From b2cea7896d2ba66701824e9b4b89dc76d295d0ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9=20=D0=A1=D0=B0?= =?UTF-8?q?=D0=B1=D0=B8=D0=BB=D0=B8=D0=BD?= Date: Tue, 28 Apr 2026 19:12:02 +0300 Subject: [PATCH] =?UTF-8?q?=D0=A0=D0=BE=D0=BB=D0=B5=D0=B2=D0=B0=D1=8F=20?= =?UTF-8?q?=D0=BC=D0=BE=D0=B4=D0=B5=D0=BB=D1=8C=20=D0=B8=20=D0=B0=D1=83?= =?UTF-8?q?=D0=B4=D0=B8=D1=82=20=D0=A7=D0=B0=D1=81=D1=82=D1=8C=201.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 4 +- include/records.hrl | 21 ++++- src/core/core_admin.erl | 63 +++++++++++++ src/core/core_admin_session.erl | 35 ++++++++ src/core/core_session.erl | 41 +++++++++ .../admin/admin_handler_banned_words.erl | 11 +-- src/handlers/admin/admin_handler_health.erl | 19 ++-- src/handlers/admin/admin_handler_login.erl | 15 +++- .../admin/admin_handler_moderation.erl | 11 +-- .../admin/admin_handler_report_by_id.erl | 13 +-- src/handlers/admin/admin_handler_reports.erl | 15 +--- src/handlers/admin/admin_handler_reviews.erl | 13 +-- src/handlers/admin/admin_handler_stats.erl | 20 +---- .../admin/admin_handler_subscriptions.erl | 11 +-- .../admin/admin_handler_ticket_by_id.erl | 11 +-- .../admin/admin_handler_ticket_stats.erl | 11 +-- src/handlers/admin/admin_handler_tickets.erl | 11 +-- .../admin/admin_handler_user_by_id.erl | 26 ++---- src/handlers/admin/admin_handler_users.erl | 49 +++++----- src/handlers/admin/admin_ws_handler.erl | 7 +- src/handlers/handler_login.erl | 15 +--- src/handlers/handler_refresh.erl | 90 ++++++++++--------- src/handlers/handler_ticket_by_id.erl | 10 +-- src/handlers/handler_tickets.erl | 9 +- src/infra/admin_utils.erl | 13 +++ src/infra/eventhub_auth.erl | 21 ++--- src/infra/infra_mnesia.erl | 14 ++- src/logic/logic_auth.erl | 36 +++++--- src/logic/logic_moderation.erl | 28 +++--- src/logic/logic_review.erl | 14 +-- src/logic/logic_subscription.erl | 10 +-- src/logic/logic_ticket.erl | 22 ++--- 32 files changed, 369 insertions(+), 320 deletions(-) create mode 100644 src/core/core_admin.erl create mode 100644 src/core/core_admin_session.erl create mode 100644 src/core/core_session.erl create mode 100644 src/infra/admin_utils.erl diff --git a/Makefile b/Makefile index 23828af..0edddaa 100644 --- a/Makefile +++ b/Makefile @@ -87,11 +87,11 @@ test: eunit ## Запустить все тесты (алиас для eunit) eunit: ## Запустить EUnit тесты @echo "Запуск EUnit тестов..." - @$(REBAR3) eunit --sname $(SNAME)_test + @$(REBAR3) eunit --sname $(SNAME)_test --verbose eunit-module: ## Запустить тесты для модуля (make eunit-module MODULE=core_calendar_tests) @echo "Запуск тестов для модуля $(MODULE)..." - @$(REBAR3) eunit --sname $(SNAME)_test --module=$(MODULE) + @$(REBAR3) eunit --sname $(SNAME)_test --module=$(MODULE) --verbose eunit-verbose: ## Запустить EUnit тесты с подробным выводом @echo "Запуск EUnit тестов (verbose)..." diff --git a/include/records.hrl b/include/records.hrl index 68bf54f..8bcfb84 100644 --- a/include/records.hrl +++ b/include/records.hrl @@ -7,7 +7,7 @@ id :: binary(), email :: binary(), password_hash :: binary(), - role :: user | admin, + role :: user | bot, status :: active | frozen | deleted, created_at :: calendar:datetime(), updated_at :: calendar:datetime() @@ -20,6 +20,25 @@ type :: access | refresh }). +%% ------------------- АДМИНИСТРАТОРЫ ------------------------------------ +-record(admin, { + id :: binary(), + email :: binary(), + password_hash :: binary(), + role :: superadmin | moderator | support, + status :: active | blocked, + created_at :: calendar:datetime(), + updated_at :: calendar:datetime() +}). + +%% ------------------- СЕССИИ АДМИНИСТРАТОРОВ --------------------------- +-record(admin_session, { + token :: binary(), + admin_id :: binary(), + expires_at :: calendar:datetime(), + type :: refresh +}). + %% ------------------- Календари --------------------------------------- -record(calendar, { id :: binary(), diff --git a/src/core/core_admin.erl b/src/core/core_admin.erl new file mode 100644 index 0000000..adeb89a --- /dev/null +++ b/src/core/core_admin.erl @@ -0,0 +1,63 @@ +-module(core_admin). +-include("records.hrl"). +-export([create/3, get_by_email/1, get_by_id/1, list_all/0, + update_role/2, block/1, unblock/1, generate_id/0]). + +create(Email, Password, Role) -> + Id = generate_id(), + {ok, Hash} = argon2:hash(Password), + Now = calendar:universal_time(), + Admin = #admin{ + id = Id, + email = Email, + password_hash = Hash, + role = Role, + status = active, + created_at = Now, + updated_at = Now + }, + mnesia:dirty_write(Admin), + {ok, Admin}. + +get_by_email(Email) -> + Match = #admin{email = Email, _ = '_'}, + case mnesia:dirty_match_object(Match) of + [Admin] -> {ok, Admin}; + [] -> {error, not_found} + end. + +get_by_id(Id) -> + case mnesia:dirty_read({admin, Id}) of + [Admin] -> {ok, Admin}; + [] -> {error, not_found} + end. + +list_all() -> + mnesia:dirty_match_object(#admin{_ = '_'}). + +update_role(Id, NewRole) when is_atom(NewRole) -> + case get_by_id(Id) of + {ok, Admin} -> + Updated = Admin#admin{role = NewRole, updated_at = calendar:universal_time()}, + mnesia:dirty_write(Updated), + {ok, Updated}; + Error -> Error + end. + +block(Id) -> + update_status(Id, blocked). + +unblock(Id) -> + update_status(Id, active). + +update_status(Id, Status) -> + case get_by_id(Id) of + {ok, Admin} -> + Updated = Admin#admin{status = Status, updated_at = calendar:universal_time()}, + mnesia:dirty_write(Updated), + {ok, Updated}; + Error -> Error + end. + +generate_id() -> + base64:encode(crypto:strong_rand_bytes(16), #{mode => urlsafe, padding => false}). \ No newline at