From cd5f1c320c51872f678019e259a9ae271c4325fd Mon Sep 17 00:00:00 2001 From: Mike Barlow Date: Mon, 6 Feb 2023 23:59:57 +0000 Subject: [PATCH 1/2] removing use of user model in public property --- src/Livewire/Megaphone.php | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/src/Livewire/Megaphone.php b/src/Livewire/Megaphone.php index ec9e03e..2fcd79b 100644 --- a/src/Livewire/Megaphone.php +++ b/src/Livewire/Megaphone.php @@ -8,7 +8,7 @@ class Megaphone extends Component { - public $user; + public $notifiableId; public $announcements; @@ -23,20 +23,28 @@ class Megaphone extends Component public function mount(Request $request) { - $this->user = $request->user(); - $this->loadAnnouncements($this->user); + if (empty($this->notifiableId) && $request->user() !== null) { + $this->notifiableId = $request->user()->id; + } + + $this->loadAnnouncements($this->getNotifiable()); $this->showCount = config('megaphone.showCount', true); } - public function loadAnnouncements($user) + public function getNotifiable() + { + return config('megaphone.model')::find($this->notifiableId); + } + + public function loadAnnouncements($notifiable) { $this->unread = $this->announcements = collect([]); - if ($user === null || get_class($user) !== config('megaphone.model')) { + if ($notifiable === null || get_class($notifiable) !== config('megaphone.model')) { return; } - $announcements = $user->announcements()->get(); + $announcements = $notifiable->announcements()->get(); $this->unread = $announcements->whereNull('read_at'); $this->announcements = $announcements->whereNotNull('read_at'); } @@ -49,6 +57,6 @@ public function render() public function markAsRead(DatabaseNotification $notification) { $notification->markAsRead(); - $this->loadAnnouncements($this->user); + $this->loadAnnouncements($this->getNotifiable()); } } From 8ffb541edea48cbea32dc84f1c0396b4c3f8f787 Mon Sep 17 00:00:00 2001 From: Mike Barlow Date: Sat, 25 Feb 2023 20:50:22 +0000 Subject: [PATCH 2/2] readme and changelog --- CHANGELOG.md | 5 +++++ README.md | 16 ++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8463e19..3d4c2fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,11 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). +## [1.2.0] - 2023-02-25 + +* Removed `public $user` from component and changed loading of announcements to prevent user model data exposure. [PR #22](https://github.com/mikebarlow/megaphone/pull/22) +* Added ability to pass in the notifiableId via component render + ## [1.1.0] - 2022-12-27 * Improvement: New SVG Bell Icon [PR #17](https://github.com/mikebarlow/megaphone/pull/17) diff --git a/README.md b/README.md index b444c7b..2d6dbb1 100644 --- a/README.md +++ b/README.md @@ -229,6 +229,22 @@ This will clear any "read" Megaphone notifications older than 2 weeks old. This The 2-week time limit for old notifications is controlled via the Megaphone config file, `config('megaphone.clearAfter')`. So should you wish to alter this cut off point, simply change this value to either extend or shorten the cut off. +## Changing Notifiable Model + +Because notifications can be attached to any model via the `Notifiable` trait, Megaphone too can be attached to any model providing the model also has the `Notifiable` trait attached. + +As default, Megaphone assumes you will be attaching it to the standard Laravel User model and when loading notifications, it will attempt to retrieve the ID of the logged in user from the Request object. + +If you are wanting to attach Megaphone to a Team model for example, change the `model` attribute of the published megaphone config file, `megaphone.php`. + +When rendering the Megaphone component, you will then need to pass in the ID of the notifiable model into the component so Megaphone can load the correct notifications + +```html + +``` + + + ## Testing If you wish to run the tests, clone out the repository