activerecord-tenant-level-security 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 8741075a67af652cbb2d63bd9b51a133567e8c4afaee412a0613a83ab691574b
4
+ data.tar.gz: dd8568928a4ef717ff14414999c30ab338779bd7442eb235c65241812c7b709e
5
+ SHA512:
6
+ metadata.gz: e6804c43306e3f42dc848f77ecc626d48dcd6be423c3b00f360f2958df3ad20fa7c1eed89bd3558493928fb9fd3166f7297f4f03b3326d6c28a8b580de1823f8
7
+ data.tar.gz: 7557ed07df0d49fd04f38a230a03a7a4d9548c02c4583e0c074c03758b016ad30e8aa88131c01730788409d5897c9c7660fa058fb3ecf2f6941efb04f530c90f
@@ -0,0 +1,32 @@
1
+ version: 2.1
2
+
3
+ jobs:
4
+ test:
5
+ parameters:
6
+ ruby:
7
+ type: string
8
+ rails:
9
+ type: string
10
+ postgres:
11
+ type: string
12
+ docker:
13
+ - image: << parameters.ruby >>
14
+ - image: circleci/<< parameters.postgres >>
15
+ environment:
16
+ POSTGRES_HOST_AUTH_METHOD: trust
17
+ steps:
18
+ - checkout
19
+ - run: gem install bundler
20
+ - run: bundle install
21
+ - run: bundle exec appraisal << parameters.rails >> bundle install
22
+ - run: bundle exec appraisal << parameters.rails >> rspec
23
+
24
+ workflows:
25
+ all-tests:
26
+ jobs:
27
+ - test:
28
+ matrix:
29
+ parameters:
30
+ ruby: ['ruby:2.7.4', 'ruby:3.0.2']
31
+ rails: ['rails-6.0', 'rails-6.1']
32
+ postgres: ['postgres:11', 'postgres:12', 'postgres:13']
data/.gitignore ADDED
@@ -0,0 +1,15 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /_yardoc/
4
+ /coverage/
5
+ /doc/
6
+ /pkg/
7
+ /spec/reports/
8
+ /tmp/
9
+
10
+ # rspec failure tracking
11
+ .rspec_status
12
+
13
+ Gemfile.lock
14
+ gemfiles/.bundle
15
+ gemfiles/*.gemfile.lock
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
data/Appraisals ADDED
@@ -0,0 +1,7 @@
1
+ appraise "rails-6.0" do
2
+ gem "rails", "~> 6.0.4"
3
+ end
4
+
5
+ appraise "rails-6.1" do
6
+ gem "rails", "~> 6.1.4"
7
+ end
@@ -0,0 +1,74 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ In the interest of fostering an open and welcoming environment, we as
6
+ contributors and maintainers pledge to making participation in our project and
7
+ our community a harassment-free experience for everyone, regardless of age, body
8
+ size, disability, ethnicity, gender identity and expression, level of experience,
9
+ nationality, personal appearance, race, religion, or sexual identity and
10
+ orientation.
11
+
12
+ ## Our Standards
13
+
14
+ Examples of behavior that contributes to creating a positive environment
15
+ include:
16
+
17
+ * Using welcoming and inclusive language
18
+ * Being respectful of differing viewpoints and experiences
19
+ * Gracefully accepting constructive criticism
20
+ * Focusing on what is best for the community
21
+ * Showing empathy towards other community members
22
+
23
+ Examples of unacceptable behavior by participants include:
24
+
25
+ * The use of sexualized language or imagery and unwelcome sexual attention or
26
+ advances
27
+ * Trolling, insulting/derogatory comments, and personal or political attacks
28
+ * Public or private harassment
29
+ * Publishing others' private information, such as a physical or electronic
30
+ address, without explicit permission
31
+ * Other conduct which could reasonably be considered inappropriate in a
32
+ professional setting
33
+
34
+ ## Our Responsibilities
35
+
36
+ Project maintainers are responsible for clarifying the standards of acceptable
37
+ behavior and are expected to take appropriate and fair corrective action in
38
+ response to any instances of unacceptable behavior.