end of file diff --git a/src/core/core_admin_session.erl b/src/core/core_admin_session.erl new file mode 100644 index 0000000..199b62f --- /dev/null +++ b/src/core/core_admin_session.erl @@ -0,0 +1,35 @@ +-module(core_admin_session). +-include("records.hrl"). +-export([create/2, validate/1, delete/1]). + +-spec create(AdminId :: binary(), RefreshToken :: binary()) -> ok. +create(AdminId, RefreshToken) -> + Session = #admin_session{ + token = RefreshToken, + admin_id = AdminId, + expires_at = calendar:gregorian_seconds_to_datetime( + calendar:datetime_to_gregorian_seconds(calendar:universal_time()) + 30 * 24 * 3600), + type = refresh + }, + mnesia:dirty_write(Session), + ok. + +-spec validate(Token :: binary()) -> {ok, AdminId :: binary()} | {error, not_found | expired}. +validate(Token) -> + case mnesia:dirty_read({admin_session, Token}) of + [Session] -> + case Session#admin_session.expires_at > calendar:universal_time() of + true -> + {ok, Session#admin_session.admin_id}; + false -> + mnesia:dirty_delete({admin_session, Token}), + {error, expired} + end; + [] -> + {error, not_found} + end. + +-spec delete(Token :: binary()) -> ok. +delete(Token) -> + mnesia:dirty_delete({admin_session, Token}), + ok. \ No newline at end of file diff --git a/src/core/core_session.erl b/src/core/core_session.erl new file mode 100644 index 0000000..a26a103 --- /dev/null +++ b/src/core/core_session.erl @@ -0,0 +1,41 @@ +-module(core_session). +-include("records.hrl"). +-export([create/2, validate/1, delete/1]). + +-spec create(UserId :: binary(), RefreshToken :: binary()) -> ok. +create(UserId, RefreshToken) -> + Session = #session{ + token = RefreshToken, + user_id = UserId, + expires_at = calendar:gregorian_seconds_to_datetime( + calendar:datetime_to_gregorian_seconds(calendar:universal_time()) + 30 * 24 * 3600), + type = refresh + }, + mnesia:dirty_write(Session), + ok. + +-spec validate(Token :: binary()) -> {ok, UserId :: binary(), User :: #user{}} | {error, not_found | expired}. +validate(Token) -> + case mnesia:dirty_read({session, Token}) of + [Session] -> + case Session#session.expires_at > calendar:universal_time() of + true -> + % Получаем пользователя по ID из сессии + case mnesia:dirty_read({user, Session#session.user_id}) of + [User] -> + {ok, Session#session.user_id, User}; + [] -> + {error, not_found} + end; + false -> + mnesia:dirty_delete({session, Token}), + {error, expired} + end; + [] -> + {error, not_found} + end. + +-spec delete(Token :: binary()) -> ok. +delete(Token) -> + mnesia:dirty_delete({session, Token}), + ok. \ No newline at end of file diff --git a/src/handlers/admin/admin_handler_banned_words.erl b/src/handlers/admin/admin_handler_banned_words.erl index 78c2ab3..9ab8c34 100644 --- a/src/handlers/admin/admin_handler_banned_words.erl +++ b/src/handlers/admin/admin_handler_banned_words.erl @@ -95,7 +95,7 @@ update_banned_word(Word, Req) -> auth_admin(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> {ok, AdminId, Req1}; false -> {error, 403, <<"Admin access required">>, Req1} end; @@ -103,15 +103,6 @@ auth_admin(Req) -> {error, Code, Message, Req1} end. -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> - Role = User#user.role, - Role =:= admin orelse Role =:= superadmin orelse - Role =:= moderator orelse Role =:= support; - _ -> false - end. - banned_word_to_json(BW) -> #{ id => BW#banned_word.id, diff --git a/src/handlers/admin/admin_handler_health.erl b/src/handlers/admin/admin_handler_health.erl index 887f78a..8dc562f 100644 --- a/src/handlers/admin/admin_handler_health.erl +++ b/src/handlers/admin/admin_handler_health.erl @@ -1,15 +1,18 @@ -module(admin_handler_health). - +-behaviour(cowboy_handler). -export([init/2]). -init(Req, _Opts) -> +init(Req, State) -> case cowboy_req:method(Req) of <<"GET">> -> Body = jsx:encode(#{status => <<"ok">>}), - Req1 = cowboy_req:reply(200, #{<<"content-type">> => <<"application/json">>}, Body, Req), - {ok, Req1, []}; + Req2 = cowboy_req:reply(200, #{<<"content-type">> => <<"application/json">>}, Body, Req), + {ok, Req2, State}; _ -> - Body = jsx:encode(#{error => <<"Method not allowed">>}), - Req1 = cowboy_req:reply(405, #{<<"content-type">> => <<"application/json">>}, Body, Req), - {ok, Req1, []} - end. \ No newline at end of file + send_error(Req, 405, <<"Method not allowed">>) + end. + +send_error(Req, Status, Message) -> + Body = jsx:encode(#{error => Message}), + Req2 = cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req), + {ok, Req2, []}. \ No newline at end of file diff --git a/src/handlers/admin/admin_handler_login.erl b/src/handlers/admin/admin_handler_login.erl index ae5e8eb..1072748 100644 --- a/src/handlers/admin/admin_handler_login.erl +++ b/src/handlers/admin/admin_handler_login.erl @@ -12,13 +12,18 @@ init(Req0, State) -> #{<<"email">> := Email, <<"password">> := Password} -> case eventhub_auth:authenticate_admin_request(Req1, Email, Password) of {ok, Token, User} -> + % Генерация refresh-токена для администратора + {RefreshToken, _ExpiresAt} = eventhub_auth:generate_refresh_token(maps:get(id, User)), + % Сохранение refresh-токена в admin_session + core_admin_session:create(maps:get(id, User), RefreshToken), Resp = jsx:encode(#{ <<"token">> => Token, <<"user">> => #{ <<"id">> => maps:get(id, User), <<"email">> => maps:get(email, User), <<"role">> => maps:get(role, User) - } + }, + <<"refresh_token">> => RefreshToken }), Req2 = cowboy_req:reply(200, #{ <<"content-type">> => <<"application/json">>, @@ -26,14 +31,16 @@ init(Req0, State) -> }, Resp, Req1), {ok, Req2, State}; {error, insufficient_permissions} -> - error_response(403, insufficient_permissions, Req1, State); + error_response(403, <<"insufficient_permissions">>, Req1, State); + {error, Reason} when is_atom(Reason) -> + error_response(401, atom_to_binary(Reason, utf8), Req1, State); {error, Reason} -> error_response(401, Reason, Req1, State) end; _ -> - error_response(400, <<"invalid_request">>, Req1, State) + error_response(400, <<"Missing email or password">>, Req1, State) catch - _:_ -> error_response(400, <<"invalid_request">>, Req1, State) + _:_ -> error_response(400, <<"Invalid JSON">>, Req1, State) end; false -> error_response(400, <<"Missing request body">>, Req0, State) diff --git a/src/handlers/admin/admin_handler_moderation.erl b/src/handlers/admin/admin_handler_moderation.erl index b2153f3..2d42aa7 100644 --- a/src/handlers/admin/admin_handler_moderation.erl +++ b/src/handlers/admin/admin_handler_moderation.erl @@ -99,7 +99,7 @@ handle_user(_Id, _Action, Req) -> auth_admin(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> {ok, AdminId, Req1}; false -> {error, 403, <<"Admin access required">>, Req1} end; @@ -107,15 +107,6 @@ auth_admin(Req) -> {error, Code, Message, Req1} end. -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> - Role = User#user.role, - Role =:= admin orelse Role =:= superadmin orelse - Role =:= moderator orelse Role =:= support; - _ -> false - end. - calendar_to_json(C) -> #{ id => C#calendar.id, diff --git a/src/handlers/admin/admin_handler_report_by_id.erl b/src/handlers/admin/admin_handler_report_by_id.erl index 1460749..ad25d79 100644 --- a/src/handlers/admin/admin_handler_report_by_id.erl +++ b/src/handlers/admin/admin_handler_report_by_id.erl @@ -14,7 +14,7 @@ init(Req, _Opts) -> get_report(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> ReportId = cowboy_req:binding(id, Req1), case core_report:get_by_id(ReportId) of @@ -33,7 +33,7 @@ get_report(Req) -> update_report(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> ReportId = cowboy_req:binding(id, Req1), {ok, Body, Req2} = cowboy_req:read_body(Req1), @@ -60,15 +60,6 @@ update_report(Req) -> send_error(Req1, Code, Message) end. -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> - Role = User#user.role, - Role =:= admin orelse Role =:= superadmin orelse - Role =:= moderator orelse Role =:= support; - _ -> false - end. - report_to_json(R) -> #{ id => R#report.id, diff --git a/src/handlers/admin/admin_handler_reports.erl b/src/handlers/admin/admin_handler_reports.erl index 349682a..2397ad5 100644 --- a/src/handlers/admin/admin_handler_reports.erl +++ b/src/handlers/admin/admin_handler_reports.erl @@ -8,13 +8,13 @@ init(Req, _Opts) -> case cowboy_req:method(Req) of <<"GET">> -> list_reports(Req); <<"PUT">> -> update_report(Req); - _ -> send_error(Req, 405, <<"Method not allowed">>) + _ -> send_error(Req, 405, <<"Method not allowed">>) end. list_reports(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> {ok, Reports} = core_report:list_all(), send_json(Req1, 200, [report_to_json(R) || R <- Reports]); @@ -28,7 +28,7 @@ list_reports(Req) -> update_report(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> ReportId = cowboy_req:binding(id, Req1), {ok, Body, Req2} = cowboy_req:read_body(Req1), @@ -54,15 +54,6 @@ update_report(Req) -> send_error(Req1, Code, Message) end. -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> - Role = User#user.role, - Role =:= admin orelse Role =:= superadmin orelse - Role =:= moderator orelse Role =:= support; - _ -> false - end. - report_to_json(R) -> #{ id => R#report.id, diff --git a/src/handlers/admin/admin_handler_reviews.erl b/src/handlers/admin/admin_handler_reviews.erl index 78d24d1..ce78726 100644 --- a/src/handlers/admin/admin_handler_reviews.erl +++ b/src/handlers/admin/admin_handler_reviews.erl @@ -14,7 +14,7 @@ init(Req, _Opts) -> get_review(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> ReviewId = cowboy_req:binding(id, Req1), case core_review:get_by_id(ReviewId) of @@ -33,7 +33,7 @@ get_review(Req) -> update_review(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> ReviewId = cowboy_req:binding(id, Req1), {ok, Body, Req2} = cowboy_req:read_body(Req1), @@ -59,15 +59,6 @@ update_review(Req) -> send_error(Req1, Code, Message) end. -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> - Role = User#user.role, - Role =:= admin orelse Role =:= superadmin orelse - Role =:= moderator orelse Role =:= support; - _ -> false - end. - review_to_json(R) -> #{ id => R#review.id, diff --git a/src/handlers/admin/admin_handler_stats.erl b/src/handlers/admin/admin_handler_stats.erl index 56fc2af..4220e80 100644 --- a/src/handlers/admin/admin_handler_stats.erl +++ b/src/handlers/admin/admin_handler_stats.erl @@ -1,14 +1,8 @@ -module(admin_handler_stats). -include("records.hrl"). -export([init/2]). --export([count_users/0, count_calendars/0, count_events/0, count_bookings/0, - count_reviews/0, count_reports/0, count_tickets/0, count_subscriptions/0]). --export([is_admin/1]). -init(Req, Opts) -> - handle(Req, Opts). - -handle(Req, _Opts) -> +init(Req, _Opts) -> case cowboy_req:method(Req) of <<"GET">> -> get_stats(Req); _ -> send_error(Req, 405, <<"Method not allowed">>) @@ -17,7 +11,7 @@ handle(Req, _Opts) -> get_stats(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> Stats = #{ users => count_users(), @@ -37,16 +31,6 @@ get_stats(Req) -> send_error(Req1, Code, Message) end. -%% Вспомогательные функции -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> - Role = User#user.role, - Role =:= admin orelse Role =:= superadmin orelse - Role =:= moderator orelse Role =:= support; - _ -> false - end. - count_users() -> length(mnesia:dirty_match_object(#user{_ = '_'})). count_calendars() -> length(mnesia:dirty_match_object(#calendar{_ = '_'})). count_events() -> length(mnesia:dirty_match_object(#event{is_instance = false, _ = '_'})). diff --git a/src/handlers/admin/admin_handler_subscriptions.erl b/src/handlers/admin/admin_handler_subscriptions.erl index c791d15..ddc9298 100644 --- a/src/handlers/admin/admin_handler_subscriptions.erl +++ b/src/handlers/admin/admin_handler_subscriptions.erl @@ -114,7 +114,7 @@ delete_subscription(SubscriptionId, Req) -> auth_admin(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> {ok, AdminId, Req1}; false -> {error, 403, <<"Admin access required">>, Req1} end; @@ -122,15 +122,6 @@ auth_admin(Req) -> {error, Code, Message, Req1} end. -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> - Role = User#user.role, - Role =:= admin orelse Role =:= superadmin orelse - Role =:= moderator orelse Role =:= support; - _ -> false - end. - subscription_to_json(S) -> #{ id => S#subscription.id, diff --git a/src/handlers/admin/admin_handler_ticket_by_id.erl b/src/handlers/admin/admin_handler_ticket_by_id.erl index a1ad5a9..023d2b5 100644 --- a/src/handlers/admin/admin_handler_ticket_by_id.erl +++ b/src/handlers/admin/admin_handler_ticket_by_id.erl @@ -67,7 +67,7 @@ delete_ticket(Req) -> auth_admin(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> {ok, AdminId, Req1}; false -> {error, 403, <<"Admin access required">>, Req1} end; @@ -75,15 +75,6 @@ auth_admin(Req) -> {error, Code, Message, Req1} end. -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> - Role = User#user.role, - Role =:= admin orelse Role =:= superadmin orelse - Role =:= moderator orelse Role =:= support; - _ -> false - end. - ticket_to_json(T) -> #{ id => T#ticket.id, diff --git a/src/handlers/admin/admin_handler_ticket_stats.erl b/src/handlers/admin/admin_handler_ticket_stats.erl index 9146f9d..c12d384 100644 --- a/src/handlers/admin/admin_handler_ticket_stats.erl +++ b/src/handlers/admin/admin_handler_ticket_stats.erl @@ -22,7 +22,7 @@ get_stats(Req) -> auth_admin(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> {ok, AdminId, Req1}; false -> {error, 403, <<"Admin access required">>, Req1} end; @@ -30,15 +30,6 @@ auth_admin(Req) -> {error, Code, Message, Req1} end. -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> - Role = User#user.role, - Role =:= admin orelse Role =:= superadmin orelse - Role =:= moderator orelse Role =:= support; - _ -> false - end. - send_json(Req, Status, Data) -> Body = jsx:encode(Data), cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req), diff --git a/src/handlers/admin/admin_handler_tickets.erl b/src/handlers/admin/admin_handler_tickets.erl index 3252ac1..e073dd8 100644 --- a/src/handlers/admin/admin_handler_tickets.erl +++ b/src/handlers/admin/admin_handler_tickets.erl @@ -112,7 +112,7 @@ delete_ticket(TicketId, Req) -> auth_admin(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> {ok, AdminId, Req1}; false -> {error, 403, <<"Admin access required">>, Req1} end; @@ -120,15 +120,6 @@ auth_admin(Req) -> {error, Code, Message, Req1} end. -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> - Role = User#user.role, - Role =:= admin orelse Role =:= superadmin orelse - Role =:= moderator orelse Role =:= support; - _ -> false - end. - ticket_to_json(T) -> #{ id => T#ticket.id, diff --git a/src/handlers/admin/admin_handler_user_by_id.erl b/src/handlers/admin/admin_handler_user_by_id.erl index af94c40..a71cb7c 100644 --- a/src/handlers/admin/admin_handler_user_by_id.erl +++ b/src/handlers/admin/admin_handler_user_by_id.erl @@ -1,28 +1,22 @@ -module(admin_handler_user_by_id). -include("records.hrl"). -export([init/2]). --export([user_to_json/1, convert_updates/1]). -init(Req, Opts) -> - handle(Req, Opts). - -handle(Req, _Opts) -> +init(Req, _Opts) -> case cowboy_req:method(Req) of - <<"GET">> -> get_user(Req); - <<"PUT">> -> update_user(Req); + <<"GET">> -> get_user(Req); + <<"PUT">> -> update_user(Req); <<"DELETE">> -> delete_user(Req); - _ -> send_error(Req, 405, <<"Method not allowed">>) + _ -> send_error(Req, 405, <<"Method not allowed">>) end. get_user(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> UserId = cowboy_req:binding(id, Req1), case core_user:get_by_id(UserId) of - {ok, User} when User#user.status =:= deleted -> - send_error(Req1, 404, <<"User not found">>); {ok, User} -> send_json(Req1, 200, user_to_json(User)); {error, not_found} -> @@ -38,7 +32,7 @@ get_user(Req) -> update_user(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> UserId = cowboy_req:binding(id, Req1), {ok, Body, Req2} = cowboy_req:read_body(Req1), @@ -69,7 +63,7 @@ update_user(Req) -> delete_user(Req) -> case handler_auth:authenticate(Req) of {ok, AdminId, Req1} -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> UserId = cowboy_req:binding(id, Req1), case core_user:delete(UserId) of @@ -85,12 +79,6 @@ delete_user(Req) -> send_error(Req1, Code, Message) end. -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> User#user.role =:= admin; - _ -> false - end. - user_to_json(User) -> #{ id => User#user.id, diff --git a/src/handlers/admin/admin_handler_users.erl b/src/handlers/admin/admin_handler_users.erl index 666c0c0..1d1f04e 100644 --- a/src/handlers/admin/admin_handler_users.erl +++ b/src/handlers/admin/admin_handler_users.erl @@ -1,35 +1,40 @@ -module(admin_handler_users). --behaviour(cowboy_handler). +-include("records.hrl"). -export([init/2]). init(Req, _Opts) -> case