From e3d9b024915711c809bde14855703faf25ae45b7 Mon Sep 17 00:00:00 2001
From: Alexander Smirnov <fredeom@mail.ru>
Date: Wed, 18 Sep 2024 18:11:35 +0300
Subject: [PATCH] =?utf8?q?[ERP-190]=20=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB?=
 =?utf8?q?=D0=B5=D0=BD=D0=B0=20=D0=B2=D0=BE=D0=B7=D0=BC=D0=BE=D0=B6=D0=BD?=
 =?utf8?q?=D0=BE=D1=81=D1=82=D1=8C=20=D0=B1=D1=8B=D1=81=D1=82=D1=80=D0=BE?=
 =?utf8?q?=D0=B3=D0=BE=20=D0=BF=D0=B5=D1=80=D0=B5=D0=BA=D0=BB=D1=8E=D1=87?=
 =?utf8?q?=D0=B5=D0=BD=D0=B8=D1=8F=20=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE?=
 =?utf8?q?=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 erp24/config/params.php              |  3 +-
 erp24/controllers/MainController.php | 86 ++++++++++++++++++++++++++++
 erp24/views/layouts/header.php       | 64 ++++++++++++++++++++-
 3 files changed, 151 insertions(+), 2 deletions(-)
 create mode 100644 erp24/controllers/MainController.php

diff --git a/erp24/config/params.php b/erp24/config/params.php
index ff2b5815..772d5bee 100644
--- a/erp24/config/params.php
+++ b/erp24/config/params.php
@@ -10,5 +10,6 @@ return [
         ['Login' => 'lazava-d8-136',  'Password' => '5gp3znn0'],
         ['Login' => 'alieah-4d-136',  'Password' => 'qh7bxq5p'],
         ['Login' => 'ipbelo-n2-ci',   'Password' => '8h09h42q38'],
-    ]
+    ],
+    'SWITCH_USER_COOKIE_PASSWORD' => '123pass@WORD',
 ];
diff --git a/erp24/controllers/MainController.php b/erp24/controllers/MainController.php
new file mode 100644
index 00000000..75f60277
--- /dev/null
+++ b/erp24/controllers/MainController.php
@@ -0,0 +1,86 @@
+<?php
+
+namespace app\controllers;
+
+use yii;
+use yii\helpers\ArrayHelper;
+use yii\web\Controller;
+use yii_app\records\Admin;
+use yii_app\records\AdminGroup;
+
+class MainController extends Controller
+{
+    const SWITCH_USER_COOKIE = 'switchUserCookie';
+
+    public function actionAjaxGetUsers() {
+        Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
+
+        if (Admin::findOne(Yii::$app->user->id)->group_id == AdminGroup::GROUP_IT) {
+            $this->setPermission();
+        } else {
+            if (!$this->checkPermission()) {
+                throw new \Exception('Нет прав на смену пользователя');
+            }
+        }
+
+        $adminArr = [];
+        foreach (\yii_app\records\Admin::find()->with('adminGroup')->all() as $admin) {
+            if ($admin->group_id > 0) {
+                $adminArr[] = ['id' => $admin->id, 'name' => $admin->name, 'groupName' => $admin->adminGroup->name ?? "Другие"];
+            }
+        }
+        $admins = ArrayHelper::map($adminArr, 'id', 'name', 'groupName');
+
+        return $admins;
+    }
+
+    public function  actionAjaxSwitchUser() {
+        Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
+
+        if (!$this->checkPermission()) {
+            throw new \Exception('Нет прав на смену пользователя');
+        }
+
+        $adminId = Yii::$app->request->post('adminId');
+
+        Yii::$app->user->logout();
+
+        $user = Admin::findOne($adminId);
+
+        if ($user) {
+            $user->legacyFill();
+
+            Yii::$app->user->login($user, 3600 * 24 * 30);
+
+            return ['response' => true];
+        }
+
+        return ['response' => false];
+    }
+
+    private function setPermission() {
+        $cookies = Yii::$app->response->cookies;
+        $cookies->add(new \yii\web\Cookie([
+            'name' => self::SWITCH_USER_COOKIE,
+            'value' => self::md5Algo(Yii::$app->params['SWITCH_USER_COOKIE_PASSWORD']),
+            'expire' => strtotime('+5 minutes', time())
+        ]));
+    }
+
+    private function checkPermission() {
+        $cookies = Yii::$app->request->cookies;
+        $cookie = $cookies->get(self::SWITCH_USER_COOKIE);
+        if ($cookie) {
+            $md5 = $cookie->value;
+            return $md5 == self::md5Algo(Yii::$app->params['SWITCH_USER_COOKIE_PASSWORD']);
+        }
+        return false;
+    }
+
+    private static function md5Algo($md5) {
+        foreach (range(1, date('d')) as $ind) {
+            $md5 = md5($md5);
+        }
+        return $md5;
+    }
+}
\ No newline at end of file
diff --git a/erp24/views/layouts/header.php b/erp24/views/layouts/header.php
index 84d68d2b..88173b76 100755
--- a/erp24/views/layouts/header.php
+++ b/erp24/views/layouts/header.php
@@ -169,6 +169,10 @@ $this->registerCssFile('/css/timetable/style.css');