39
+
40
+ Project maintainers have the right and responsibility to remove, edit, or
41
+ reject comments, commits, code, wiki edits, issues, and other contributions
42
+ that are not aligned to this Code of Conduct, or to ban temporarily or
43
+ permanently any contributor for other behaviors that they deem inappropriate,
44
+ threatening, offensive, or harmful.
45
+
46
+ ## Scope
47
+
48
+ This Code of Conduct applies both within project spaces and in public spaces
49
+ when an individual is representing the project or its community. Examples of
50
+ representing a project or community include using an official project e-mail
51
+ address, posting via an official social media account, or acting as an appointed
52
+ representative at an online or offline event. Representation of a project may be
53
+ further defined and clarified by project maintainers.
54
+
55
+ ## Enforcement
56
+
57
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
+ reported by contacting the project team at watassbass@gmail.com. All
59
+ complaints will be reviewed and investigated and will result in a response that
60
+ is deemed necessary and appropriate to the circumstances. The project team is
61
+ obligated to maintain confidentiality with regard to the reporter of an incident.
62
+ Further details of specific enforcement policies may be posted separately.
63
+
64
+ Project maintainers who do not follow or enforce the Code of Conduct in good
65
+ faith may face temporary or permanent repercussions as determined by other
66
+ members of the project's leadership.
67
+
68
+ ## Attribution
69
+
70
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
+ available at [http://contributor-covenant.org/version/1/4][version]
72
+
73
+ [homepage]: http://contributor-covenant.org
74
+ [version]: http://contributor-covenant.org/version/1/4/
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source "https://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in activerecord-tenant-level-security.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2019 SmartHR, Inc.
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,140 @@
1
+ # activerecord-tenant-level-security
2
+
3
+ An Active Record extension for Multitenancy with PostgreSQL Row Level Security.
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ ```ruby
10
+ gem 'activerecord-tenant-level-security'
11
+ ```
12
+
13
+ And then execute:
14
+
15
+ $ bundle
16
+
17
+ Or install it yourself as:
18
+
19
+ $ gem install activerecord-tenant-level-security
20
+
21
+ ## Usage
22
+
23
+ The activerecord-tenant-level-security provides an API for applying [PostgreSQL Row Level Security](https://www.postgresql.org/docs/current/ddl-rowsecurity.html) (RLS) as follows:
24
+
25
+ ```ruby
26
+ Employee.pluck(:name) # => ["Jane", "Tom"]
27
+
28
+ # Switch a connection as non-superuser
29
+ ActiveRecord::Base.establish_connection(app_user_config)
30
+
31
+ TenantLevelSecurity.with(tenant1.id) do
32
+ Employee.pluck(:name) # => ["Jane"]
33
+ end
34
+
35
+ TenantLevelSecurity.with(tenant2.id) do
36
+ Employee.pluck(:name) # => ["Tom"]
37
+ end
38
+ ```
39
+
40
+ To enable RLS, you need to create a policy on the table. You can use `create_policy` in a migration file:
41
+
42
+ ```ruby
43
+ class CreateEmployee < ActiveRecord::Migration[6.0]
44
+ def change
45
+ create_table :employees do |t|
46
+ t.integer :tenant_id
47
+ t.string :name
48
+ end
49
+
50
+ create_policy :employees
51
+ end
52
+ end
53
+ ```
54
+
55
+ When testing, be aware of the database user you are connecting to. The default user `postgres` has the `BYPASSRLS` attribute and therefore bypass the RLS. You must create a user who does not have these privileges in order for your application to connect.
56
+
57
+ If you want to use this gem, you first need to register a callback which gets the current tenant. This callback is invoked when checking out a new connection from a connection pool. Create an initializer and tell how it should resolve the current tenant like the following:
58
+
59
+ ```ruby
60
+ TenantLevelSecuriy.current_tenant_id { RequestStore.store[:current_tenant_id] }
61
+ ```
62
+
63
+ The above is an example of getting the current tenant stored using [RequestStore](https://github.com/steveklabnik/request_store). You are responsible for storing the current tenant, such as at the beginning of the request.
