479 lines
17 KiB
PHP
479 lines
17 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Livewire;
|
|
|
|
use App\Events\ProfileSwitchEvent;
|
|
use App\Models\Admin;
|
|
use App\Models\Bank;
|
|
use App\Models\Organization;
|
|
use App\Models\User;
|
|
use App\Traits\SwitchGuardTrait;
|
|
use Illuminate\Support\Facades\App;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\Support\Facades\DB;
|
|
use Illuminate\Support\Facades\Mail;
|
|
use Illuminate\Support\Str;
|
|
use Livewire\Component;
|
|
use Log;
|
|
use Stevebauman\Location\Facades\Location as IpLocation;
|
|
use WireUi\Traits\WireUiActions;
|
|
|
|
class SwitchProfile extends Component
|
|
{
|
|
use WireUiActions;
|
|
use SwitchGuardTrait;
|
|
|
|
protected $user;
|
|
public $userName;
|
|
public $userProfiles = [];
|
|
public $userProfileIndex;
|
|
public $notifySwitchProfile;
|
|
public $activeProfile = [];
|
|
public $profilesWithUnread = [];
|
|
|
|
/**
|
|
* Get the event listeners for the component.
|
|
* Listens for the ProfileSwitchEvent event on the switch-profile.{$userId} private Echo channel. When this event is fired, the notifySwitchProfile method of the component will be called.
|
|
* @return array
|
|
*/
|
|
protected function getListeners()
|
|
{
|
|
$userId = Auth::guard('web')->id(); // Get the authenticated user's ID for lowest level identification
|
|
|
|
return [
|
|
"echo-private:switch-profile.{$userId},ProfileSwitchEvent" => 'notifySwitchProfile',
|
|
];
|
|
}
|
|
|
|
|
|
public function mount()
|
|
{
|
|
|
|
//TODO NEXT: Add middleware seciruty!
|
|
|
|
$this->user = Auth::guard('web')->user();
|
|
$this->userName = $this->user->name;
|
|
|
|
// Eager load profile relationships
|
|
$userWithRelations = User::with([
|
|
'organizations',
|
|
'banksManaged',
|
|
'admins'
|
|
])->find($this->user->id);
|
|
|
|
|
|
// Filter out removed (soft-deleted) items
|
|
$organizations = $userWithRelations->organizations->filter(
|
|
fn ($organizations) => $organizations->deleted_at === null || $organizations->deleted_at > now()
|
|
);
|
|
$banks = $userWithRelations->banksManaged->filter(
|
|
fn ($bank) => $bank->deleted_at === null || $bank->deleted_at > now()
|
|
);
|
|
$admins = $userWithRelations->admins->filter(
|
|
fn ($admin) => $admin->deleted_at === null || $admin->deleted_at > now()
|
|
);
|
|
|
|
|
|
// Merge profiles collections
|
|
$profiles = $organizations
|
|
->concat($banks)
|
|
->concat($admins);
|
|
|
|
// Map the merged collection to the desired structure
|
|
$this->userProfiles = $profiles->map(function ($profile) {
|
|
if ($profile instanceof Organization) {
|
|
$type = 'organization';
|
|
} elseif ($profile instanceof Bank) {
|
|
$type = 'bank';
|
|
} elseif ($profile instanceof Admin) {
|
|
$type = 'admin';
|
|
} else {
|
|
$type = 'unknown';
|
|
}
|
|
|
|
return [
|
|
'id' => $profile->id,
|
|
'type' => $type,
|
|
'name' => $profile->name,
|
|
'photo' => $profile->profile_photo_path,
|
|
];
|
|
})->values()->toArray();
|
|
|
|
// Find the index corresponding to the current session profile
|
|
$activeType = session('activeProfileType');
|
|
$activeId = session('activeProfileId');
|
|
|
|
if ($activeType === \App\Models\User::class && $activeId === $this->user->id) {
|
|
$this->userProfileIndex = null; // Main user profile
|
|
} else {
|
|
foreach ($this->userProfiles as $index => $profile) {
|
|
$profileClassName = 'App\\Models\\' . ucfirst($profile['type']);
|
|
if ($profileClassName === $activeType && $profile['id'] === $activeId) {
|
|
$this->userProfileIndex = $index;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
// If no match found, it defaults to null (main user)
|
|
|
|
// Load unread status for all profiles
|
|
$this->loadUnreadStatus();
|
|
}
|
|
|
|
// Computed property to format options for WireUI select
|
|
public function getSelectOptionsProperty(): array
|
|
{
|
|
$options = [
|
|
// Main user option (value null)
|
|
['value' => null, 'label' => Str::limit($this->userName, 25, '...')]
