From a0946837ca7721eb755f79db94fbc8a22611da64 Mon Sep 17 00:00:00 2001
From: Alexander Smirnov <fredeom@mail.ru>
Date: Wed, 25 Dec 2024 10:36:38 +0300
Subject: [PATCH] [ERP-271] disable csrf validation for pending

---
 erp24/controllers/NotificationController.php | 9 +++++++++
 erp24/log/TelegramTarget.php                 | 3 ---
 erp24/web/js/notification.js                 | 6 ++----
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/erp24/controllers/NotificationController.php b/erp24/controllers/NotificationController.php
index fc866ac5..0e0bf65e 100644
--- a/erp24/controllers/NotificationController.php
+++ b/erp24/controllers/NotificationController.php
@@ -19,6 +19,15 @@ class NotificationController extends Controller
         ];
     }
 
+    public function beforeAction($action)
+    {
+        if ($action->id == 'pending') {
+            $this->enableCsrfValidation = false;
+        }
+
+        return parent::beforeAction($action);
+    }
+
     public function actionDelete($id) {
         $notification = Notification::findOne($id);
         if ($notification && (Yii::$app->user->id == $notification->created_by || Yii::$app->user->can('notification/deleteAll'))) {
diff --git a/erp24/log/TelegramTarget.php b/erp24/log/TelegramTarget.php
index 24d037ad..fe478987 100644
--- a/erp24/log/TelegramTarget.php
+++ b/erp24/log/TelegramTarget.php
@@ -126,9 +126,6 @@ class TelegramTarget extends \yii\log\Target
             $level .= '```' . $message->getCommandLine() . '```';
         } else {
             $level .= '[' . $message->getUrl() . '](' . $message->getUrl() . ')';
-            if (str_contains($message->getUrl(), "erp-flowers.ru/notification/pending")) {
-                return;
-            }
         }
 
         // Текст сообщения
diff --git a/erp24/web/js/notification.js b/erp24/web/js/notification.js
index 60cd23c9..36846286 100644
--- a/erp24/web/js/notification.js
+++ b/erp24/web/js/notification.js
@@ -1,5 +1,3 @@
-const param1 = $('meta[name=csrf-param]').attr("content");
-const token1 = $('meta[name=csrf-token]').attr("content");
 let pendingAllowed = true;
 
 setTimeout(initPendingNotifications, 3000);
@@ -38,7 +36,7 @@ function pendingNotifications() {
     $.ajax({
         method: 'POST',
         url: window.location.origin + '/notification/pending',
-        data: { action: 'pendingNotifications', [param1]: token1},
+        data: { action: 'pendingNotifications'},
         dataType: "json",
         success: function (data) {
             updateKolokolchik(data);
@@ -59,7 +57,7 @@ function notificationIsShown(notification_id) {
     $.ajax({
         method: 'POST',
         url: window.location.origin + '/notification/pending',
-        data: {action: 'notificationIsShown', notification_id, [param1]: token1},
+        data: {action: 'notificationIsShown', notification_id},
         dataType: "json",
         success: function (data) { }
     });
-- 
2.39.5