64
+
65
+ We strongly recommend using the [activerecord-multi-tenant](https://github.com/citusdata/activerecord-multi-tenant) for this config. activerecord-multi-tenant provides multi-tenant data isolation at the application layer by rewriting queries. On the other hand, this gem provides the isolation at the database layer by RLS. Multi-layered security is important.
66
+
67
+ ```ruby
68
+ TenantLevelSecuriy.current_tenant_id { MultiTenant.current_tenant_id }
69
+ ```
70
+
71
+ Do not query the database in this callback. As mentioned above, this callback is invoked at checking out a connection, so it may be called recursively.
72
+
73
+ ## How it works
74
+
75
+ The policy created by the activerecord-tenant-level-security is:
76
+
77
+ ```sql
78
+ CREATE POLICY tenant_policy ON employees
79
+ AS PERMISSIVE
80
+ FOR ALL
81
+ TO PUBLIC
82
+ USING (tenant_id::text = current_setting('tenant_level_security.tenant_id'))
83
+ WITH CHECK (tenant_id::text = current_setting('tenant_level_security.tenant_id'))
84
+ ```
85
+
86
+ In the table in which the policy is created, only the rows that match the current setting of `tenant_level_security.tenant_id` can be referenced. This value is set by `TenantLevelSecurity.with` etc.
87
+
88
+ ```ruby
89
+ # Set default tenant to "tenant2"
90
+ TenantLevelSecuriy.current_tenant_id { tenant2.id }
91
+
92
+ TenantLevelSecurity.with(tenant1.id) do # => SET tenant_level_security.tenant_id = '1'
93
+ Employee.pluck(:name)
94
+ end # => SET tenant_level_security.tenant_id TO DEFAULT
95
+
96
+ Thread.new {
97
+ # Checkout a new connection in a thread
98
+ Employee.connection # => SET tenant_level_security.tenant_id = '2'
99
+ }.join
100
+ ```
101
+
102
+ In this way, sessions are used to determine the current tenant. Therefore, avoid using it with transaction pooling like PgBouncer.
103
+
104
+ ## Sidekiq Integration
105
+
106
+ If you are using [Sidekiq](https://sidekiq.org/), The activerecord-tenant-level-security will provide [middlewares](https://github.com/mperham/sidekiq/wiki/Middleware):
107
+
108
+ ```ruby
109
+ Sidekiq.configure_client do |config|
110
+ config.client_middleware do |chain|
111
+ chain.add TenantLevelSecurity::Sidekiq::Middleware::Client
112
+ end
113
+ end
114
+
115
+ Sidekiq.configure_server do |config|
116
+ config.server_middleware do |chain|
117
+ chain.add TenantLevelSecurity::Sidekiq::Middleware::Server
118
+ end
119
+ end
120
+ ```
121
+
122
+ The middleware propagates the current tenant to the job through the session. This allows RLS to be enabled even within workers.
123
+
124
+ ## Development
125
+
126
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
127
+
128
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
129
+
130
+ ## Contributing
131
+
132
+ Bug reports and pull requests are welcome on GitHub at https://github.com/kufu/activerecord-tenant-level-security. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
133
+
134
+ ## License
135
+
136
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
137
+
138
+ ## Code of Conduct
139
+
140
+ Everyone interacting in the activerecord-tenant-level-security project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/kufu/activerecord-tenant-level-security/blob/master/CODE_OF_CONDUCT.md).
