尝试订阅专用频道时,Laravel不检查授权
我刚开始工作,遇到了一个问题。我正在使用Pusher,我想检查用户是否有权订阅私人频道。用户对帖子评论通知的访问已通过身份验证,但未经授权。我试图只向帖子的作者发送新评论的通知,但是所有打开帖子的经过身份验证的用户都会收到通知。我是不是错过了什么尝试订阅专用频道时,Laravel不检查授权,laravel,broadcast,pusher,Laravel,Broadcast,Pusher,我刚开始工作,遇到了一个问题。我正在使用Pusher,我想检查用户是否有权订阅私人频道。用户对帖子评论通知的访问已通过身份验证,但未经授权。我试图只向帖子的作者发送新评论的通知,但是所有打开帖子的经过身份验证的用户都会收到通知。我是不是错过了什么 <?php namespace App\Events; use Illuminate\Broadcasting\Channel; use Illuminate\Queue\SerializesModels; use Illuminate\Br
<?php
namespace App\Events;
use Illuminate\Broadcasting\Channel;
use Illuminate\Queue\SerializesModels;
use Illuminate\Broadcasting\PrivateChannel;
use Illuminate\Broadcasting\PresenceChannel;
use Illuminate\Foundation\Events\Dispatchable;
use Illuminate\Broadcasting\InteractsWithSockets;
use Illuminate\Contracts\Broadcasting\ShouldBroadcast;
class NewCommentEvent implements ShouldBroadcast
{
use Dispatchable, InteractsWithSockets, SerializesModels;
/**
* Create a new event instance.
*
* @return void
*/
public $comment;
public function __construct($comment)
{
$this->comment = $comment;
}
/**
* Get the channels the event should broadcast on.
*
* @return \Illuminate\Broadcasting\Channel|array
*/
public function broadcastOn()
{
return new PrivateChannel('post-'.$this->comment->post_id);
}
public function broadcastAs()
{
return 'new-comment-event';
}
public function broadcastWith()
{
return ['comment' => $this->comment->comment];
}
}
我使用的laravel版本是:5.8“$this->comment->post_id”表示什么?如果它表示该特定帖子的id,那么谁有权访问该帖子将获得通知。从post\u id获取作者id,并在“post-”上广播。作者id。是,如果某篇文章是特定的,它就是该id。不,一个私人频道(在本例中为private-post-3)应该对用户进行身份验证(现在是这样),并检查是否也被授权。你会订阅所有帖子以获得帖子的评论吗?现在,谁订阅了该帖子id,谁就会收到通知。如果您只希望author获得通知,请在频道名称中使用author_id。这是我从频道路由中所期望的:
Broadcast::channel('post-{id}',function($user,$id){return$user->id==post::find($id)->author_id;})代码>哦..好的。我建议以作者身份广播更好。看看哪个更合适。似乎根本没有调用channel.php路由。
<?php
use App\models\Post;
Broadcast::channel('App.User.{id}', function ($user, $id) {
return (int) $user->id === (int) $id;
});
Broadcast::channel('post-{id}', function ($user, $id) {
return false;
//return $user->id == Post::find($id)->author_id;
});
var pusher = new Pusher('904d58ankty8c8397d000', {
authEndpoint: 'http://localhost/blog/public/broadcasting/auth',
cluster: 'ap2',
forceTLS: true,
auth: {
headers: {
'X-CSRF-Token': "{{csrf_token()}}"
}
}
});
var privateChannel = pusher.subscribe("private-post-{{{$post->id}}}");
privateChannel.bind('new-comment-event', function(data) {
$('#post-comments').append('<p>'+data.comment+'</p>');
});
public function boot()
{
Broadcast::routes(['middleware' => ['auth']]);
require base_path('routes/channels.php');
}