|
|
];
|
|
|
|
// Add other profiles from the loop
|
|
foreach ($this->userProfiles as $index => $profile) {
|
|
$options[] = [
|
|
'value' => $index, // The original index is the value
|
|
'label' => Str::limit($profile['name'], 25, '...') // The limited name is the label
|
|
];
|
|
}
|
|
return $options;
|
|
}
|
|
|
|
|
|
public function profileSelected($index = null)
|
|
{
|
|
$this->userProfileIndex = $index;
|
|
$this->switchProfile();
|
|
}
|
|
|
|
|
|
public function switchProfile()
|
|
{
|
|
$index = $this->userProfileIndex;
|
|
|
|
// If index is missing or out of range, switch to the auth user without login
|
|
if ($index === null || !isset($this->userProfiles[$index])) {
|
|
return $this->switchToAuthUser();
|
|
}
|
|
|
|
$profileArray = $this->userProfiles[$index];
|
|
$profileType = ucfirst($profileArray['type']);
|
|
$profileId = $profileArray['id'];
|
|
$profileClass = $profile = "App\\Models\\$profileType";
|
|
$profile = $profileClass::find($profileId);
|
|
|
|
// If the user is switching to their own User profile, switch without login
|
|
if ($profileType === 'User' && (int) $profileId === Auth::guard('web')->id()) {
|
|
return $this->switchToAuthUser();
|
|
}
|
|
|
|
// If switching to an Admin profile, check if the user is authenticated as an Admin
|
|
elseif ($profileType === 'Admin' ) {
|
|
// Redirect to admin login page
|
|
session([
|
|
'intended_profile_switch_type' => $profileType,
|
|
'intended_profile_switch_id' => $profileId,
|
|
]);
|
|
$this->redirect(route('admin.login'));
|
|
return; // Explicitly stop further execution
|
|
}
|
|
// If switching to an Bank profile, check if the user is authenticated as an Bank
|
|
elseif ($profileType === 'Bank' ) {
|
|
// Redirect to bank login page
|
|
session([
|
|
'intended_profile_switch_type' => $profileType,
|
|
'intended_profile_switch_id' => $profileId,
|
|
]);
|
|
$this->redirect(route('bank.login'));
|
|
return; // Explicitly stop further execution
|
|
}
|
|
|
|
// No Bank or Admin profile: without login
|
|
// Otherwise, attempt to find and validate the model
|
|
$profileClassName = 'App\\Models\\' . $profileType;
|
|
$profileModel = $profileClassName::find($profileId);
|
|
$newGuard = strtolower($profileType);
|
|
|
|
// If the model doesn't exist or the user doesn't own it, fall back with a warning
|
|
// Use userOwnsProfile instead of can() to avoid cross-guard protection during switching
|
|
if (!$profileModel || !\App\Helpers\ProfileAuthorizationHelper::userOwnsProfile($profileModel) || !class_exists($profileClassName)) {
|
|
return $this->fallbackToAuthUser();
|
|
}
|
|
|
|
$this->switchGuard($newGuard, $profileModel);
|
|
|
|
// Switch to the chosen profile
|
|
session([
|
|
'activeProfileType' => $profileClassName,
|
|
'activeProfileId' => $profileModel->id,
|
|
'activeProfileName' => $profileModel->name,
|
|
'activeProfilePhoto' => $profileModel->profile_photo_path,
|
|
'profile-switched-notification' => true,
|
|
]);
|
|
|
|
// Re-activate profile if inactive
|
|
if (timebank_config('profile_inactive.re-activate_at_login')) {
|
|
if (!$profileModel->isActive()) {
|
|
$profileModel->inactive_at = null;
|
|
$profileModel->save();
|
|
info(class_basename($profileClassName) . ' ' . 're-activated: ' . $profileModel->name);
|
|
}
|
|
}
|
|
|
|
// Fire the event, redirect, etc.
|
|
event(new ProfileSwitchEvent($profileModel));
|
|
$this->redirect(route('main')); // Use Livewire's redirect method
|
|
return; // Explicitly stop further execution
|
|
}
|
|
|
|
/**
|
|
* Switch to the authenticated user's own profile without logging in.
|
|
*/
|
|
protected function switchToAuthUser()
|
|
{
|
|
$this->logoutNonWebGuards();
|
|
|
|
$user = Auth::guard('web')->user();
|
|
|
|
session([
|
|
'activeProfileType' => \App\Models\User::class,
|
|
'activeProfileId' => $user->id,
|
|
'activeProfileName' => $user->name,
|
|
'activeProfilePhoto' => $user->profile_photo_path,
|
|
'active_guard' => 'web', // Explicitly set active guard
|
|
'profile-switched-notification' => true,
|
|
]);
|
|
event(new ProfileSwitchEvent($user));
|
|
$this->redirect(route('main')); // Use Livewire's redirect method
|
|
return; // Explicitly stop further execution
|
|
}
|
|
|
|
|
|
/**
|
|
* If user tampered with the front-end, we fall back to the default user profile.
