From 4e437827bd9b1375cb8acd9fe09d27bb87c87250 Mon Sep 17 00:00:00 2001 From: sacOO7 Date: Mon, 28 Nov 2022 01:40:51 +0530 Subject: [PATCH 1/9] Refactored channel capability key --- src/AblyBroadcaster.php | 6 +++--- tests/AblyBroadcasterTest.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/AblyBroadcaster.php b/src/AblyBroadcaster.php index 8fbf8d5..c1ece99 100644 --- a/src/AblyBroadcaster.php +++ b/src/AblyBroadcaster.php @@ -132,9 +132,9 @@ public function auth($request) } try { $userChannelMetaData = parent::verifyUserCanAccessChannel($request, $normalizedChannelName); - if (is_array($userChannelMetaData) && array_key_exists('capability', $userChannelMetaData)) { - $channelCapability = $userChannelMetaData['capability']; - unset($userChannelMetaData['capability']); + if (is_array($userChannelMetaData) && array_key_exists('channel-capability', $userChannelMetaData)) { + $channelCapability = $userChannelMetaData['channel-capability']; + unset($userChannelMetaData['channel-capability']); } } catch (\Exception $e) { throw new AccessDeniedHttpException('Access denied, '.$this->stringify($channelName, $connectionId, $userId), $e); diff --git a/tests/AblyBroadcasterTest.php b/tests/AblyBroadcasterTest.php index 51190db..52cad61 100644 --- a/tests/AblyBroadcasterTest.php +++ b/tests/AblyBroadcasterTest.php @@ -255,7 +255,7 @@ public function testCustomChannelCapability() $this->broadcaster->shouldReceive('validAuthenticationResponse') ->times(1) - ->andReturn(['userid' => 'user1234', 'info' => 'Hello there', 'capability' => ['publish', 'subscribe', 'presence']]); + ->andReturn(['userid' => 'user1234', 'info' => 'Hello there', 'channel-capability' => ['publish', 'subscribe', 'presence']]); $response = $this->broadcaster->auth( $this->getMockRequestWithUserForChannel('private:test1', null) From 0df96dcf8ee96bc95b74eede6d75666baf355169 Mon Sep 17 00:00:00 2001 From: sacOO7 Date: Mon, 28 Nov 2022 01:48:16 +0530 Subject: [PATCH 2/9] Updated readme with updated capability key --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5c466c8..1557bee 100644 --- a/README.md +++ b/README.md @@ -112,12 +112,12 @@ npm run dev // for private channel (Access is allowed for truthy values and denied for falsy values) Broadcast::channel('channel1', function ($user) { - return ['capability' => ["subscribe", "history"]]; + return ['channel-capability' => ["subscribe", "history"]]; }); // for presence channel Broadcast::channel('channel2', function ($user) { - return ['id' => $user->id, 'name' => $user->name, 'capability' => ["subscribe", "presence"]]; + return ['id' => $user->id, 'name' => $user->name, 'channel-capability' => ["subscribe", "presence"]]; }); ``` From ec674665d63d5ac3dd389782af80a7009b950cdd Mon Sep 17 00:00:00 2001 From: sacOO7 Date: Mon, 28 Nov 2022 02:08:06 +0530 Subject: [PATCH 3/9] provided more verbose key for user channel capability --- README.md | 4 ++-- src/AblyBroadcaster.php | 6 +++--- tests/AblyBroadcasterTest.php | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 1557bee..cae05a9 100644 --- a/README.md +++ b/README.md @@ -112,12 +112,12 @@ npm run dev // for private channel (Access is allowed for truthy values and denied for falsy values) Broadcast::channel('channel1', function ($user) { - return ['channel-capability' => ["subscribe", "history"]]; + return ['user-channel-access' => ["subscribe", "history"]]; }); // for presence channel Broadcast::channel('channel2', function ($user) { - return ['id' => $user->id, 'name' => $user->name, 'channel-capability' => ["subscribe", "presence"]]; + return ['id' => $user->id, 'name' => $user->name, 'user-channel-access' => ["subscribe", "presence"]]; }); ``` diff --git a/src/AblyBroadcaster.php b/src/AblyBroadcaster.php index c1ece99..e551fe2 100644 --- a/src/AblyBroadcaster.php +++ b/src/AblyBroadcaster.php @@ -132,9 +132,9 @@ public function auth($request) } try { $userChannelMetaData = parent::verifyUserCanAccessChannel($request, $normalizedChannelName); - if (is_array($userChannelMetaData) && array_key_exists('channel-capability', $userChannelMetaData)) { - $channelCapability = $userChannelMetaData['channel-capability']; - unset($userChannelMetaData['channel-capability']); + if (is_array($userChannelMetaData) && array_key_exists('user-channel-access', $userChannelMetaData)) { + $channelCapability = $userChannelMetaData['user-channel-access']; + unset($userChannelMetaData['user-channel-access']); } } catch (\Exception $e) { throw new AccessDeniedHttpException('Access denied, '.$this->stringify($channelName, $connectionId, $userId), $e); diff --git a/tests/AblyBroadcasterTest.php b/tests/AblyBroadcasterTest.php index 52cad61..384251e 100644 --- a/tests/AblyBroadcasterTest.php +++ b/tests/AblyBroadcasterTest.php @@ -255,7 +255,7 @@ public function testCustomChannelCapability() $this->broadcaster->shouldReceive('validAuthenticationResponse') ->times(1) - ->andReturn(['userid' => 'user1234', 'info' => 'Hello there', 'channel-capability' => ['publish', 'subscribe', 'presence']]); + ->andReturn(['userid' => 'user1234', 'info' => 'Hello there', 'user-channel-access' => ['publish', 'subscribe', 'presence']]); $response = $this->broadcaster->auth( $this->getMockRequestWithUserForChannel('private:test1', null) From 5458ef6d87662b85161af2d4358de13a2a72083d Mon Sep 17 00:00:00 2001 From: sacOO7 Date: Mon, 28 Nov 2022 10:11:03 +0530 Subject: [PATCH 4/9] Refactored user-channel-access to more abbreviated form --- README.md | 6 +++--- src/AblyBroadcaster.php | 6 +++--- tests/AblyBroadcasterTest.php | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index cae05a9..4657d74 100644 --- a/README.md +++ b/README.md @@ -106,18 +106,18 @@ npm run dev ## Configure advanced features **1. Modify private/presence channel capability. Default: Full capability** -- Channel access can be changed as per [Channel Capabilities](https://ably.com/docs/core-features/authentication#capability-operations) +- User channel access can be changed as per [Channel Capabilities](https://ably.com/docs/core-features/authentication#capability-operations) ```php // file - routes/channels.php // for private channel (Access is allowed for truthy values and denied for falsy values) Broadcast::channel('channel1', function ($user) { - return ['user-channel-access' => ["subscribe", "history"]]; + return ['uc-access' => ["subscribe", "history"]]; }); // for presence channel Broadcast::channel('channel2', function ($user) { - return ['id' => $user->id, 'name' => $user->name, 'user-channel-access' => ["subscribe", "presence"]]; + return ['id' => $user->id, 'name' => $user->name, 'uc-access' => ["subscribe", "presence"]]; }); ``` diff --git a/src/AblyBroadcaster.php b/src/AblyBroadcaster.php index e551fe2..9413190 100644 --- a/src/AblyBroadcaster.php +++ b/src/AblyBroadcaster.php @@ -132,9 +132,9 @@ public function auth($request) } try { $userChannelMetaData = parent::verifyUserCanAccessChannel($request, $normalizedChannelName); - if (is_array($userChannelMetaData) && array_key_exists('user-channel-access', $userChannelMetaData)) { - $channelCapability = $userChannelMetaData['user-channel-access']; - unset($userChannelMetaData['user-channel-access']); + if (is_array($userChannelMetaData) && array_key_exists('uc-access', $userChannelMetaData)) { + $channelCapability = $userChannelMetaData['uc-access']; + unset($userChannelMetaData['uc-access']); } } catch (\Exception $e) { throw new AccessDeniedHttpException('Access denied, '.