sosuke.iwabuchi
/
SATE-EasyReceipt
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
浏览代码

パスワード変更ロジック修正

develop
sosuke.iwabuchi 2 年前
父节点
1a50e3a22b
当前提交
753c15bac8
共有 6 个文件被更改,包括 111 次插入15 次删除
分列视图
Diff 选项
显示统计 下载 Patch 文件 下载 Diff 文件
  1. +24
    -4
      app/Http/Controllers/Web/LoginUser/ChangePasswordController.php
  2. +9
    -2
      app/Http/Controllers/Web/LoginUser/LoginUsersController.php
  3. +10
    -4
      app/Logic/User/AdminUserManager.php
  4. +56
    -3
      app/Logic/User/UserManager.php
  5. +2
    -0
      app/Models/Ex/LoginUser.php
  6. +10
    -2
      app/Repositories/LoginUserRepository.php

+ 24
- 4
app/Http/Controllers/Web/LoginUser/ChangePasswordController.php 查看文件

@@ -8,7 +8,10 @@ use App\Exceptions\ExclusiveException;
use App\Features\LoginUser;
use App\Http\Controllers\Web\IParam;
use App\Http\Controllers\Web\WebController;
use App\Logic\User\AdminUserManager;
use App\Logic\User\LoginUserManager;
use App\Logic\User\UserManager;
use App\Models\User;
use App\Repositories\LoginUserRepository;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
@@ -19,6 +22,8 @@ class ChangePasswordController extends WebController

use LoginUser;

private UserManager $manager;

public function name(): string
{
return "ログインユーザーパスワード変更";
@@ -31,7 +36,6 @@ class ChangePasswordController extends WebController

public function __construct(
protected ChangePasswordParam $param,
private LoginUserManager $manager
) {
parent::__construct();
$this->roleAllow(UserRole::NORMAL_ADMIN);
@@ -46,19 +50,31 @@ class ChangePasswordController extends WebController
{
$param = $this->param;

$targetUserId = $this->getTartgetUserId();
$targetUser = User::findOrFail($targetUserId);

try {
$this->transaction->beginTransaction();


$currentContract = $this->loginUser()->getCurrentContract();
if (!$currentContract) {
if (!$currentContract && $this->loginUser()->user()->role !== UserRole::SUPER_ADMIN) {
throw new AppCommonException("認証不正");
}

$this->manager->initForModify($currentContract, $this->getTartgetUserId());
$this->manager = UserManager::getManager($targetUser);
if ($currentContract) {
$this->manager->initForModify($currentContract, $targetUserId);
} else {
$this->manager->initForModifyAdmin($targetUserId);
}

if (!$this->param->checkTimestamp($this->manager->getTimestamp())) {
logger(sprintf(
"request:%s origin:%s",
$this->param->timestamp->format('Y/m/d H:i:s'),
$this->manager->getTimestamp()->format(('Y/m/d H:i:s'))
));
throw new ExclusiveException();
}

@@ -82,7 +98,11 @@ class ChangePasswordController extends WebController

private function getTartgetUserId(): string
{

/*
変更対象のユーザーIDを指定できるのは管理者のみとする
管理者以外が指定した場合はNG
指定しない場合は自身を変更対象とする
*/
$loginUserRole = $this->loginUser()->user()->role;
if ($this->param->id !== null) {
if ($loginUserRole === UserRole::CONTRACT_ADMIN || $loginUserRole === UserRole::SUPER_ADMIN) {


+ 9
- 2
app/Http/Controllers/Web/LoginUser/LoginUsersController.php 查看文件

@@ -10,6 +10,7 @@ use App\Http\Controllers\Web\WebController;
use App\Repositories\LoginUserRepository;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Arr;

class LoginUsersController extends WebController
{
@@ -31,7 +32,7 @@ class LoginUsersController extends WebController
private LoginUserRepository $repository
) {
parent::__construct();
$this->roleAllow(UserRole::CONTRACT_ADMIN);
$this->roleAllow(UserRole::NORMAL_ADMIN);
}

protected function getParam(): IParam
@@ -43,8 +44,10 @@ class LoginUsersController extends WebController
{
$param = $this->param;

$role = $this->loginUser()->user()->role;

$currentContractId = $this->loginUser()->getCurrentContractId();
if (!$currentContractId) {
if (!$currentContractId && $role !== UserRole::SUPER_ADMIN) {
throw new AppCommonException("認証不正");
}

@@ -53,6 +56,10 @@ class LoginUsersController extends WebController
LoginUserRepository::CONDITION_CONTRACT_ID => $currentContractId,
];

if ($role === UserRole::NORMAL_ADMIN) {
Arr::add($condition, LoginUserRepository::CONDITION_ID, $this->loginUser()->user()->id);
}

$list = $this->repository->get($condition);




+ 10
- 4
app/Logic/User/AdminUserManager.php 查看文件

@@ -9,14 +9,20 @@ use LogicException;

class AdminUserManager extends UserManager
{
public function initForCreateAdmin()
/**
* @override
*/
public function initForCreateAdmin(): static
{
$this->setUser(null);
$this->initialized = true;
return $this;
}

public function initForModifyAdmin(string|User $userId)
/**
* @override
*/
public function initForModifyAdmin(string|User $userId): static
{
$this->setUser($userId);
$this->initialized = true;
@@ -26,7 +32,7 @@ class AdminUserManager extends UserManager
/**
* @override
*/
public function initForCreate(string|Contract $contractId)
public function initForCreate(string|Contract $contractId): static
{
throw new LogicException("不許可な関数アクセス");
}
@@ -34,7 +40,7 @@ class AdminUserManager extends UserManager
/**
* @override
*/
public function initForModify(string|Contract $contractId, string|User $userId)
public function initForModify(string|Contract $contractId, string|User $userId): static
{
throw new LogicException("不許可な関数アクセス");
}