|
|
*/
|
|
protected function fallbackToAuthUser()
|
|
{
|
|
$this->logoutNonWebGuards();
|
|
|
|
$user = Auth::guard('web')->user();
|
|
Session([
|
|
'activeProfileType' => \App\Models\User::class,
|
|
'activeProfileId' => $user->id,
|
|
'activeProfileName' => $user->name,
|
|
'activeProfilePhoto' => $user->profile_photo_path,
|
|
'activeProfileAccounts' => $user->accounts()->pluck('id')->toArray(),
|
|
'active_guard' => 'web', // Explicitly set active guard
|
|
]);
|
|
|
|
$activeProfile = [
|
|
'userId' => $user->id,
|
|
'type' => session('activeProfileType'),
|
|
'id' => session('activeProfileId'),
|
|
'name' => session('activeProfileName'),
|
|
'photo' => session('activeProfilePhoto'),
|
|
];
|
|
$warningMessage = 'Unauthorized profile switch attempt';
|
|
$this->logAndReport($warningMessage);
|
|
session()->flash('error', __($warningMessage) . '. ' . __('This event has been logged') . '!');
|
|
session(['unauthorizedAction' => __($warningMessage) . '. ' . __('This event has been logged') . '!']);
|
|
return event(new ProfileSwitchEvent($activeProfile));
|
|
}
|
|
|
|
public function notifySwitchProfile($activeProfile)
|
|
{
|
|
$this->notifySwitchProfile = true;
|
|
|
|
Session([
|
|
// 'active_guard' => $activeProfile['guard'],
|
|
'activeProfileType' => $activeProfile['type'],
|
|
'activeProfileId' => $activeProfile['id'],
|
|
'activeProfileName' => $activeProfile['name'],
|
|
'activeProfilePhoto' => $activeProfile['photo'],
|
|
'profile-switched-notification' => true,
|
|
]);
|
|
|
|
return redirect()->route('main');
|
|
}
|
|
|
|
|
|
/**
|
|
* Logs a warning message and reports it via email to the system administrator.
|
|
*
|
|
* This method logs a warning message with detailed information about the event,
|
|
* including account details, user details, IP address, and location. It also
|
|
* sends an email to the system administrator with the same information.
|
|
*/
|
|
private function logAndReport($warningMessage, $error = '')
|
|
{
|
|
$ip = request()->ip();
|
|
$ipLocationInfo = IpLocation::get($ip);
|
|
|
|
// Escape ipLocation errors when not in production
|
|
if (!$ipLocationInfo || App::environment(['local', 'development', 'staging'])) {
|
|
$ipLocationInfo = (object) [
|
|
'cityName' => 'local City',
|
|
'regionName' => 'local Region',
|
|
'countryName' => 'local Country',
|
|
];
|
|
}
|
|
$eventTime = now()->toDateTimeString();
|
|
|
|
// Log this event and mail to admin
|
|
Log::warning($warningMessage, [
|
|
'userId' => Auth::guard('web')->id(),
|
|
'userName' => Auth::user()->name,
|
|
'activeProfileId' => session('activeProfileId'),
|
|
'activeProfileType' => session('activeProfileType'),
|
|
'activeProfileName' => session('activeProfileName'),
|
|
'IP address' => $ip,
|
|
'IP location' => $ipLocationInfo->cityName . ', ' . $ipLocationInfo->regionName . ', ' . $ipLocationInfo->countryName,
|
|
'Event Time' => $eventTime,
|
|
'Message' => $error,
|
|
]);
|
|
Mail::raw(
|
|
$warningMessage . '.' . "\n\n" .
|
|
'User ID: ' . Auth::guard('web')->id() . "\n" . 'User Name: ' . Auth::guard('web')->user()->name . "\n" .
|
|
'Active Profile ID: ' . session('activeProfileId') . "\n" .
|
|
'Active Profile Type: ' . session('activeProfileType') . "\n" .
|
|
'Active Profile Name: ' . session('activeProfileName') . "\n" .
|
|
'IP address: ' . $ip . "\n" .
|
|
'IP location: ' . $ipLocationInfo->cityName . ', ' . $ipLocationInfo->regionName . ', ' . $ipLocationInfo->countryName . "\n" .
|
|
'Event Time: ' . $eventTime . "\n\n" .