cowboy_req:method(Req) of - <<"GET">> -> - case handler_auth:authenticate(Req) of - {ok, _UserId, Req1} -> - {ok, Users} = core_user:list_users(), - Response = [user_to_map(U) || U <- Users], - send_json(Req1, 200, Response); - {error, Code, Message, Req1} -> - send_error(Req1, Code, Message) - end; - _ -> - send_error(Req, 405, <<"Method not allowed">>) + <<"GET">> -> list_users(Req); + _ -> send_error(Req, 405, <<"Method not allowed">>) end. -user_to_map(User) -> +list_users(Req) -> + case handler_auth:authenticate(Req) of + {ok, AdminId, Req1} -> + case admin_utils:is_admin(AdminId) of + true -> + Users = core_user:list_users(), + send_json(Req1, 200, [user_to_json(U) || U <- Users]); + false -> + send_error(Req1, 403, <<"Admin access required">>) + end; + {error, Code, Message, Req1} -> + send_error(Req1, Code, Message) + end. + +user_to_json(U) -> #{ - id => maps:get(id, User), - email => maps:get(email, User), - role => maps:get(role, User), - status => maps:get(status, User), - created_at => datetime_to_iso8601(maps:get(created_at, User)), - updated_at => datetime_to_iso8601(maps:get(updated_at, User)) + id => U#user.id, + email => U#user.email, + role => U#user.role, + status => U#user.status, + created_at => datetime_to_iso8601(U#user.created_at), + updated_at => datetime_to_iso8601(U#user.updated_at) }. -datetime_to_iso8601({{Year, Month, Day}, {Hour, Minute, Second}}) -> - iolist_to_binary(io_lib:format("~4..0B-~2..0B-~2..0BT~2..0B:~2..0B:~2..0BZ", - [Year, Month, Day, Hour, Minute, Second])). +datetime_to_iso8601({{Y,M,D},{H,Min,S}}) -> + iolist_to_binary(io_lib:format("~4..0B-~2..0B-~2..0BT~2..0B:~2..0B:~2..0BZ", [Y,M,D,H,Min,S])); +datetime_to_iso8601(_) -> null. send_json(Req, Status, Data) -> Body = jsx:encode(Data), diff --git a/src/handlers/admin/admin_ws_handler.erl b/src/handlers/admin/admin_ws_handler.erl index 8c5f99e..6150d01 100644 --- a/src/handlers/admin/admin_ws_handler.erl +++ b/src/handlers/admin/admin_ws_handler.erl @@ -22,7 +22,7 @@ init(Req, _Opts) -> case logic_auth:verify_jwt(Token) of {ok, UserId, Role} -> io:format("[ADMIN_WS] UserId: ~s, Role: ~s~n", [UserId, Role]), - case is_admin_role(Role) of + case admin_utils:is_admin(Role) of true -> io:format("[ADMIN_WS] Admin access granted~n"), {cowboy_websocket, Req, #state{admin_id = UserId}}; @@ -81,7 +81,4 @@ websocket_info(_Info, State) -> terminate(_Reason, _Req, _State) -> pg:leave(eventhub_admin_ws, self()), - ok. - -is_admin_role(Role) -> - lists:member(Role, [<<"admin">>, <<"superadmin">>, <<"moderator">>, <<"support">>]). \ No newline at end of file + ok. \ No newline at end of file diff --git a/src/handlers/handler_login.erl b/src/handlers/handler_login.erl index f100b73..1122b39 100644 --- a/src/handlers/handler_login.erl +++ b/src/handlers/handler_login.erl @@ -2,7 +2,7 @@ -behaviour(cowboy_handler). -export([init/2]). --include("records.hrl"). %% ← необходим для #session{} +-include("records.hrl"). init(Req0, State) -> handle(Req0, State). @@ -21,8 +21,8 @@ handle(Req, _Opts) -> #{<<"email">> := Email, <<"password">> := Password} -> case eventhub_auth:authenticate_user_request(Req1, Email, Password) of {ok, Token, User} -> - {RefreshToken, ExpiresAt} = eventhub_auth:generate_refresh_token(maps:get(id, User)), - save_refresh_token(maps:get(id, User), RefreshToken, ExpiresAt), + {RefreshToken, _ExpiresAt} = eventhub_auth:generate_refresh_token(maps:get(id, User)), + core_session:create(maps:get(id, User), RefreshToken), Response = #{ user => #{ id => maps:get(id, User), @@ -53,15 +53,6 @@ handle(Req, _Opts) -> send_error(Req, 405, <<"Method not allowed">>) end. -save_refresh_token(UserId, Token, ExpiresAt) -> - Session = #session{ %% record определён в records.hrl - token = Token, - user_id = UserId, - expires_at = ExpiresAt, - type = refresh - }, - mnesia:dirty_write(Session). - send_json(Req, Status, Data) -> Body = jsx:encode(Data), cowboy_req:reply(Status, #{ diff --git a/src/handlers/handler_refresh.erl b/src/handlers/handler_refresh.erl index 5285fa0..5a84c37 100644 --- a/src/handlers/handler_refresh.erl +++ b/src/handlers/handler_refresh.erl @@ -8,41 +8,12 @@ init(Req0, _Opts) -> {ok, Body, Req1} = cowboy_req:read_body(Req0), try jsx:decode(Body, [return_maps]) of #{<<"refresh_token">> := RefreshToken} -> - case get_session(RefreshToken) of - {ok, Session} -> - % Проверяем, не истекла ли сессия - case Session#session.expires_at > calendar:universal_time() of - true -> - % Генерируем новый access-токен и refresh-токен - User = get_user(Session#session.user_id), - NewToken = eventhub_auth:generate_user_token( - User#user.id, - atom_to_binary(User#user.role, utf8) - ), - {NewRefreshToken, ExpiresAt} = - eventhub_auth:generate_refresh_token(User#user.id), - % Удаляем старую сессию и сохраняем новую - mnesia:dirty_delete_object(Session), - NewSession = #session{ - token = NewRefreshToken, - user_id = User#user.id, - expires_at = ExpiresAt, - type = refresh - }, - mnesia:dirty_write(NewSession), - Resp = jsx:encode(#{ - token => NewToken, - refresh_token => NewRefreshToken - }), - cowboy_req:reply(200, #{ - <<"content-type">> => <<"application/json">> - }, Resp, Req1); - false -> - mnesia:dirty_delete_object(Session), - send_error(Req1, 401, <<"Refresh token expired">>) - end; - {error, not_found} -> - send_error(Req1, 401, <<"Refresh token not found">>) + case find_and_refresh(RefreshToken) of + {ok, NewTokenPair} -> + Resp = jsx:encode(NewTokenPair), + cowboy_req:reply(200, #{<<"content-type">> => <<"application/json">>}, Resp, Req1); + {error, Reason} -> + send_error(Req1, 