bterkuile/mozo-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(action_cable): allow employee to subscribe to supplier channel

Browse Source 
- Employee authenticates via auth_token, acts on behalf of a Supplier
- Connection now accepts ?supplier_id=ID query param
- identified_by :current_supplier_id added
- MozoChannel#authorized? allows :employee to subscribe to supplier_<id>
  when current_supplier_id matches
This commit is contained in:
BenClaw
2026-05-17 21:08:38 +02:00
parent 4a4e076416
commit c48f4d9041
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/channels/application_cable/connection.rb
+9 -1
View File
@@ -4,7 +4,13 @@ module ApplicationCable
class Connection < ActionCable::Connection::Base class Connection < ActionCable::Connection::Base
# Authenticate via auth_token (same mechanism used in ApplicationController#authenticate_employee!) # Authenticate via auth_token (same mechanism used in ApplicationController#authenticate_employee!)
# Clients should pass ?auth_token=TOKEN when connecting to the WebSocket. # Clients should pass ?auth_token=TOKEN when connecting to the WebSocket.
identified_by :current_user, :current_entity_type #
# Auth flows:
# User app: ?auth_token=<user_token>
# Supplier app: ?auth_token=<employee_token>&supplier_id=<id>
# (Employee logs in, acts on behalf of a specific Supplier)
#
identified_by :current_user, :current_entity_type, :current_supplier_id
def connect def connect
token = request.params[:auth_token].presence token = request.params[:auth_token].presence
@@ -13,6 +19,8 @@ module ApplicationCable
if (employee = Employee.find_by_authentication_token(token)) if (employee = Employee.find_by_authentication_token(token))
self.current_user = employee self.current_user = employee
self.current_entity_type = :employee self.current_entity_type = :employee
# Employee acts on behalf of a supplier — passed as query param
self.current_supplier_id = request.params[:supplier_id]
elsif (user = User.find_by_authentication_token(token)) elsif (user = User.find_by_authentication_token(token))
self.current_user = user self.current_user = user
self.current_entity_type = :user self.current_entity_type = :user
app/channels/mozo_channel.rb
+4 -1
View File
@@ -31,7 +31,10 @@ class MozoChannel < ApplicationCable::Channel
when 'user' when 'user'
connection.current_entity_type == :user && connection.current_user.id.to_s == id connection.current_entity_type == :user && connection.current_user.id.to_s == id
when 'supplier' when 'supplier'
connection.current_entity_type == :supplier && connection.current_user.id.to_s == id # Supplier app: Employee logs in, acts on behalf of a Supplier.
# The supplier_id is passed as a query param when connecting.
(connection.current_entity_type == :supplier && connection.current_user.id.to_s == id) ||
(connection.current_entity_type == :employee && connection.current_supplier_id.to_s == id)
when 'employee' when 'employee'
connection.current_entity_type == :employee && connection.current_user.id.to_s == id connection.current_entity_type == :employee && connection.current_user.id.to_s == id
else else