Restricting access to thread participants only. · cmgmyr/laravel-messenger · Discussion #371

ronlinet
Nov 26, 2021

Thank you for the demo guys.
I am reusing it now in my project and I have noticed that the thread page doesn’t check if the user is a participant or not.

Adding below snippet to MessagesController.php#L60 will redirect "non participants" back to the listing page with an error message.

$participant = Participant::where(['user_id' => Auth::id(), 'thread_id' => $id ]);
if( is_null($participant->first())) {
 \Session::flash('error_message', 'Only For Participants');
 return redirect()->back();
}

Replies: 1 comment

cmgmyr
Nov 29, 2021
Maintainer

hey @ronlinet, thanks for the discussion thread and using the package!

Correct, we handle the basics in the package. It's up to the application code to determine authorization for gaining access to message/thread features.

0 replies

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Restricting access to thread participants only. #371

Uh oh!

{{title}}

Uh oh!

ronlinet
Nov 26, 2021

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

cmgmyr
Nov 29, 2021
Maintainer

Select a reply

Uh oh!

Uh oh!

Restricting access to thread participants only. #371

Uh oh!

ronlinet Nov 26, 2021

Replies: 1 comment

Uh oh!

cmgmyr Nov 29, 2021 Maintainer

ronlinet
Nov 26, 2021

cmgmyr
Nov 29, 2021
Maintainer