6 changed files with 111 additions and 15 deletions
Unified View
Diff Options
-
+24 -4app/Http/Controllers/Web/LoginUser/ChangePasswordController.php
-
+9 -2app/Http/Controllers/Web/LoginUser/LoginUsersController.php
-
+10 -4app/Logic/User/AdminUserManager.php
-
+56 -3app/Logic/User/UserManager.php
-
+2 -0app/Models/Ex/LoginUser.php
-
+10 -2app/Repositories/LoginUserRepository.php
+ 24
- 4
app/Http/Controllers/Web/LoginUser/ChangePasswordController.php
View File
| @@ -8,7 +8,10 @@ use App\Exceptions\ExclusiveException; | |||||
| use App\Features\LoginUser; | use App\Features\LoginUser; | ||||
| use App\Http\Controllers\Web\IParam; | use App\Http\Controllers\Web\IParam; | ||||
| use App\Http\Controllers\Web\WebController; | use App\Http\Controllers\Web\WebController; | ||||
| use App\Logic\User\AdminUserManager; | |||||
| use App\Logic\User\LoginUserManager; | use App\Logic\User\LoginUserManager; | ||||
| use App\Logic\User\UserManager; | |||||
| use App\Models\User; | |||||
| use App\Repositories\LoginUserRepository; | use App\Repositories\LoginUserRepository; | ||||
| use Illuminate\Http\JsonResponse; | use Illuminate\Http\JsonResponse; | ||||
| use Illuminate\Http\Request; | use Illuminate\Http\Request; | ||||
| @@ -19,6 +22,8 @@ class ChangePasswordController extends WebController | |||||
| use LoginUser; | use LoginUser; | ||||
| private UserManager $manager; | |||||
| public function name(): string | public function name(): string | ||||
| { | { | ||||
| return "ログインユーザーパスワード変更"; | return "ログインユーザーパスワード変更"; | ||||
| @@ -31,7 +36,6 @@ class ChangePasswordController extends WebController | |||||
| public function __construct( | public function __construct( | ||||
| protected ChangePasswordParam $param, | protected ChangePasswordParam $param, | ||||
| private LoginUserManager $manager | |||||
| ) { | ) { | ||||
| parent::__construct(); | parent::__construct(); | ||||
| $this->roleAllow(UserRole::NORMAL_ADMIN); | $this->roleAllow(UserRole::NORMAL_ADMIN); | ||||
| @@ -46,19 +50,31 @@ class ChangePasswordController extends WebController | |||||
| { | { | ||||
| $param = $this->param; | $param = $this->param; | ||||
| $targetUserId = $this->getTartgetUserId(); | |||||
| $targetUser = User::findOrFail($targetUserId); | |||||
| try { | try { | ||||
| $this->transaction->beginTransaction(); | $this->transaction->beginTransaction(); | ||||
| $currentContract = $this->loginUser()->getCurrentContract(); | $currentContract = $this->loginUser()->getCurrentContract(); | ||||
| if (!$currentContract) { | |||||
| if (!$currentContract && $this->loginUser()->user()->role !== UserRole::SUPER_ADMIN) { | |||||
| throw new AppCommonException("認証不正"); | throw new AppCommonException("認証不正"); | ||||
| } | } | ||||
| $this->manager->initForModify($currentContract, $this->getTartgetUserId()); | |||||
| $this->manager = UserManager::getManager($targetUser); | |||||
| if ($currentContract) { | |||||
| $this->manager->initForModify($currentContract, $targetUserId); | |||||
| } else { | |||||
| $this->manager->initForModifyAdmin($targetUserId); | |||||
| } | |||||
| if (!$this->param->checkTimestamp($this->manager->getTimestamp())) { | if (!$this->param->checkTimestamp($this->manager->getTimestamp())) { | ||||
| logger(sprintf( | |||||
| "request:%s origin:%s", | |||||
| $this->param->timestamp->format('Y/m/d H:i:s'), | |||||
| $this->manager->getTimestamp()->format(('Y/m/d H:i:s')) | |||||
| )); | |||||
| throw new ExclusiveException(); | throw new ExclusiveException(); | ||||
| } | } | ||||
| @@ -82,7 +98,11 @@ class ChangePasswordController extends WebController | |||||
| private function getTartgetUserId(): string | private function getTartgetUserId(): string | ||||
| { | { | ||||
| /* | |||||
| 変更対象のユーザーIDを指定できるのは管理者のみとする | |||||
| 管理者以外が指定した場合はNG | |||||
| 指定しない場合は自身を変更対象とする | |||||