                                             <svg class="header-icon me-2" xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0V0z" fill="none"></path><path d="M19.43 12.98c.04-.32.07-.64.07-.98 0-.34-.03-.66-.07-.98l2.11-1.65c.19-.15.24-.42.12-.64l-2-3.46c-.09-.16-.26-.25-.44-.25-.06 0-.12.01-.17.03l-2.49 1c-.52-.4-1.08-.73-1.69-.98l-.38-2.65C14.46 2.18 14.25 2 14 2h-4c-.25 0-.46.18-.49.42l-.38 2.65c-.61.25-1.17.59-1.69.98l-2.49-1c-.06-.02-.12-.03-.18-.03-.17 0-.34.09-.43.25l-2 3.46c-.13.22-.07.49.12.64l2.11 1.65c-.04.32-.07.65-.07.98 0 .33.03.66.07.98l-2.11 1.65c-.19.15-.24.42-.12.64l2 3.46c.09.16.26.25.44.25.06 0 .12-.01.17-.03l2.49-1c.52.4 1.08.73 1.69.98l.38 2.65c.03.24.24.42.49.42h4c.25 0 .46-.18.49-.42l.38-2.65c.61-.25 1.17-.59 1.69-.98l2.49 1c.06.02.12.03.18.03.17 0 .34-.09.43-.25l2-3.46c.12-.22.07-.49-.12-.64l-2.11-1.65zm-1.98-1.71c.04.31.05.52.05.73 0 .21-.02.43-.05.73l-.14 1.13.89.7 1.08.84-.7 1.21-1.27-.51-1.04-.42-.9.68c-.43.32-.84.56-1.25.73l-1.06.43-.16 1.13-.2 1.35h-1.4l-.19-1.35-.16-1.13-1.06-.43c-.43-.18-.83-.41-1.23-.71l-.91-.7-1.06.43-1.27.51-.7-1.21 1.08-.84.89-.7-.14-1.13c-.03-.31-.05-.54-.05-.74s.02-.43.05-.73l.14-1.13-.89-.7-1.08-.84.7-1.21 1.27.51 1.04.42.9-.68c.43-.32.84-.56 1.25-.73l1.06-.43.16-1.13.2-1.35h1.39l.19 1.35.16 1.13 1.06.43c.43.18.83.41 1.23.71l.91.7 1.06-.43 1.27-.51.7 1.21-1.07.85-.89.7.14 1.13zM12 8c-2.21 0-4 1.79-4 4s1.79 4 4 4 4-1.79 4-4-1.79-4-4-4zm0 6c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2z"></path></svg>
                                             <div class="fs-13">Привязать устройство</div>
                                         </a>
+                                        <a class="dropdown-item d-flex" href="javascript:void(0)" onclick="switchUser();">
+                                            <svg class="header-icon me-2" xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0V0z" fill="none"></path><path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zM7.07 18.28c.43-.9 3.05-1.78 4.93-1.78s4.51.88 4.93 1.78C15.57 19.36 13.86 20 12 20s-3.57-.64-4.93-1.72zm11.29-1.45c-1.43-1.74-4.9-2.33-6.36-2.33s-4.93.59-6.36 2.33C4.62 15.49 4 13.82 4 12c0-4.41 3.59-8 8-8s8 3.59 8 8c0 1.82-.62 3.49-1.64 4.83zM12 6c-1.94 0-3.5 1.56-3.5 3.5S10.06 13 12 13s3.5-1.56 3.5-3.5S13.94 6 12 6zm0 5c-.83 0-1.5-.67-1.5-1.5S11.17 8 12 8s1.5.67 1.5 1.5S12.83 11 12 11z"></path></svg>
+                                            <div class="fs-13">Переключить пользователя</div>
+                                        </a>
                                         <a class="dropdown-item d-flex" href="/site/logout">
                                             <svg class="header-icon me-2" xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><g><rect fill="none" height="24" width="24"></rect></g><g><path d="M11,7L9.6,8.4l2.6,2.6H2v2h10.2l-2.6,2.6L11,17l5-5L11,7z M20,19h-8v2h8c1.1,0,2-0.9,2-2V5c0-1.1-0.9-2-2-2h-8v2h8V19z"></path></g></svg>
                                             <div class="fs-13">Выйти</div>
@@ -186,4 +190,62 @@ $this->registerCssFile('/css/timetable/style.css');
             </div>
         </div>
     </div>
-</div>
\ No newline at end of file
+</div>
+
+<script>
+
+function switchUser() {
+    const paramXX = $('meta[name=csrf-param]').attr('content');
+    const tokenXX = $('meta[name=csrf-token]').attr('content');
+
+    $.ajax({
+        url: '/main/ajax-get-users',
+        method: 'post',
+        dataType: 'json',
+        data: {[paramXX]: tokenXX},
+        success: function(data){
+            const $mainModal = $('#mainModal');
+            const $modalBody = $mainModal.find('.modal-body');
+            const $modalFooter = $mainModal.find('.modal-footer');
+            $mainModal.find('.close').on('click', () => { $mainModal.modal('hide'); });
+            $mainModal.find('.modal-title').html('Переключить пользователя');
+            $modalFooter.html('<button class="btn btn-success">Переключить</button>');
+            $modalFooter.find('button').on('click', () => {
+                const adminId = $select.val();
+                $.ajax({
+                    url: '/main/ajax-switch-user',
+                    method: 'post',
+                    dataType: 'json',
+                    data: {adminId, [paramXX]: tokenXX},
+                    success: function(data) {
+                        if (data?.response) {
+                            window.location = window.location
+                        }
+                    }
+                });
+            })
+            $modalBody.html('<select class="js-example-basic-single" name="state"></select>');
+            const $select = $('.js-example-basic-single');
+
+            $.each(data, (opt) => {
+                const optGroup = document.createElement("optgroup")
+                optGroup.label = opt;
+                $.each(data[opt], (key, value) => {
+                    const option = document.createElement("option")
+                    option.value = key;
+                    option.text = value;
+                    optGroup.append(option);
+                })
+                $select.append(optGroup);
+            });
+
+            $select.select2({
+                dropdownParent: $mainModal,
+            });
+
+            $mainModal.modal('show');
+        }
+    })
+}
+
+</script>
\ No newline at end of file
-- 
2.39.5