bterkuile/mozo-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(action_cable): allow employee to subscribe to supplier channel

Browse Source 
- Employee authenticates via auth_token, acts on behalf of a Supplier
- Connection now accepts ?supplier_id=ID query param
- identified_by :current_supplier_id added
- MozoChannel#authorized? allows :employee to subscribe to supplier_<id>
  when current_supplier_id matches
This commit is contained in:
BenClaw
2026-05-17 21:08:38 +02:00
parent 4a4e076416
commit c48f4d9041
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/channels/mozo_channel.rb
+4 -1
View File
@@ -31,7 +31,10 @@ class MozoChannel < ApplicationCable::Channel
when 'user'
connection.current_entity_type == :user && connection.current_user.id.to_s == id
when 'supplier'
connection.current_entity_type == :supplier && connection.current_user.id.to_s == id
# Supplier app: Employee logs in, acts on behalf of a Supplier.
# The supplier_id is passed as a query param when connecting.
(connection.current_entity_type == :supplier && connection.current_user.id.to_s == id) ||
(connection.current_entity_type == :employee && connection.current_supplier_id.to_s == id)
when 'employee'
connection.current_entity_type == :employee && connection.current_user.id.to_s == id
else