+ 56
- 3
app/Logic/User/UserManager.php 查看文件

@@ -3,7 +3,10 @@
namespace App\Logic\User;

use App\Codes\UserRole;
use App\Exceptions\AppCommonException;
use App\Features\InstanceAble;
use App\Models\Contract;
use App\Models\Ex\LoginUser;
use App\Models\User;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Hash;
@@ -13,11 +16,40 @@ use LogicException;
abstract class UserManager
{

use InstanceAble;

static public function getManager(User $user): static
{
$loginUser = LoginUser::instance()->user();

if ($user->role === UserRole::SUPER_ADMIN) {
if ($loginUser->role === UserRole::SUPER_ADMIN) {
return AdminUserManager::instance();
}
throw new AppCommonException("認可不良");
}
if ($user->role === UserRole::CONTRACT_ADMIN) {
if (UserRole::CONTRACT_ADMIN->value <= $loginUser->role->value) {
return ContractAdminUserManager::instance();
}
throw new AppCommonException("認可不良");
}
if ($user->role === UserRole::NORMAL_ADMIN) {
if (UserRole::NORMAL_ADMIN->value <= $loginUser->role->value) {
return LoginUserManager::instance();
}
throw new AppCommonException("認可不良");
}

throw new LogicException("未定義ロール");
}


protected bool $initialized = false;
protected ?User $user = null;
protected ?Contract $contract = null;

public function initForCreate(string|Contract $contractId)
public function initForCreate(string|Contract $contractId): static
{
$this->setContract($contractId);
$this->setUser(null);
@@ -25,7 +57,12 @@ abstract class UserManager
return $this;
}

public function initForModify(string|Contract $contractId, string|User $userId)
public function initForCreateAdmin(): static
{
throw new LogicException("不許可な関数アクセス");
}

public function initForModify(string|Contract $contractId, string|User $userId): static
{
$this->setContract($contractId);
$this->setUser($userId);
@@ -33,11 +70,25 @@ abstract class UserManager
return $this;
}

public function initForModifyAdmin(string|User $userId): static
{
throw new LogicException("不許可な関数アクセス");
}

public function getTimestamp(): Carbon
{
if (!$this->initialized) {
throw new LogicException("初期化不正");
}

if ($this->user === null) {
throw new LogicException("初期化不正");
}

if ($this->contract === null) {
return $this->user->updated_at;
}

return $this->user->updated_at < $this->contract->updated_at ? $this->contract->updated_at : $this->user->updated_at;
}

@@ -120,7 +171,9 @@ abstract class UserManager
$this->checkEmailUnique($messages);
$this->passwordEncrypto($messages);

$this->user->role = $this->role();
if ($this->user->isDirty(User::COL_NAME_ROLE)) {
$this->user->role = $this->role();
}

return $messages;
}


+ 2
- 0
app/Models/Ex/LoginUser.php 查看文件

@@ -3,6 +3,7 @@
namespace App\Models\Ex;

use App\Codes\UserRole;
use App\Features\InstanceAble;
use App\Models\ColumnName;
use App\Models\Contract;
use App\Models\User;
@@ -15,6 +16,7 @@ class LoginUser
{
private const SESSION_KEY_CURERNT_CONTRACT_ID = self::class . "/SESSION_KEY_CURERNT_CONTRACT_ID";

use InstanceAble;

public function __construct(
private User $user,


+ 10
- 2
app/Repositories/LoginUserRepository.php 查看文件

@@ -2,6 +2,7 @@

namespace App\Repositories;

use App\Codes\UserRole;
use App\Models\Contract;
use App\Models\User;
use App\Repositories\BaseRepository;
@@ -33,7 +34,7 @@ class LoginUserRepository extends BaseRepository
{
$table = User::getBuilder(static::TABLE_USER);

$table->joinSub(Contract::getBuilder(), static::TABLE_CONTRACT, function (JoinClause $join) {
$table->leftJoinSub(Contract::getBuilder(), static::TABLE_CONTRACT, function (JoinClause $join) {
$join->on(
$this->makeColumnName([static::TABLE_USER, User::COL_NAME_CONTRACT_ID]),
$this->makeColumnName([static::TABLE_CONTRACT, Contract::COL_NAME_ID])
@@ -56,7 +57,14 @@ class LoginUserRepository extends BaseRepository
$table->where($this->makeColumnName([static::TABLE_USER, User::COL_NAME_EMAIL]), 'like', "%{$email}%");
}
// 契約ID
$this->where($table, $condition, static::CONDITION_CONTRACT_ID, $this->makeColumnName([static::TABLE_USER, User::COL_NAME_CONTRACT_ID]));
$contractId = data_get($condition, static::CONDITION_CONTRACT_ID);
if ($contractId) {
$this->where($table, $condition, static::CONDITION_CONTRACT_ID, $this->makeColumnName([static::TABLE_USER, User::COL_NAME_CONTRACT_ID]));
} else {
// スーパー管理者
$table->where($this->makeColumnName([static::TABLE_USER, User::COL_NAME_ROLE]), UserRole::SUPER_ADMIN);
$table->whereNull($this->makeColumnName([static::TABLE_USER, User::COL_NAME_CONTRACT_ID]));
}

$table->select($this->columns());



撰写 预览
正在加载...
取消
保存