) { + Arr::add($condition, LoginUserRepository::CONDITION_ID, $this->loginUser()->user()->id); + } + $list = $this->repository->get($condition); diff --git a/app/Logic/User/AdminUserManager.php b/app/Logic/User/AdminUserManager.php index 2f9731a..1102dbf 100644 --- a/app/Logic/User/AdminUserManager.php +++ b/app/Logic/User/AdminUserManager.php @@ -9,14 +9,20 @@ use LogicException; class AdminUserManager extends UserManager { - public function initForCreateAdmin() + /** + * @override + */ + public function initForCreateAdmin(): static { $this->setUser(null); $this->initialized = true; return $this; } - public function initForModifyAdmin(string|User $userId) + /** + * @override + */ + public function initForModifyAdmin(string|User $userId): static { $this->setUser($userId); $this->initialized = true; @@ -26,7 +32,7 @@ class AdminUserManager extends UserManager /** * @override */ - public function initForCreate(string|Contract $contractId) + public function initForCreate(string|Contract $contractId): static { throw new LogicException("不許可な関数アクセス"); } @@ -34,7 +40,7 @@ class AdminUserManager extends UserManager /** * @override */ - public function initForModify(string|Contract $contractId, string|User $userId) + public function initForModify(string|Contract $contractId, string|User $userId): static { throw new LogicException("不許可な関数アクセス"); } diff --git a/app/Logic/User/UserManager.php b/app/Logic/User/UserManager.php index 4387dd3..07d8fc8 100644 --- a/app/Logic/User/UserManager.php +++ b/app/Logic/User/UserManager.php @@ -3,7 +3,10 @@ namespace App\Logic\User; use App\Codes\UserRole; +use App\Exceptions\AppCommonException; +use App\Features\InstanceAble; use App\Models\Contract; +use App\Models\Ex\LoginUser; use App\Models\User; use Illuminate\Support\Carbon; use Illuminate\Support\Facades\Hash; @@ -13,11 +16,40 @@ use LogicException; abstract class UserManager { + use InstanceAble; + + static public function getManager(User $user): static + { + $loginUser = LoginUser::instance()->user(); + + if ($user->role === UserRole::SUPER_ADMIN) { + if ($loginUser->role === UserRole::SUPER_ADMIN) { + return AdminUserManager::instance(); + } + throw new AppCommonException("認可不良"); + } + if ($user->role === UserRole::CONTRACT_ADMIN) { + if (UserRole::CONTRACT_ADMIN->value <= $loginUser->role->value) { + return ContractAdminUserManager::instance(); + } + throw new AppCommonException("認可不良"); + } + if ($user->role === UserRole::NORMAL_ADMIN) { + if (UserRole::NORMAL_ADMIN->value <= $loginUser->role->value) { + return LoginUserManager::instance(); + } + throw new AppCommonException("認可不良"); + } + + throw new LogicException("未定義ロール"); + } + + protected bool $initialized = false; protected ?User $user = null; protected ?Contract $contract = null; - public function initForCreate(string|Contract $contractId) + public function initForCreate(string|Contract $contractId): static { $this->setContract($contractId); $this->setUser(null); @@ -25,7 +57,12 @@ abstract class UserManager return $this; } - public function initForModify(string|Contract $contractId, string|User $userId) + public function initForCreateAdmin(): static + { + throw new LogicException("不許可な関数アクセス"); + } + + public function initForModify(string|Contract $contractId, string|User $userId): static { $this->setContract($contractId); $this->setUser($userId); @@ -33,11 +70,25 @@ abstract class UserManager return $this; } + public function initForModifyAdmin(string|User $userId): static + { + throw new LogicException("不許可な関数アクセス"); + } + public function getTimestamp(): Carbon { if (!$this->initialized) { throw new LogicException("初期化不正"); } + + if ($this->user === null) { + throw new LogicException("初期化不正"); + } + + if ($this->contract === null) { + return $this->user->updated_at; + } + return $this->user->updated_at < $this->contract->updated_at ? $this->contract->updated_at : $this->user->updated_at; } @@ -120,7 +171,9 @@ abstract class UserManager $this->checkEmailUnique($messages); $this->passwordEncrypto($messages); - $this->user->role = $this->role(); + if ($this->user->isDirty(User::COL_NAME_ROLE)) { + $this->user->role = $this->role(); + } return $messages; } diff --git a/app/Models/Ex/LoginUser.php b/app/Models/Ex/LoginUser.php index a6f273b..d10efc9 100644 --- a/app/Models/Ex/LoginUser.php +++ b/app/Models/Ex/LoginUser.php @@ -3,6 +3,7 @@ namespace App\Models\Ex; use App\Codes\UserRole; +use App\Features\InstanceAble; use App\Models\ColumnName; use App\Models\Contract; use App\Models\User; @@ -15,6 +16,7 @@ class LoginUser { private const SESSION_KEY_CURERNT_CONTRACT_ID = self::class . "/SESSION_KEY_CURERNT_CONTRACT_ID"; + use InstanceAble; public function __construct( private User $user, diff --git a/app/Repositories/LoginUserRepository.php b/app/Repositories/LoginUserRepository.php index ff05d0c..3c4bd04 100644 --- a/app/Repositories/LoginUserRepository.php +++ b/app/Repositories/LoginUserRepository.php @@ -2,6 +2,7 @@ namespace App\Repositories; +use App\Codes\UserRole; use App\Models\Contract; use App\Models\User; use App\Repositories\BaseRepository; @@ -33,7 +34,7 @@ class LoginUserRepository extends BaseRepository { $table = User::getBuilder(static::TABLE_USER); - $table->joinSub(Contract::getBuilder(), static::TABLE_CONTRACT, function (JoinClause $join) { + $table->leftJoinSub(Contract::getBuilder(), static::TABLE_CONTRACT, function (JoinClause $join) { $join->on( $this->makeColumnName([static::TABLE_USER, User::COL_NAME_CONTRACT_ID]), $this->makeColumnName([static::TABLE_CONTRACT, Contract::COL_NAME_ID]) @@ -56,7 +57,14 @@ class LoginUserRepository extends BaseRepository $table->where($this->makeColumnName([static::TABLE_USER, User::COL_NAME_EMAIL]), 'like', "%{$email}%"); } // 契約ID - $this->where($table, $condition, static::CONDITION_CONTRACT_ID, $this->makeColumnName([static::TABLE_USER, User::COL_NAME_CONTRACT_ID])); + $contractId = data_get($condition, static::CONDITION_CONTRACT_ID); + if ($contractId) { + $this->where($table, $condition, static::CONDITION_CONTRACT_ID, $this->makeColumnName([static::TABLE_USER, User::COL_NAME_CONTRACT_ID])); + } else { + // スーパー管理者 + $table->where($this->makeColumnName([static::TABLE_USER, User::COL_NAME_ROLE]), UserRole::SUPER_ADMIN); + $table->whereNull($this->makeColumnName([static::TABLE_USER, User::COL_NAME_CONTRACT_ID])); + } $table->select($this->columns());