conmed-authserver/local/modules/conmed.authserver/lib/profiletrait.php

<?php
namespace Conmed\Authserver;

use Bitrix\Main\Context;
use Bitrix\Highloadblock\HighloadBlockTable;
use Bitrix\Main\Loader;

trait ProfileTrait {
    
    // 1. ПОЛУЧЕНИЕ ДАННЫХ (Вызывается при входе)
    public static function userAction() {
        header('Content-Type: application/json');
        $req = Context::getCurrent()->getRequest();
        
        $auth = $req->getHeader('Authorization');
        $token = (preg_match('/Bearer\s+(.*)$/i', $auth, $m)) ? trim($m[1]) : $req->get("access_token");
        
        $uid = self::getUidByToken($token);
        
        if($uid) {
            $u = \CUser::GetByID($uid)->Fetch();
            
            // --- ИСПРАВЛЕННАЯ ЛОГИКА ГРУПП ---
            $specNames = []; // Названия (только 555)
            $specCodes = []; // Коды (только 555) - для чекбоксов
            $allCodes = [];  // Все коды вообще - для прав доступа
            
            $rs = \Bitrix\Main\GroupTable::getList([
                'filter' => ['ID' => \CUser::GetUserGroup($u['ID']), '=ACTIVE' => 'Y'],
                'select' => ['NAME', 'STRING_ID', 'C_SORT']
            ]);
            
            while($g = $rs->fetch()) {
                // 1. В общий список прав добавляем все, у чего есть код
                if($g['STRING_ID']) {
                    $allCodes[] = $g['STRING_ID'];
                }
                
                // 2. В списки СПЕЦИАЛЬНОСТЕЙ - только с сортировкой 555
                if($g['C_SORT'] == 555) {
                    $specNames[] = $g['NAME'];
                    if($g['STRING_ID']) {
                        $specCodes[] = $g['STRING_ID'];
                    }
                }
            }
            // ---------------------------------

            echo json_encode([
                'id' => $u['ID'], 
                'login' => $u['LOGIN'], 
                'email' => $u['EMAIL'], 
                'name' => $u['NAME'], 
                'last_name' => $u['LAST_NAME'], 
                'second_name' => $u['SECOND_NAME'],
                'city' => $u['PERSONAL_CITY'], 
                'phone' => $u['PERSONAL_MOBILE'], // Ваша правка
                'country' => $u['PERSONAL_COUNTRY'],
                
                'specialties' => $specNames,        
                'specialties_code' => $specCodes,   // Теперь тут только специальности!
                'groups_code' => $allCodes
            ]);
        } else { 
            header('HTTP/1.0 401 Unauthorized'); 
        }
    }

    // 2. ОБНОВЛЕНИЕ ДАННЫХ
    public static function updateAction() {
        header('Content-Type: application/json'); 
        $req = Context::getCurrent()->getRequest();
        
        if(!self::checkClient($req->getPost("client_id"), $req->getPost("client_secret"))) {
            die(json_encode(['error'=>'forbidden']));
        }
        
        $uid = self::getUidByToken($req->getPost("access_token"));
        if(!$uid) die(json_encode(['error'=>'invalid_token']));

        $fields = [
            "NAME" => $req->getPost("name"),
            "LAST_NAME" => $req->getPost("last_name"),
            "SECOND_NAME" => $req->getPost("second_name"),
            "PERSONAL_MOBILE" => $req->getPost("phone"), // Ваша правка
            "PERSONAL_CITY" => $req->getPost("city"),
            "PERSONAL_COUNTRY" => $req->getPost("country")
        ];

        $newSpecs = $req->getPost("specialties"); // Приходит массив кодов
        
        $resNames = []; 
        $resSpecCodes = []; 

        if(is_array($newSpecs)) {
            $curG = \CUser::GetUserGroup($uid); 
            $finalG = []; 
            $allSpecGIds = [];
            
            // Получаем ID всех групп-специальностей (555)
            $rs = \Bitrix\Main\GroupTable::getList(['filter'=>['=C_SORT'=>555],'select'=>['ID']]);
            while($g = $rs->fetch()) $allSpecGIds[] = $g['ID'];
            
            // Оставляем у юзера только НЕ специальности
            foreach($curG as $gid) {
                if(!in_array($gid, $allSpecGIds)) $finalG[] = $gid;
            }
            
            // Добавляем новые выбранные
            $rs = \Bitrix\Main\GroupTable::getList(['filter'=>['=STRING_ID'=>$newSpecs, '=C_SORT'=>555]]); 
            while($g = $rs->fetch()) { 
                $finalG[] = $g['ID']; 
                $resNames[] = $g['NAME']; 
                $resSpecCodes[] = $g['STRING_ID'];
            }
            $fields["GROUP_ID"] = $finalG;
        }

        $user = new \CUser;
        if($user->Update($uid, $fields)) {
            self::audit("PROFILE_UPDATED", $req->getPost("client_id"), $uid);
            
            echo json_encode([
                'status' => 'success', 
                'new_specialties' => $resNames, 
                'new_specialties_code' => $resSpecCodes
            ]);
        } else {
            echo json_encode(['status' => 'error', 'message' => strip_tags($user->LAST_ERROR)]);
        }
    }

    public static function passwordAction() {
        header('Content-Type: application/json'); 
        $req = Context::getCurrent()->getRequest();
        
        if(!self::checkClient($req->getPost("client_id"), $req->getPost("client_secret"))) {
            die(json_encode(['error'=>'forbidden']));
        }
        
        $uid = self::getUidByToken($req->getPost("access_token"));
        if(!$uid) die(json_encode(['error'=>'invalid_token']));

        $np = $req->getPost("new_password");
        $v = self::validatePassword($np); 
        if($v !== true) die(json_encode(['status'=>'error', 'message'=>$v]));

        if((new \CUser)->Update($uid, ["PASSWORD"=>$np, "CONFIRM_PASSWORD"=>$np])) {
            self::audit("PASS_CHANGED", $req->getPost("client_id"), $uid);
            echo json_encode(['status'=>'success']);
        } else {
            echo json_encode(['status'=>'error', 'message'=>strip_tags((new \CUser)->LAST_ERROR)]);
        }
    }
}