bert.hausmans
912022f5da
Per RFC-WS-6 §Q1 v1.3 addition 2.
- routes/channels.php (NEW): authorization callback for the
submission.{id} private channel. v1 authz scope is submitter-only
(matches submitted_by_user_id); org-admin access is deferred per
BACKLOG TECH-CHANNEL-AUTH-ORG-ADMIN. Frontend Echo subscription
lands as a separate frontend follow-up.
- bootstrap/app.php: registers routes/channels.php via withRouting()
channels: parameter. This is NEW broadcasting wiring — Laravel's
broadcasting auth middleware was not previously connected to the
framework. Without this registration the channels file is dead code.
- AppServiceProvider:👢 comment block updated to v1.3 listener
layout (1 sync ApplyBindings + N queued, all gated on
apply_status=COMPLETED per ARCH-BINDINGS §5.6). Comment on
TriggerPersonIdentityMatch flipped from "(sync)" to "(queued
post-v1.3)".
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
58 lines
2.1 KiB
PHP
58 lines
2.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\FormBuilder\FormSubmission;
|
|
use App\Models\User;
|
|
use Illuminate\Support\Facades\Broadcast;
|
|
|
|
/*
|
|
|--------------------------------------------------------------------------
|
|
| Broadcast Channel Authorization
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
| Channel-level authorization callbacks for private and presence channels.
|
|
| Laravel's broadcasting auth middleware invokes these on subscription
|
|
| attempts; returning truthy authorises, falsy denies.
|
|
|
|
|
| File registered in bootstrap/app.php via withRouting(channels: ...).
|
|
| Without that registration this file is dead code.
|
|
|
|
|
*/
|
|
|
|
/*
|
|
* Per RFC-WS-6 §Q1 v1.3 addition 2.
|
|
*
|
|
* Authorises private subscriptions to a form-submission's identity-match
|
|
* resolution channel. The TriggerPersonIdentityMatchOnFormSubmit listener
|
|
* dispatches FormSubmissionIdentityMatchResolved on this channel after
|
|
* writing the final identity_match_status; the frontend portal
|
|
* IdentityMatchBanner subscribes via Echo.private('submission.{id}') and
|
|
* refetches the submission resource on receipt.
|
|
*
|
|
* v1 authz scope: only the submitter who created the submission via an
|
|
* authenticated session is allowed to subscribe. Org-admin access is
|
|
* deferred — see BACKLOG entry TECH-CHANNEL-AUTH-ORG-ADMIN. Public
|
|
* (token-based) submitters are not on this channel; their flow is
|
|
* already polling-based and they don't have a User to authenticate with.
|
|
*/
|
|
Broadcast::channel(
|
|
'submission.{submissionId}',
|
|
function (User $user, string $submissionId): bool {
|
|
$submission = FormSubmission::query()
|
|
->withoutGlobalScopes()
|
|
->find($submissionId);
|
|
|
|
if ($submission === null) {
|
|
return false;
|
|
}
|
|
|
|
// TODO TECH-CHANNEL-AUTH-ORG-ADMIN — extend to organisation admins
|
|
// once we audit the Spatie Permission helper for an
|
|
// organisation-scoped role check (hasRoleInOrganisation or
|
|
// similar). Until that audit lands, only the submitter has
|
|
// channel access.
|
|
return $submission->submitted_by_user_id === $user->id;
|
|
},
|
|
);
|