$this->stringify($channelName, $connectionId, $userId), $e); diff --git a/tests/AblyBroadcasterTest.php b/tests/AblyBroadcasterTest.php index 384251e..9d8f6c7 100644 --- a/tests/AblyBroadcasterTest.php +++ b/tests/AblyBroadcasterTest.php @@ -255,7 +255,7 @@ public function testCustomChannelCapability() $this->broadcaster->shouldReceive('validAuthenticationResponse') ->times(1) - ->andReturn(['userid' => 'user1234', 'info' => 'Hello there', 'user-channel-access' => ['publish', 'subscribe', 'presence']]); + ->andReturn(['userid' => 'user1234', 'info' => 'Hello there', 'uc-access' => ['publish', 'subscribe', 'presence']]); $response = $this->broadcaster->auth( $this->getMockRequestWithUserForChannel('private:test1', null) From 8af526a658f293ef7883b1bcec03436d819926e5 Mon Sep 17 00:00:00 2001 From: sacOO7 Date: Mon, 28 Nov 2022 10:21:33 +0530 Subject: [PATCH 5/9] Updated user authentication note for a ably private/presence channel --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4657d74..05a9c16 100644 --- a/README.md +++ b/README.md @@ -109,8 +109,9 @@ npm run dev - User channel access can be changed as per [Channel Capabilities](https://ably.com/docs/core-features/authentication#capability-operations) ```php // file - routes/channels.php - - // for private channel (Access is allowed for truthy values and denied for falsy values) + // User authentication is allowed for private/presence channel returning truthy values and denied for falsy values. + + // for private channel Broadcast::channel('channel1', function ($user) { return ['uc-access' => ["subscribe", "history"]]; }); From 154e838c7b8da5c2bc5abcf0dafb18550e8daf54 Mon Sep 17 00:00:00 2001 From: sacOO7 Date: Mon, 28 Nov 2022 14:37:29 +0530 Subject: [PATCH 6/9] Mentioned abbrevation for user channel access to be used --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 05a9c16..571850f 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,7 @@ npm run dev ## Configure advanced features **1. Modify private/presence channel capability. Default: Full capability** -- User channel access can be changed as per [Channel Capabilities](https://ably.com/docs/core-features/authentication#capability-operations) +- User channel access (uc-access) can be changed as per [Channel Capabilities](https://ably.com/docs/core-features/authentication#capability-operations) ```php // file - routes/channels.php // User authentication is allowed for private/presence channel returning truthy values and denied for falsy values. From f618264c4292414bea504bc9af3f67f898e145ed Mon Sep 17 00:00:00 2001 From: sacOO7 Date: Thu, 1 Dec 2022 16:18:32 +0530 Subject: [PATCH 7/9] Fixed assigning uc-access to guardedChannelCapability --- src/AblyBroadcaster.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/AblyBroadcaster.php b/src/AblyBroadcaster.php index 9b0a4e1..73775c4 100644 --- a/src/AblyBroadcaster.php +++ b/src/AblyBroadcaster.php @@ -131,7 +131,7 @@ public function auth($request) try { $userChannelMetaData = parent::verifyUserCanAccessChannel($request, $normalizedChannelName); if (is_array($userChannelMetaData) && array_key_exists('uc-access', $userChannelMetaData)) { - $channelCapability = $userChannelMetaData['uc-access']; + $guardedChannelCapability = $userChannelMetaData['uc-access']; unset($userChannelMetaData['uc-access']); } } catch (\Exception $e) { From 56d7a6dd7746e8e95175bec8a8ecd49a880d0d48 Mon Sep 17 00:00:00 2001 From: sacOO7 Date: Tue, 6 Dec 2022 01:04:24 +0530 Subject: [PATCH 8/9] Updated user-access key to more generic ably-capability --- README.md | 6 +++--- src/AblyBroadcaster.php | 9 ++++++--- tests/AblyBroadcasterTest.php | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 75e40b2..7f4cd7c 100644 --- a/README.md +++ b/README.md @@ -106,19 +106,19 @@ npm run dev ## Configure advanced features **1. Modify private/presence channel