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
@@ -0,0 +1,35 @@
1
+ lib = File.expand_path("lib", __dir__)
2
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
+ require "activerecord-tenant-level-security/version"
4
+
5
+ Gem::Specification.new do |spec|
6
+ spec.name = "activerecord-tenant-level-security"
7
+ spec.version = TenantLevelSecurity::VERSION
8
+ spec.authors = ["SmartHR"]
9
+ spec.email = ["dev@smarthr.co.jp"]
10
+
11
+ spec.summary = %q{An Active Record extension for Multitenancy with PostgreSQL Row Level Security}
12
+ spec.description = %q{An Active Record extension for Multitenancy with PostgreSQL Row Level Security}
13
+ spec.homepage = "https://github.com/kufu/activerecord-tenant-level-security"
14
+ spec.license = "MIT"
15
+
16
+ spec.metadata["homepage_uri"] = spec.homepage
17
+ spec.metadata["source_code_uri"] = "https://github.com/kufu/activerecord-tenant-level-security"
18
+ spec.metadata["changelog_uri"] = "https://github.com/kufu/activerecord-tenant-level-security/blob/v#{TenantLevelSecurity::VERSION}/CHANGELOG.md"
19
+
20
+ # Specify which files should be added to the gem when it is released.
21
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
22
+ spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
23
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
24
+ end
25
+ spec.require_paths = ["lib"]
26
+
27
+ spec.add_dependency "activerecord", ">= 6.0"
28
+ spec.add_dependency "activesupport", ">= 6.0"
29
+ spec.add_dependency "pg", ">= 1.0"
30
+
31
+ spec.add_development_dependency "bundler", "~> 2.0"
32
+ spec.add_development_dependency "rake", "~> 10.0"
33
+ spec.add_development_dependency "rspec", "~> 3.0"
34
+ spec.add_development_dependency "appraisal", "~> 2.4"
35
+ end
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "activerecord-tenant-level-security"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,7 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "rails", "~> 6.0.4"
6
+
7
+ gemspec path: "../"
@@ -0,0 +1,7 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "rails", "~> 6.1.4"
6
+
7
+ gemspec path: "../"
@@ -0,0 +1,19 @@
1
+ module TenantLevelSecurity
2
+ module CommandRecorder
3
+ def create_policy(*args)
4
+ record(:create_policy, args)
5
+ end
6
+
7
+ def remove_policy(*args)
8
+ record(:remove_policy, args)
9
+ end
10
+
11
+ def invert_create_policy(args)
12
+ [:remove_policy, args]
13
+ end
14
+
15
+ def invert_remove_policy(args)
16
+ [:create_policy, args]
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,50 @@
1
+ # frozen_string_literal: true
2
+
3
+ module TenantLevelSecurity
4
+ module SchemaDumper
5
+ def tables(stream)
6
+ super
7
+ policies(stream)
8
+ end
9
+
10
+ def policies(stream)
11
+ # Section Separator
12
+ stream.puts if policies_in_database.any?
13
+
14
+ policies_in_database.each do |policy|
15
+ stream.puts(policy.to_schema)
16
+ end
17
+ end
18
+
19
+ def policies_in_database
20
+ query = <<~SQL
21
+ SELECT
22
+ tablename
23
+ FROM
24
+ pg_policies
25
+ WHERE
26
+ policyname = 'tenant_policy'
27
+ ORDER BY
28
+ tablename;
29
+ SQL
30
+ results = ActiveRecord::Base.connection.execute(query)
31
+ table_names = results.map { |x| x["tablename"] }
32
+
33
+ table_names.map { |t| Policy.new(t) }
34
+ end
35
+
36
+ class Policy
37
+ def initialize(table_name)
38
+ @table_name = table_name
39
+ end
40
+
41
+ def to_schema
42
+ %( create_policy "#{table_name}")
43
+ end
44
+
45
+ private
46
+
47
+ attr_reader :table_name
48
+ end
49
+ end
50
+ end
@@ -0,0 +1,28 @@
1
+ module TenantLevelSecurity
2
+ module SchemaStatements
3
+ def create_policy(table_name)
4
+ execute <<~SQL
5
+ ALTER TABLE #{table_name} ENABLE ROW LEVEL SECURITY;
