SATE-EasyReceipt/app/Http/Controllers/Web/LoginUser/ChangePasswordController.php

<?php

namespace App\Http\Controllers\Web\LoginUser;

use App\Codes\UserRole;
use App\Exceptions\AppCommonException;
use App\Exceptions\ExclusiveException;
use App\Features\LoginUser;
use App\Http\Controllers\Web\IParam;
use App\Http\Controllers\Web\WebController;
use App\Logic\User\AdminUserManager;
use App\Logic\User\LoginUserManager;
use App\Logic\User\UserManager;
use App\Models\User;
use App\Repositories\LoginUserRepository;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;

class ChangePasswordController extends WebController
{

    use LoginUser;

    private UserManager $manager;

    public function name(): string
    {
        return "ログインユーザーパスワード変更";
    }

    public function description(): string
    {
        return "ログインユーザーのパスワードを変更する";
    }

    public function __construct(
        protected ChangePasswordParam $param,
    ) {
        parent::__construct();
        $this->roleAllow(UserRole::NORMAL_ADMIN);
    }

    protected function getParam(): IParam
    {
        return $this->param;
    }

    protected function run(Request $request): JsonResponse
    {
        $param = $this->param;

        $targetUserId =  $this->getTartgetUserId();
        $targetUser = User::findOrFail($targetUserId);

        try {
            $this->transaction->beginTransaction();


            $currentContract = $this->loginUser()->getCurrentContract();
            if (!$currentContract && $this->loginUser()->user()->role !== UserRole::SUPER_ADMIN) {
                throw new AppCommonException("認証不正");
            }

            $this->manager = UserManager::getManager($targetUser);
            if ($currentContract) {
                $this->manager->initForModify($currentContract, $targetUserId);
            } else {
                $this->manager->initForModifyAdmin($targetUserId);
            }

            if (!$this->param->checkTimestamp($this->manager->getTimestamp())) {
                logger(sprintf(
                    "request:%s origin:%s",
                    $this->param->timestamp->format('Y/m/d H:i:s'),
                    $this->manager->getTimestamp()->format(('Y/m/d H:i:s'))
                ));
                throw new ExclusiveException();
            }

            $messages = $this->manager
                ->fill($param->toArray())
                ->update();

            if (count($messages) !== 0) {
                $this->transaction->rollBack();
                return $this->validateErrorResponse($messages);
            }

            $this->transaction->commit();
        } catch (Exception $e) {
            $this->transaction->rollBack();
            throw $e;
        }

        return $this->successResponse();
    }

    private function getTartgetUserId(): string
    {
        /*
        変更対象のユーザーＩＤを指定できるのは管理者のみとする
        管理者以外が指定した場合はＮＧ    
        指定しない場合は自身を変更対象とする
        */
        $loginUserRole = $this->loginUser()->user()->role;
        if ($this->param->id !== null) {
            if ($loginUserRole === UserRole::CONTRACT_ADMIN || $loginUserRole === UserRole::SUPER_ADMIN) {
                return $this->param->id;
            } else {
                throw new AppCommonException('認証不正');
            }
        }
        return $this->loginUser()->user()->id;
    }
}