|
|
$error,
|
|
function ($message) use ($warningMessage) {
|
|
$message->to(timebank_config('mail.system_admin.email'))->subject($warningMessage);
|
|
},
|
|
);
|
|
|
|
session()->flash('error', __($warningMessage) . '. ' . __('This event has been logged and reported to our system administrator') . '.');
|
|
}
|
|
|
|
/**
|
|
* Load unread status for all switchable profiles
|
|
*/
|
|
private function loadUnreadStatus()
|
|
{
|
|
$webUser = Auth::guard('web')->user();
|
|
if (!$webUser) {
|
|
return;
|
|
}
|
|
|
|
// Collect all profile IDs
|
|
$profileIds = [
|
|
'user' => [$webUser->id],
|
|
'admin' => [],
|
|
'bank' => [],
|
|
'organization' => [],
|
|
];
|
|
|
|
foreach ($this->userProfiles as $profile) {
|
|
$profileIds[$profile['type']][] = $profile['id'];
|
|
}
|
|
|
|
// Check for unread messages
|
|
$this->profilesWithUnread = $this->checkUnreadMessages($profileIds);
|
|
}
|
|
|
|
/**
|
|
* Check which profiles have unread messages (boolean check only)
|
|
* Returns array like: ['user' => true, 'admin' => [2 => true], 'bank' => [3 => false], ...]
|
|
*/
|
|
private function checkUnreadMessages(array $profileIds): array
|
|
{
|
|
$result = [
|
|
'user' => false,
|
|
'admin' => [],
|
|
'bank' => [],
|
|
'organization' => [],
|
|
];
|
|
|
|
// Collect all profile type/id pairs
|
|
$profilePairs = [];
|
|
foreach ($profileIds as $type => $ids) {
|
|
foreach ($ids as $id) {
|
|
$modelClass = $this->getModelClass($type);
|
|
$profilePairs[] = ['type' => $modelClass, 'id' => $id];
|
|
}
|
|
}
|
|
|
|
if (empty($profilePairs)) {
|
|
return $result;
|
|
}
|
|
|
|
// Use parameter binding with IN clause for better escaping
|
|
$typeIds = collect($profilePairs)->groupBy('type')->map(function ($items) {
|
|
return $items->pluck('id')->toArray();
|
|
})->toArray();
|
|
|
|
// Check each type separately and combine results
|
|
foreach ($typeIds as $modelClass => $ids) {
|
|
$unreadForType = DB::table('wirechat_participants as p')
|
|
->select('p.participantable_type', 'p.participantable_id')
|
|
->join('wirechat_conversations as c', 'p.conversation_id', '=', 'c.id')
|
|
->where('p.participantable_type', '=', $modelClass)
|
|
->whereIn('p.participantable_id', $ids)
|
|
->whereNull('p.deleted_at')
|
|
->whereExists(function ($query) {
|
|
$query->select(DB::raw(1))
|
|
->from('wirechat_messages as m')
|
|
->whereColumn('m.conversation_id', 'p.conversation_id')
|
|
->whereNull('m.deleted_at')
|
|
->where(function ($q) {
|
|
$q->whereNull('p.conversation_read_at')
|
|
->orWhereColumn('m.created_at', '>', 'p.conversation_read_at');
|
|
})
|
|
->where(function ($q) {
|
|
$q->where('m.sendable_id', '!=', DB::raw('p.participantable_id'))
|
|
->orWhere('m.sendable_type', '!=', DB::raw('p.participantable_type'));
|
|
});
|
|
})
|
|
->get();
|
|
|
|
foreach ($unreadForType as $row) {
|
|
$type = $this->getTypeFromModelClass($row->participantable_type);
|
|
$id = $row->participantable_id;
|
|
|
|
if ($type === 'user') {
|
|
$result['user'] = true;
|
|
} else {
|
|
$result[$type][$id] = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
/**
|
|
* Map profile type to model class (return with single backslash for database comparison)
|
|
*/
|
|
private function getModelClass(string $type): string
|
|
{
|
|
return match($type) {
|
|
'user' => 'App\Models\User',
|
|
'admin' => 'App\Models\Admin',
|
|
'bank' => 'App\Models\Bank',
|
|
'organization' => 'App\Models\Organization',
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Map model class to profile type
|
|
*/
|
|
private function getTypeFromModelClass(string $class): string
|
|
{
|
|
return match($class) {
|
|
'App\\Models\\User', 'App\Models\User' => 'user',
|
|
'App\\Models\\Admin', 'App\Models\Admin' => 'admin',
|
|
'App\\Models\\Bank', 'App\Models\Bank' => 'bank',
|
|
'App\\Models\\Organization', 'App\Models\Organization' => 'organization',
|
|
default => 'unknown'
|
|
};
|
|
}
|
|
|
|
public function render()
|
|
{
|
|
return view('livewire.switch-profile');
|
|
}
|
|
}
|