6
+ ALTER TABLE #{table_name} FORCE ROW LEVEL SECURITY;
7
+ SQL
8
+ execute <<~SQL
9
+ CREATE POLICY tenant_policy ON #{table_name}
10
+ AS PERMISSIVE
11
+ FOR ALL
12
+ TO PUBLIC
13
+ USING (tenant_id::text = current_setting('tenant_level_security.tenant_id'))
14
+ WITH CHECK (tenant_id::text = current_setting('tenant_level_security.tenant_id'))
15
+ SQL
16
+ end
17
+
18
+ def remove_policy(table_name)
19
+ execute <<~SQL
20
+ ALTER TABLE #{table_name} NO FORCE ROW LEVEL SECURITY;
21
+ ALTER TABLE #{table_name} DISABLE ROW LEVEL SECURITY;
22
+ SQL
23
+ execute <<~SQL
24
+ DROP POLICY tenant_policy ON #{table_name}
25
+ SQL
26
+ end
27
+ end
28
+ end
@@ -0,0 +1,28 @@
1
+ module TenantLevelSecurity
2
+ module Sidekiq
3
+ module Middleware
4
+ class Client
5
+ def call(worker_class, job, queue, redis_pool)
6
+ tenant_id = TenantLevelSecurity.current_session_tenant_id
7
+ if tenant_id.present?
8
+ job['tenant_level_security'] ||= { id: tenant_id }
9
+ end
10
+
11
+ yield
12
+ end
13
+ end
14
+
15
+ class Server
16
+ def call(worker, job, queue)
17
+ if job.key?('tenant_level_security')
18
+ TenantLevelSecurity.with(job['tenant_level_security']['id']) do
19
+ yield
20
+ end
21
+ else
22
+ yield
23
+ end
24
+ end
25
+ end
26
+ end
27
+ end
28
+ end
@@ -0,0 +1,45 @@
1
+ module TenantLevelSecurity
2
+ class << self
3
+ # The current_tenant_id sets the default tenant from the outside.
4
+ # Be sure to register in advance as `TenantLevelSecurity.current_tenant_id { id }` with initializers.
5
+ # This value is mainly used as the current value when reusing a connection.
6
+ # Therefore, keep in mind that you need to manage it differently from the session value in the database.
7
+ def current_tenant_id(&block)
8
+ if block_given?
9
+ @@block = block
10
+ else
11
+ @@block.call
12
+ end
13
+ end
14
+
15
+ def with(tenant_id)
16
+ old_tenant_id = current_session_tenant_id
17
+ return yield if old_tenant_id == tenant_id
18
+ begin
19
+ switch! tenant_id
20
+ yield
21
+ ensure
22
+ switch! old_tenant_id
23
+ end
24
+ end
25
+
26
+ def switch!(tenant_id)
27
+ switch_with_connection!(ActiveRecord::Base.connection, tenant_id)
28
+ end
29
+
30
+ def switch_with_connection!(conn, tenant_id)
31
+ if tenant_id.present?
32
+ conn.execute("SET tenant_level_security.tenant_id = '#{tenant_id}'")
33
+ else
34
+ conn.execute('SET tenant_level_security.tenant_id TO DEFAULT')
35
+ end
36
+ end
37
+
38
+ def current_session_tenant_id
39
+ ActiveRecord::Base.connection.execute('SHOW tenant_level_security.tenant_id').getvalue(0, 0)
40
+ rescue ActiveRecord::StatementInvalid => e
41
+ return nil if e.cause.kind_of? PG::UndefinedObject
42
+ raise
43
+ end
44
+ end
45
+ end
@@ -0,0 +1,3 @@
1
+ module TenantLevelSecurity
2
+ VERSION = '0.0.1'
3
+ end
@@ -0,0 +1,22 @@
1
+ require 'active_support'
2
+ require 'active_record'
3
+ require 'pg'
4
+
5
+ require_relative 'activerecord-tenant-level-security/tenant_level_security'
6
+ require_relative 'activerecord-tenant-level-security/command_recorder'
7
+ require_relative 'activerecord-tenant-level-security/schema_dumper'
8
+ require_relative 'activerecord-tenant-level-security/schema_statements'
9
+ require_relative 'activerecord-tenant-level-security/sidekiq'
10
+
11
+ ActiveSupport.on_load(:active_record) do
12
+ ActiveRecord::ConnectionAdapters::AbstractAdapter.include TenantLevelSecurity::SchemaStatements
13
+ ActiveRecord::Migration::CommandRecorder.include TenantLevelSecurity::CommandRecorder
14
+ ActiveRecord::SchemaDumper.prepend TenantLevelSecurity::SchemaDumper
15
+
16
+ # Set the callback so that a session will be set to the current tenant when a connection is reused.