401, Reason) end; _ -> send_error(Req1, 400, <<"Missing refresh_token field">>) @@ -53,15 +24,50 @@ init(Req0, _Opts) -> send_error(Req0, 405, <<"Method not allowed">>) end. -get_session(Token) -> - case mnesia:dirty_read({session, Token}) of - [Session] -> {ok, Session}; - [] -> {error, not_found} +%% -------------------------------------------------------- +%% Общая логика: проверяет обе таблицы сессий +%% -------------------------------------------------------- + +find_and_refresh(RefreshToken) -> + case core_session:validate(RefreshToken) of + {ok, UserId, User} -> + user_refresh(UserId, User, RefreshToken); + {error, not_found} -> + case core_admin_session:validate(RefreshToken) of + {ok, AdminId} -> + admin_refresh(AdminId, RefreshToken); + {error, not_found} -> + {error, <<"Refresh token not found">>}; + {error, expired} -> + {error, <<"Refresh token expired">>} + end; + {error, expired} -> + {error, <<"Refresh token expired">>} end. -get_user(UserId) -> - [User] = mnesia:dirty_read({user, UserId}), - User. +user_refresh(UserId, User, OldToken) -> + % Удаляем старый refresh-токен + core_session:delete(OldToken), + % Генерируем новый access-токен и refresh-токен + Role = atom_to_binary(User#user.role, utf8), + NewToken = eventhub_auth:generate_user_token(UserId, Role), + {NewRefreshToken, _ExpiresAt} = eventhub_auth:generate_refresh_token(UserId), + % Сохраняем новый refresh-токен в таблице session + core_session:create(UserId, NewRefreshToken), + {ok, #{token => NewToken, refresh_token => NewRefreshToken}}. + +admin_refresh(AdminId, OldToken) -> + % Удаляем старый refresh-токен + core_admin_session:delete(OldToken), + % Получаем роль админа + {ok, Admin} = core_admin:get_by_id(AdminId), + Role = atom_to_binary(Admin#admin.role, utf8), + % Генерируем новый access-токен и refresh-токен + NewToken = eventhub_auth:generate_admin_token(AdminId, Role), + {NewRefreshToken, _ExpiresAt} = eventhub_auth:generate_refresh_token(AdminId), + % Сохраняем новый refresh-токен в таблице admin_session + core_admin_session:create(AdminId, NewRefreshToken), + {ok, #{token => NewToken, refresh_token => NewRefreshToken}}. send_error(Req, Status, Message) -> Body = jsx:encode(#{error => Message}), diff --git a/src/handlers/handler_ticket_by_id.erl b/src/handlers/handler_ticket_by_id.erl index f183a72..fc4bc65 100644 --- a/src/handlers/handler_ticket_by_id.erl +++ b/src/handlers/handler_ticket_by_id.erl @@ -19,7 +19,7 @@ get_ticket(Req) -> case core_ticket:get_by_id(TicketId) of {ok, Ticket} -> io:format("[TICKET_BY_ID] Found ticket, reporter_id: ~s~n", [Ticket#ticket.reporter_id]), - case is_admin(UserId) orelse Ticket#ticket.reporter_id =:= UserId of + case Ticket#ticket.reporter_id =:= UserId of true -> io:format("[TICKET_BY_ID] Access granted~n"), send_json(Req1, 200, ticket_to_json(Ticket)); @@ -45,7 +45,7 @@ update_ticket(Req) -> Updates when is_map(Updates) -> case core_ticket:get_by_id(TicketId) of {ok, Ticket} -> - case is_admin(UserId) orelse Ticket#ticket.reporter_id =:= UserId of + case Ticket#ticket.reporter_id =:= UserId of true -> case core_ticket:update_ticket(TicketId, Updates) of {ok, Updated} -> send_json(Req2, 200, ticket_to_json(Updated)); @@ -63,12 +63,6 @@ update_ticket(Req) -> send_error(Req1, Code, Message) end. -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, U} -> lists:member(U#user.role, [admin, superadmin, moderator, support]); - _ -> false - end. - ticket_to_json(T) -> #{ id => T#ticket.id, diff --git a/src/handlers/handler_tickets.erl b/src/handlers/handler_tickets.erl index 74d61d0..53d47be 100644 --- a/src/handlers/handler_tickets.erl +++ b/src/handlers/handler_tickets.erl @@ -17,7 +17,7 @@ handle(Req, _Opts) -> list_tickets(Req) -> case handler_auth:authenticate(Req) of {ok, UserId, Req1} -> - case is_admin(UserId) of + case admin_utils:is_admin(UserId) of true -> Tickets = core_ticket:list_all(), send_json(Req1, 200, [ticket_to_json(T) || T <- Tickets]); @@ -51,13 +51,6 @@ create_ticket(Req) -> send_error(Req1, Code, Message) end. -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> - lists:member(User#user.role, [admin, superadmin, moderator, support]); - _ -> false - end. - ticket_to_json(T) -> #{ id => T#ticket.id, diff --git a/src/infra/admin_utils.erl b/src/infra/admin_utils.erl new file mode 100644 index 0000000..abd9149 --- /dev/null +++ b/src/infra/admin_utils.erl @@ -0,0 +1,13 @@ +-module(admin_utils). +-include("records.hrl"). + +-export([is_admin/1]). + +is_admin(UserId) -> + case core_admin:get_by_id(UserId) of + {ok, User} -> + Role = User#admin.role, + Role =:= admin orelse Role =:= superadmin orelse + Role =:= moderator orelse Role =:= support; + _ -> false + end. \ No newline at end of file diff --git a/src/infra/eventhub_auth.erl b/src/infra/eventhub_auth.erl index b29f4ce..c06fef2 100644 --- a/src/infra/eventhub_auth.erl +++ b/src/infra/eventhub_auth.erl @@ -130,14 +130,14 @@ authenticate_user_request(_Req, Email, Password) -> -spec authenticate_admin_request(Req :: cowboy_req:req(), Email :: binary(), Password :: binary()) -> {ok, Token :: binary(), User :: map()} | {error, atom()}. authenticate_admin_request(_Req, Email, Password) -> - case logic_auth:authenticate_user(Email, Password) of - {ok, User} -> - Role = maps:get(role, User, <<"admin">>), - case is_admin_role(Role) of + case logic_auth:authenticate_admin(Email, Password) of + {ok, AdminMap} -> + Role = maps:get(role, AdminMap, <<"admin">>), + case admin_utils:is_admin(Role) of true -> - UserId = maps:get(id, User), - Token = generate_admin_token(UserId, Role), - {ok, Token, User}; + AdminId = maps:get(id, AdminMap), + Token = generate_admin_token(AdminId, Role), + {ok, Token, AdminMap}; false -> {error, insufficient_permissions} end; Error -> Error @@ -152,9 +152,4 @@ generate_refresh_token(_UserId) -> ExpiresAt = calendar:gregorian_seconds_to_datetime( calendar:datetime_to_gregorian_seconds(Now) + 30 * 24 * 3600 ), - {RefreshToken, ExpiresAt}. - -%% ========== ВНУТРЕННИЕ ========== - -is_admin_role(Role) -> - lists:member(Role, [<<"admin">>, <<"superadmin">>, <<"moderator">>, <<"support">>]). \ No newline at end of file + {RefreshToken, ExpiresAt}. \ No newline at end of file diff --git a/src/infra/infra_mnesia.erl b/src/infra/infra_mnesia.erl index e2d429a..a0581f6 100644 --- a/src/infra/infra_mnesia.erl +++ b/src/infra/infra_mnesia.erl @@ -8,7 +8,7 @@ -export([init/1, handle_call/3, handle_cast/2, handle_info/2, terminate/2, code_change/3]). -define(TABLES, [ - user, session, calendar, calendar_share, event, recurrence_exception, + user, session, admin, admin_session, calendar, calendar_share, event, recurrence_exception, booking, review, report, banned_word, ticket, subscription, audit_log ]). @@ -62,7 +62,7 @@ create_table(Table) -> {atomic, ok} -> ok; {aborted, {already_exists, _}} -> - ok; + ok; % таблица уже существует – пропускаем {aborted, Reason} -> error({table_creation_failed, Table, Reason}) end. @@ -78,6 +78,16 @@ table_opts(session) -> {attributes, record_info(fields, session)}, {ram_copies, [node()]} ]; +table_opts(admin) -> + [ + {attributes, record_info(fields, admin)}, + {ram_copies, [node()]} + ]; +table_opts(admin_session) -> + [ + {attributes, record_info(fields, admin_session)}, + {ram_copies, [node()]} + ]; table_opts(calendar) -> [ {attributes, record_info(fields, calendar)}, diff --git a/src/logic/logic_auth.erl b/src/logic/logic_auth.erl index 84a6f55..c148a38 100644 --- a/src/logic/logic_auth.erl +++ b/src/logic/logic_auth.erl @@ -2,7 +2,8 @@ -export([hash_password/1, verify_password/2, generate_jwt/2, verify_jwt/1, generate_refresh_token/1, - authenticate_user/2]). + authenticate_user/2, + authenticate_admin/2]). -include("records.hrl"). @@ -26,18 +27,27 @@ authenticate_user(Email, Password) -> {ok, User} -> case verify_password(Password, User#user.password_hash) of {ok, true} -> - {ok, user_to_map(User)}; - _ -> - {error, invalid_credentials} + {ok, #{ + id => User#user.id, + email => User#user.email, + role => atom_to_binary(User#user.role, utf8) + }}; + _ -> {error, invalid_credentials} end; - {error, not_found} -> - {error, invalid_credentials} + {error, not_found} -> {error, invalid_credentials} end. -user_to_map(User) -> - #{ - id => User#user.id, - email => User#user.email, - role => atom_to_binary(User#user.role, utf8), - status => atom_to_binary(User#user.status, utf8) - }. \ No newline at end of file +authenticate_admin(Email, Password) -> + case core_admin:get_by_email(Email) of + {ok, Admin} -> + case verify_password(Password, Admin#admin.password_hash) of + {ok, true} -> + {ok, #{ + id => Admin#admin.id, + email => Admin#admin.email, + role => atom_to_binary(Admin#admin.role, utf8) + }}; + _ -> {error, invalid_credentials} + end; + {error, not_found} -> {error, invalid_credentials} + end. \ No newline at end of file diff --git a/src/logic/logic_moderation.erl b/src/logic/logic_moderation.erl index 239cf4c..f7038be 100644 --- a/src/logic/logic_moderation.erl +++ b/src/logic/logic_moderation.erl @@ -43,20 +43,20 @@ create_report(ReporterId, TargetType, TargetId, Reason) -> end. get_reports(AdminId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> core_report:list_all(); false -> {error, access_denied} end. get_reports_by_target(AdminId, TargetType, TargetId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> core_report:list_by_target(TargetType, TargetId); false -> {error, access_denied} end. resolve_report(AdminId, ReportId, Action) when Action =:= reviewed; Action =:= dismissed -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> case core_report:get_by_id(ReportId) of {ok, Report} -> @@ -99,19 +99,19 @@ auto_freeze(_, _) -> ok. %% ============ Бан-лист =================================== add_banned_word(AdminId, Word) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> core_banned_words:add_banned_word(Word, AdminId); false -> {error, access_denied} end. remove_banned_word(AdminId, Word) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> core_banned_words:remove_banned_word(Word); false -> {error, access_denied} end. list_banned_words(AdminId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> {ok, core_banned_words:list_banned_words()}; false -> {error, access_denied} end. @@ -143,7 +143,7 @@ auto_moderate(Text) -> %% ============ Заморозка/разморозка ======================= freeze_calendar(AdminId, CalendarId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> case core_calendar:get_by_id(CalendarId) of {ok, _Calendar} -> @@ -154,7 +154,7 @@ freeze_calendar(AdminId, CalendarId) -> end. unfreeze_calendar(AdminId, CalendarId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> case core_calendar:get_by_id(CalendarId) of {ok, _Calendar} -> @@ -165,7 +165,7 @@ unfreeze_calendar(AdminId, CalendarId) -> end. freeze_event(AdminId, EventId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> case core_event:get_by_id(EventId) of {ok, _Event} -> @@ -176,7 +176,7 @@ freeze_event(AdminId, EventId) -> end. unfreeze_event(AdminId, EventId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> case core_event:get_by_id(EventId) of {ok, _Event} -> @@ -198,10 +198,4 @@ target_exists(calendar, CalendarId) -> {ok, _} -> true; _ -> false end; -target_exists(_, _) -> false. - -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> User#user.role =:= admin; - _ -> false - end. \ No newline at end of file +target_exists(_, _) -> false. \ No newline at end of file diff --git a/src/logic/logic_review.erl b/src/logic/logic_review.erl index e7d3db2..cdef096 100644 --- a/src/logic/logic_review.erl +++ b/src/logic/logic_review.erl @@ -36,7 +36,7 @@ create_review(UserId, TargetType, TargetId, Rating, Comment) -> get_review(UserId, ReviewId) -> case core_review:get_by_id(ReviewId) of {ok, Review} -> - case is_admin(UserId) orelse Review#review.status =:= visible of + case admin_utils:is_admin(UserId) orelse Review#review.status =:= visible of true -> {ok, Review}; false -> {error, access_denied} end; @@ -48,7 +48,7 @@ get_review(UserId, ReviewId) -> list_reviews(UserId, TargetType, TargetId) -> case core_review:list_by_target(TargetType, TargetId) of {ok, Reviews} -> - case is_admin(UserId) of + case admin_utils:is_admin(UserId) of true -> {ok, Reviews}; false -> {ok, [R || R <- Reviews, R#review.status =:= visible]} end; @@ -95,7 +95,7 @@ update_review(UserId, ReviewId, Updates) -> delete_review(UserId, ReviewId) -> case core_review:get_by_id(ReviewId) of {ok, Review} -> - case Review#review.user_id =:= UserId orelse is_admin(UserId) of + case Review#review.user_id =:= UserId orelse admin_utils:is_admin(UserId) of true -> TargetType = Review#review.target_type, TargetId = Review#review.target_id, @@ -159,7 +159,7 @@ can_review(UserId, TargetType, TargetId) -> %% Проверка, может ли пользователь модерировать отзыв (скрыть/раскрыть) can_moderate_review(UserId, ReviewId) -> - case is_admin(UserId) of + case admin_utils:is_admin(UserId) of true -> true; false -> @@ -200,12 +200,6 @@ target_exists(calendar, CalendarId) -> end; target_exists(_, _) -> false. -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> User#user.role =:= admin; - _ -> false - end. - update_target_rating(event, EventId) -> {Avg, Count} = core_review:get_average_rating(event, EventId), io:format("Updating event ~p rating: avg=~p, count=~p~n", [EventId, Avg, Count]), diff --git a/src/logic/logic_subscription.erl b/src/logic/logic_subscription.erl index c18a791..74bbbae 100644 --- a/src/logic/logic_subscription.erl +++ b/src/logic/logic_subscription.erl @@ -57,7 +57,7 @@ activate_subscription(UserId, Plan, PaymentInfo) -> %% Отменить подписку cancel_subscription(AdminId, SubscriptionId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> case core_subscription:get_by_id(SubscriptionId) of {ok, _Subscription} -> @@ -80,7 +80,7 @@ get_user_subscription(UserId) -> %% Получить подписку по ID (только админ) get_subscription(AdminId, SubscriptionId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> core_subscription:get_by_id(SubscriptionId); false -> {error, access_denied} end. @@ -137,12 +137,6 @@ handle_expired_subscriptions() -> %% ============ Внутренние функции ============ -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> User#user.role =:= admin; - _ -> false - end. - plan_price(monthly) -> 999; % $9.99 plan_price(quarterly) -> 2499; % $24.99 plan_price(biannual) -> 4499; % $44.99 diff --git a/src/logic/logic_ticket.erl b/src/logic/logic_ticket.erl index cffcde7..82d4076 100644 --- a/src/logic/logic_ticket.erl +++ b/src/logic/logic_ticket.erl @@ -40,21 +40,21 @@ report_error(ErrorMessage, Stacktrace, Context) -> %% Получить тикет (только для админов) get_ticket(AdminId, TicketId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> core_ticket:get_by_id(TicketId); false -> {error, access_denied} end. %% Список всех тикетов (только для админов) list_tickets(AdminId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> core_ticket:list_all(); false -> {error, access_denied} end. %% Список тикетов по статусу (только для админов) list_tickets_by_status(AdminId, Status) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> All = core_ticket:list_all(), [T || T <- All, T#ticket.status =:= Status]; @@ -63,21 +63,21 @@ list_tickets_by_status(AdminId, Status) -> %% Обновить статус тикета update_status(AdminId, TicketId, Status) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> core_ticket:update_ticket(TicketId, #{<<"status">> => Status}); false -> {error, access_denied} end. %% Назначить тикет администратору assign_ticket(AdminId, TicketId, AssignToId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> core_ticket:update_ticket(TicketId, #{<<"assigned_to">> => AssignToId}); false -> {error, access_denied} end. %% Отметить тикет как решённый с примечанием resolve_ticket(AdminId, TicketId, ResolutionNote) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> core_ticket:update_ticket(TicketId, #{ <<"status">> => <<"closed">>, @@ -88,14 +88,14 @@ resolve_ticket(AdminId, TicketId, ResolutionNote) -> %% Закрыть тикет close_ticket(AdminId, TicketId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> core_ticket:update_ticket(TicketId, #{<<"status">> => <<"closed">>}); false -> {error, access_denied} end. %% Получить статистику по тикетам get_statistics(AdminId) -> - case is_admin(AdminId) of + case admin_utils:is_admin(AdminId) of true -> All = core_ticket:list_all(), Open = length([T || T <- All, T#ticket.status =:= open]), @@ -116,11 +116,5 @@ get_statistics(AdminId) -> %% ============ Вспомогательные функции ============ -is_admin(UserId) -> - case core_user:get_by_id(UserId) of - {ok, User} -> User#user.role =:= admin; - _ -> false - end. - notify_admins(_Ticket) -> ok. \ No newline at end of file