| */ | |||||
| $loginUserRole = $this->loginUser()->user()->role; | $loginUserRole = $this->loginUser()->user()->role; | ||||
| if ($this->param->id !== null) { | if ($this->param->id !== null) { | ||||
| if ($loginUserRole === UserRole::CONTRACT_ADMIN || $loginUserRole === UserRole::SUPER_ADMIN) { | if ($loginUserRole === UserRole::CONTRACT_ADMIN || $loginUserRole === UserRole::SUPER_ADMIN) { | ||||
+ 9
- 2
app/Http/Controllers/Web/LoginUser/LoginUsersController.php
View File
| @@ -10,6 +10,7 @@ use App\Http\Controllers\Web\WebController; | |||||
| use App\Repositories\LoginUserRepository; | use App\Repositories\LoginUserRepository; | ||||
| use Illuminate\Http\JsonResponse; | use Illuminate\Http\JsonResponse; | ||||
| use Illuminate\Http\Request; | use Illuminate\Http\Request; | ||||
| use Illuminate\Support\Arr; | |||||
| class LoginUsersController extends WebController | class LoginUsersController extends WebController | ||||
| { | { | ||||
| @@ -31,7 +32,7 @@ class LoginUsersController extends WebController | |||||
| private LoginUserRepository $repository | private LoginUserRepository $repository | ||||
| ) { | ) { | ||||
| parent::__construct(); | parent::__construct(); | ||||
| $this->roleAllow(UserRole::CONTRACT_ADMIN); | |||||
| $this->roleAllow(UserRole::NORMAL_ADMIN); | |||||
| } | } | ||||
| protected function getParam(): IParam | protected function getParam(): IParam | ||||
| @@ -43,8 +44,10 @@ class LoginUsersController extends WebController | |||||
| { | { | ||||
| $param = $this->param; | $param = $this->param; | ||||
| $role = $this->loginUser()->user()->role; | |||||
| $currentContractId = $this->loginUser()->getCurrentContractId(); | $currentContractId = $this->loginUser()->getCurrentContractId(); | ||||
| if (!$currentContractId) { | |||||
| if (!$currentContractId && $role !== UserRole::SUPER_ADMIN) { | |||||
| throw new AppCommonException("認証不正"); | throw new AppCommonException("認証不正"); | ||||
| } | } | ||||
| @@ -53,6 +56,10 @@ class LoginUsersController extends WebController | |||||
| LoginUserRepository::CONDITION_CONTRACT_ID => $currentContractId, | LoginUserRepository::CONDITION_CONTRACT_ID => $currentContractId, | ||||
| ]; | ]; | ||||
| if ($role === UserRole::NORMAL_ADMIN) { | |||||
| Arr::add($condition, LoginUserRepository::CONDITION_ID, $this->loginUser()->user()->id); | |||||
| } | |||||
| $list = $this->repository->get($condition); | $list = $this->repository->get($condition); | ||||
+ 10
- 4
app/Logic/User/AdminUserManager.php
View File
| @@ -9,14 +9,20 @@ use LogicException; | |||||
| class AdminUserManager extends UserManager | class AdminUserManager extends UserManager | ||||
| { | { | ||||
| public function initForCreateAdmin() | |||||
| /** | |||||
| * @override | |||||
| */ | |||||
| public function initForCreateAdmin(): static | |||||
| { | { | ||||
| $this->setUser(null); | $this->setUser(null); | ||||
| $this->initialized = true; | $this->initialized = true; | ||||
| return $this; | return $this; | ||||
| } | } | ||||
| public function initForModifyAdmin(string|User $userId) | |||||
| /** | |||||
| * @override | |||||
| */ | |||||
| public function initForModifyAdmin(string|User $userId): static | |||||
| { | { | ||||
| $this->setUser($userId); | $this->setUser($userId); | ||||
| $this->initialized = true; | $this->initialized = true; | ||||
| @@ -26,7 +32,7 @@ class AdminUserManager extends UserManager | |||||
| /** | /** | ||||
| * @override | * @override | ||||
| */ | */ | ||||
| public function initForCreate(string|Contract $contractId) | |||||
| public function initForCreate(string|Contract $contractId): static | |||||
| { | { | ||||
| throw new LogicException("不許可な関数アクセス"); | throw new LogicException("不許可な関数アクセス"); | ||||
| } | } | ||||
| @@ -34,7 +40,7 @@ class AdminUserManager extends UserManager | |||||