17
+ # Make sure that TenantLevelSecurity.current_tenant_id does not depend on database connections.
18
+ # If a new connection is needed to get the current_tenant_id, the callback may be invoked recursively.
19
+ ActiveRecord::ConnectionAdapters::AbstractAdapter.set_callback :checkout, :after do |conn|
20
+ TenantLevelSecurity.switch_with_connection!(conn, TenantLevelSecurity.current_tenant_id)
21
+ end
22
+ end
metadata ADDED
@@ -0,0 +1,166 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: activerecord-tenant-level-security
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - SmartHR
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-11-10 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: activerecord
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '6.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '6.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: activesupport
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '6.0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '6.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: pg
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '1.0'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '1.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: bundler
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '2.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '2.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rake
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '10.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '10.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rspec
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '3.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '3.0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: appraisal
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '2.4'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '2.4'
111
+ description: An Active Record extension for Multitenancy with PostgreSQL Row Level
112
+ Security
113
+ email:
114
+ - dev@smarthr.co.jp
115
+ executables: []
116
+ extensions: []
117
+ extra_rdoc_files: []
118
+ files:
119
+ - ".circleci/config.yml"
120
+ - ".gitignore"
121
+ - ".rspec"
122
+ - Appraisals
123
+ - CODE_OF_CONDUCT.md
124
+ - Gemfile
125
+ - LICENSE.txt
126
+ - README.md
127
+ - Rakefile
128
+ - activerecord-tenant-level-security.gemspec
129
+ - bin/console
130
+ - bin/setup
131
+ - gemfiles/rails_6.0.gemfile
132
+ - gemfiles/rails_6.1.gemfile
133
+ - lib/activerecord-tenant-level-security.rb
134
+ - lib/activerecord-tenant-level-security/command_recorder.rb
135
+ - lib/activerecord-tenant-level-security/schema_dumper.rb
136
+ - lib/activerecord-tenant-level-security/schema_statements.rb
137
+ - lib/activerecord-tenant-level-security/sidekiq.rb
138
+ - lib/activerecord-tenant-level-security/tenant_level_security.rb
139
+ - lib/activerecord-tenant-level-security/version.rb
140
+ homepage: https://github.com/kufu/activerecord-tenant-level-security
141
+ licenses:
142
+ - MIT
143
+ metadata:
144
+ homepage_uri: https://github.com/kufu/activerecord-tenant-level-security
145
+ source_code_uri: https://github.com/kufu/activerecord-tenant-level-security
146
+ changelog_uri: https://github.com/kufu/activerecord-tenant-level-security/blob/v0.0.1/CHANGELOG.md
147
+ post_install_message:
148
+ rdoc_options: []
149
+ require_paths:
150
+ - lib
151
+ required_ruby_version: !ruby/object:Gem::Requirement
152
+ requirements:
153
+ - - ">="
154
+ - !ruby/object:Gem::Version
155
+ version: '0'
156
+ required_rubygems_version: !ruby/object:Gem::Requirement
157
+ requirements:
158
+ - - ">="
159
+ - !ruby/object:Gem::Version
160
+ version: '0'
161
+ requirements: []
162
+ rubygems_version: 3.1.2
163
+ signing_key:
164
+ specification_version: 4
165
+ summary: An Active Record extension for Multitenancy with PostgreSQL Row Level Security
166
+ test_files: []