capability. Default: Full capability** -- User channel access (uc-access) can be changed as per [Channel Capabilities](https://ably.com/docs/core-features/authentication#capability-operations) +- User channel access (ably-capability) can be changed as per [Channel Capabilities](https://ably.com/docs/core-features/authentication#capability-operations) ```php // file - routes/channels.php // User authentication is allowed for private/presence channel returning truthy values and denied for falsy values. // for private channel Broadcast::channel('channel1', function ($user) { - return ['uc-access' => ["subscribe", "history"]]; + return ['ably-capability' => ["subscribe", "history"]]; }); // for presence channel Broadcast::channel('channel2', function ($user) { - return ['id' => $user->id, 'name' => $user->name, 'uc-access' => ["subscribe", "presence"]]; + return ['id' => $user->id, 'name' => $user->name, 'ably-capability' => ["subscribe", "presence"]]; }); ``` diff --git a/src/AblyBroadcaster.php b/src/AblyBroadcaster.php index 73775c4..70c1f9e 100644 --- a/src/AblyBroadcaster.php +++ b/src/AblyBroadcaster.php @@ -130,9 +130,12 @@ public function auth($request) } try { $userChannelMetaData = parent::verifyUserCanAccessChannel($request, $normalizedChannelName); - if (is_array($userChannelMetaData) && array_key_exists('uc-access', $userChannelMetaData)) { - $guardedChannelCapability = $userChannelMetaData['uc-access']; - unset($userChannelMetaData['uc-access']); + if (is_array($userChannelMetaData) && array_key_exists('ably-capability', $userChannelMetaData)) { + $guardedChannelCapability = $userChannelMetaData['ably-capability']; + unset($userChannelMetaData['ably-capability']); + } else if (is_array($userChannelMetaData) && array_key_exists('capability', $userChannelMetaData)) { // deprecated, will be removed in future versions + $guardedChannelCapability = $userChannelMetaData['capability']; + unset($userChannelMetaData['capability']); } } catch (\Exception $e) { throw new AccessDeniedHttpException('Access denied, '.$this->stringify($channelName, $connectionId, $userId), $e); diff --git a/tests/AblyBroadcasterTest.php b/tests/AblyBroadcasterTest.php index a8518f8..d715263 100644 --- a/tests/AblyBroadcasterTest.php +++ b/tests/AblyBroadcasterTest.php @@ -257,7 +257,7 @@ public function testCustomChannelCapability() $this->broadcaster->shouldReceive('validAuthenticationResponse') ->times(1) - ->andReturn(['userid' => 'user1234', 'info' => 'Hello there', 'uc-access' => ['publish', 'subscribe', 'presence']]); + ->andReturn(['userid' => 'user1234', 'info' => 'Hello there', 'ably-capability' => ['publish', 'subscribe', 'presence']]); $response = $this->broadcaster->auth( $this->getMockRequestWithUserForChannel('private:test1', null) From bc98ad4727d49858f6f0ee2af228c12cb721b215 Mon Sep 17 00:00:00 2001 From: sacOO7 Date: Tue, 6 Dec 2022 01:12:28 +0530 Subject: [PATCH 9/9] Updated readme, added a separate note for ably capability --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7f4cd7c..9084f16 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,8 @@ npm run dev ## Configure advanced features **1. Modify private/presence channel capability. Default: Full capability** -- User channel access (ably-capability) can be changed as per [Channel Capabilities](https://ably.com/docs/core-features/authentication#capability-operations) +- Channel access control rights are granted for each individual user separately using `ably-capability`. It defines list of access claims as per [Channel Capabilities](https://ably.com/docs/core-features/authentication#capability-operations). + ```php // file - routes/channels.php // User authentication is allowed for private/presence channel returning truthy values and denied for falsy values.