| /** | /** | ||||
| * @override | * @override | ||||
| */ | */ | ||||
| public function initForModify(string|Contract $contractId, string|User $userId) | |||||
| public function initForModify(string|Contract $contractId, string|User $userId): static | |||||
| { | { | ||||
| throw new LogicException("不許可な関数アクセス"); | throw new LogicException("不許可な関数アクセス"); | ||||
| } | } | ||||
+ 56
- 3
app/Logic/User/UserManager.php
View File
| @@ -3,7 +3,10 @@ | |||||
| namespace App\Logic\User; | namespace App\Logic\User; | ||||
| use App\Codes\UserRole; | use App\Codes\UserRole; | ||||
| use App\Exceptions\AppCommonException; | |||||
| use App\Features\InstanceAble; | |||||
| use App\Models\Contract; | use App\Models\Contract; | ||||
| use App\Models\Ex\LoginUser; | |||||
| use App\Models\User; | use App\Models\User; | ||||
| use Illuminate\Support\Carbon; | use Illuminate\Support\Carbon; | ||||
| use Illuminate\Support\Facades\Hash; | use Illuminate\Support\Facades\Hash; | ||||
| @@ -13,11 +16,40 @@ use LogicException; | |||||
| abstract class UserManager | abstract class UserManager | ||||
| { | { | ||||
| use InstanceAble; | |||||
| static public function getManager(User $user): static | |||||
| { | |||||
| $loginUser = LoginUser::instance()->user(); | |||||
| if ($user->role === UserRole::SUPER_ADMIN) { | |||||
| if ($loginUser->role === UserRole::SUPER_ADMIN) { | |||||
| return AdminUserManager::instance(); | |||||
| } | |||||
| throw new AppCommonException("認可不良"); | |||||
| } | |||||
| if ($user->role === UserRole::CONTRACT_ADMIN) { | |||||
| if (UserRole::CONTRACT_ADMIN->value <= $loginUser->role->value) { | |||||
| return ContractAdminUserManager::instance(); | |||||
| } | |||||
| throw new AppCommonException("認可不良"); | |||||
| } | |||||
| if ($user->role === UserRole::NORMAL_ADMIN) { | |||||
| if (UserRole::NORMAL_ADMIN->value <= $loginUser->role->value) { | |||||
| return LoginUserManager::instance(); | |||||
| } | |||||
| throw new AppCommonException("認可不良"); | |||||
| } | |||||
| throw new LogicException("未定義ロール"); | |||||
| } | |||||
| protected bool $initialized = false; | protected bool $initialized = false; | ||||
| protected ?User $user = null; | protected ?User $user = null; | ||||
| protected ?Contract $contract = null; | protected ?Contract $contract = null; | ||||
| public function initForCreate(string|Contract $contractId) | |||||
| public function initForCreate(string|Contract $contractId): static | |||||
| { | { | ||||
| $this->setContract($contractId); | $this->setContract($contractId); | ||||
| $this->setUser(null); | $this->setUser(null); | ||||
| @@ -25,7 +57,12 @@ abstract class UserManager | |||||
| return $this; | return $this; | ||||
| } | } | ||||
| public function initForModify(string|Contract $contractId, string|User $userId) | |||||
| public function initForCreateAdmin(): static | |||||
| { | |||||
| throw new LogicException("不許可な関数アクセス"); | |||||
| } | |||||
| public function initForModify(string|Contract $contractId, string|User $userId): static | |||||
| { | { | ||||
| $this->setContract($contractId); | $this->setContract($contractId); | ||||
| $this->setUser($userId); | $this->setUser($userId); | ||||
| @@ -33,11 +70,25 @@ abstract class UserManager | |||||
| return $this; | return $this; | ||||
| } | } | ||||
| public function initForModifyAdmin(string|User $userId): static | |||||
| { | |||||
| throw new LogicException("不許可な関数アクセス"); | |||||
| } | |||||
| public function getTimestamp(): Carbon | public function getTimestamp(): Carbon | ||||
| { | { | ||||
| if (!$this->initialized) { | if (!$this->initialized) { | ||||
| throw new LogicException("初期化不正"); | throw new LogicException("初期化不正"); | ||||
| } | } | ||||
| if ($this->user === null) { | |||||
| throw new LogicException("初期化不正"); | |||||
| } | |||||
| if ($this->contract === null) { | |||||
