BenClaw
c48f4d9041
- Employee authenticates via auth_token, acts on behalf of a Supplier - Connection now accepts ?supplier_id=ID query param - identified_by :current_supplier_id added - MozoChannel#authorized? allows :employee to subscribe to supplier_<id> when current_supplier_id matches
45 lines
1.3 KiB
Ruby
45 lines
1.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
# Base channel. Streams are set up dynamically by clients subscribing
|
|
# to their entity channel (user_123, supplier_456, etc.).
|
|
#
|
|
# The server broadcasts TO these channels via:
|
|
# ActionCable.server.broadcast("user_123", { event: "...", data: {...} })
|
|
#
|
|
# Clients connect and subscribe via:
|
|
# consumer.subscriptions.create({ channel: "MozoChannel", id: "user_123" })
|
|
#
|
|
class MozoChannel < ApplicationCable::Channel
|
|
def subscribed
|
|
stream_name = params[:id]
|
|
if authorized?(stream_name)
|
|
stream_from stream_name
|
|
else
|
|
reject
|
|
end
|
|
end
|
|
|
|
def unsubscribed
|
|
# cleanup
|
|
end
|
|
|
|
private
|
|
|
|
def authorized?(stream_name)
|
|
prefix, id = stream_name.to_s.split('_', 2)
|
|
case prefix
|
|
when 'user'
|
|
connection.current_entity_type == :user && connection.current_user.id.to_s == id
|
|
when 'supplier'
|
|
# Supplier app: Employee logs in, acts on behalf of a Supplier.
|
|
# The supplier_id is passed as a query param when connecting.
|
|
(connection.current_entity_type == :supplier && connection.current_user.id.to_s == id) ||
|
|
(connection.current_entity_type == :employee && connection.current_supplier_id.to_s == id)
|
|
when 'employee'
|
|
connection.current_entity_type == :employee && connection.current_user.id.to_s == id
|
|
else
|
|
false
|
|
end
|
|
end
|
|
end
|