| return $this->user->updated_at; | |||||
| } | |||||
| return $this->user->updated_at < $this->contract->updated_at ? $this->contract->updated_at : $this->user->updated_at; | return $this->user->updated_at < $this->contract->updated_at ? $this->contract->updated_at : $this->user->updated_at; | ||||
| } | } | ||||
| @@ -120,7 +171,9 @@ abstract class UserManager | |||||
| $this->checkEmailUnique($messages); | $this->checkEmailUnique($messages); | ||||
| $this->passwordEncrypto($messages); | $this->passwordEncrypto($messages); | ||||
| $this->user->role = $this->role(); | |||||
| if ($this->user->isDirty(User::COL_NAME_ROLE)) { | |||||
| $this->user->role = $this->role(); | |||||
| } | |||||
| return $messages; | return $messages; | ||||
| } | } | ||||
+ 2
- 0
app/Models/Ex/LoginUser.php
View File
| @@ -3,6 +3,7 @@ | |||||
| namespace App\Models\Ex; | namespace App\Models\Ex; | ||||
| use App\Codes\UserRole; | use App\Codes\UserRole; | ||||
| use App\Features\InstanceAble; | |||||
| use App\Models\ColumnName; | use App\Models\ColumnName; | ||||
| use App\Models\Contract; | use App\Models\Contract; | ||||
| use App\Models\User; | use App\Models\User; | ||||
| @@ -15,6 +16,7 @@ class LoginUser | |||||
| { | { | ||||
| private const SESSION_KEY_CURERNT_CONTRACT_ID = self::class . "/SESSION_KEY_CURERNT_CONTRACT_ID"; | private const SESSION_KEY_CURERNT_CONTRACT_ID = self::class . "/SESSION_KEY_CURERNT_CONTRACT_ID"; | ||||
| use InstanceAble; | |||||
| public function __construct( | public function __construct( | ||||
| private User $user, | private User $user, | ||||
+ 10
- 2
app/Repositories/LoginUserRepository.php
View File
| @@ -2,6 +2,7 @@ | |||||
| namespace App\Repositories; | namespace App\Repositories; | ||||
| use App\Codes\UserRole; | |||||
| use App\Models\Contract; | use App\Models\Contract; | ||||
| use App\Models\User; | use App\Models\User; | ||||
| use App\Repositories\BaseRepository; | use App\Repositories\BaseRepository; | ||||
| @@ -33,7 +34,7 @@ class LoginUserRepository extends BaseRepository | |||||
| { | { | ||||
| $table = User::getBuilder(static::TABLE_USER); | $table = User::getBuilder(static::TABLE_USER); | ||||
| $table->joinSub(Contract::getBuilder(), static::TABLE_CONTRACT, function (JoinClause $join) { | |||||
| $table->leftJoinSub(Contract::getBuilder(), static::TABLE_CONTRACT, function (JoinClause $join) { | |||||
| $join->on( | $join->on( | ||||
| $this->makeColumnName([static::TABLE_USER, User::COL_NAME_CONTRACT_ID]), | $this->makeColumnName([static::TABLE_USER, User::COL_NAME_CONTRACT_ID]), | ||||
| $this->makeColumnName([static::TABLE_CONTRACT, Contract::COL_NAME_ID]) | $this->makeColumnName([static::TABLE_CONTRACT, Contract::COL_NAME_ID]) | ||||
| @@ -56,7 +57,14 @@ class LoginUserRepository extends BaseRepository | |||||
| $table->where($this->makeColumnName([static::TABLE_USER, User::COL_NAME_EMAIL]), 'like', "%{$email}%"); | $table->where($this->makeColumnName([static::TABLE_USER, User::COL_NAME_EMAIL]), 'like', "%{$email}%"); | ||||
| } | } | ||||
| // 契約ID | // 契約ID | ||||
| $this->where($table, $condition, static::CONDITION_CONTRACT_ID, $this->makeColumnName([static::TABLE_USER, User::COL_NAME_CONTRACT_ID])); | |||||
| $contractId = data_get($condition, static::CONDITION_CONTRACT_ID); | |||||
| if ($contractId) { | |||||
| $this->where($table, $condition, static::CONDITION_CONTRACT_ID, $this->makeColumnName([static::TABLE_USER, User::COL_NAME_CONTRACT_ID])); | |||||
| } else { | |||||
| // スーパー管理者 | |||||
| $table->where($this->makeColumnName([static::TABLE_USER, User::COL_NAME_ROLE]), UserRole::SUPER_ADMIN); | |||||
| $table->whereNull($this->makeColumnName([static::TABLE_USER, User::COL_NAME_CONTRACT_ID])); | |||||
| } | |||||
| $table->select($this->columns()); | $table->select($this->columns()); | ||||