acts_as_tenant 0.4.1 → 0.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 215e3c4bffac36cc0e111df4d91ce5d48cd9180b
-  data.tar.gz: 4cc15333e4bb02df2708e6e1b65d8b1d62fe0732
+  metadata.gz: abc77aadd13ef4f32cbbbe8af35e7d48177b6cba
+  data.tar.gz: 0f151185b5ff68073c2bc85655e3972907453482
 SHA512:
-  metadata.gz: 13089890ed6915b0cac19a818ca3d45d30e3e24c4534aa238a3f039674f1d375508534271b919c31aa142ed3871afde6c1796ea5123e3acf1db6c50dc67eb567
-  data.tar.gz: 444740576efaca0fd486d3a8ab8d72b39f33122dbbec9cf18f40a7f16089cb97c2107624e1d131b6df27190f7c89ab006b83e1cd58dcec216380698b4bfdcc0a
+  metadata.gz: '087f67e11e1cb133274eaa45ce505c0b535df937e8f49149e898f83eb92e69f321ce0ab58d36a8ea5aa36d38e5b6a5bf637a56c71a872effeda875dc707576f2'
+  data.tar.gz: 60b79f39295a57bee878532cb697ac8b5570afed65bc9ffeb01a0daa80167f2c074788e1a46855ed321d12aae18135f237ef86de360b30c58728e0f1966dcdb1

data/CHANGELOG.md

@@ -1,3 +1,5 @@
+* Replace all `before_filter` with `before_action` for Rails 5.1 compatibility
+
 0.4.1
 ------
 * Removed (stale, no longer working) MongoDB support; moved code to separate branch

data/README.md

@@ -1,9 +1,9 @@
 Acts As Tenant
 ==============
 
-[![Build Status](https://travis-ci.org/ErwinM/acts_as_tenant.png)](https://travis-ci.org/ErwinM/acts_as_tenant)
+[![Build Status](https://travis-ci.org/ErwinM/acts_as_tenant.svg)](https://travis-ci.org/ErwinM/acts_as_tenant)
 
-**Note**: acts_as_tenant was introduced in this [blog post](http://www.rollcallapp.com/blog/2011/10/03/adding-multi-tenancy-to-your-rails-app-acts-as-tenant).
+**Note**: acts_as_tenant was introduced in this [blog post](https://github.com/ErwinM/acts_as_tenant/blob/master/docs/blog_post.md).
 
 This gem was born out of our own need for a fail-safe and out-of-the-way manner to add multi-tenancy to our Rails app through a shared database strategy, that integrates (near) seamless with Rails.
 
@@ -58,7 +58,7 @@ Alternatively, you could locate the tenant using the method `set_current_tenant_
 ```ruby
 class ApplicationController < ActionController::Base
   set_current_tenant_through_filter
-  before_filter :your_method_that_finds_the_current_tenant
+  before_action :your_method_that_finds_the_current_tenant
 
   def your_method_that_finds_the_current_tenant
     current_account = Account.find_it
@@ -67,7 +67,7 @@ class ApplicationController < ActionController::Base
 end
 ```
 
-Setting the `current_tenant` yourself, requires you to declare `set_current_tenant_through_filter` at the top of your application_controller to tell acts_as_tenant that you are going to use a before_filter to setup the current tenant. Next you should actually setup that before_filter to fetch the current tenant and pass it to `acts_as_tenant` by using `set_current_tenant(current_tenant)` in the before_filter.
+Setting the `current_tenant` yourself, requires you to declare `set_current_tenant_through_filter` at the top of your application_controller to tell acts_as_tenant that you are going to use a before_action to setup the current tenant. Next you should actually setup that before_action to fetch the current tenant and pass it to `acts_as_tenant` by using `set_current_tenant(current_tenant)` in the before_action.
 
 
 ### Setting the current tenant for a block ###
@@ -213,7 +213,6 @@ If you want to contribute, fork the project, code your improvements and make a p
 Author & Credits
 ----------------
 acts_as_tenant is written by Erwin Matthijssen.
-Erwin is currently busy developing [Roll Call](http://www.rollcallapp.com/ "Roll Call App").
 
 This gem was inspired by Ryan Sonnek's [Multitenant](https://github.com/wireframe/multitenant) gem and its use of default_scope.
 

data/_config.yml

@@ -0,0 +1 @@
+theme: jekyll-theme-tactile

data/acts_as_tenant.gemspec

@@ -19,12 +19,12 @@ Gem::Specification.new do |s|
   s.require_paths = ["lib"]
 
   s.add_runtime_dependency('request_store', '>= 1.0.5')
-  s.add_dependency('rails','>= 3.1')
+  s.add_dependency('rails','>= 4.0')
   #s.add_dependency('request_store', '>= 1.0.5')
 
   s.add_development_dependency('rspec', '>=3.0')
   s.add_development_dependency('rspec-rails')
-  s.add_development_dependency('database_cleaner', '~> 1.3.0')
+  s.add_development_dependency('database_cleaner', '~> 1.5.3')
   s.add_development_dependency('sqlite3')
   #s.add_development_dependency('mongoid', '~> 4.0')
 

data/docs/blog_post.md

@@ -0,0 +1,67 @@
+<h2> Adding multi-tenancy to your Rails app: acts_as_tenant </h2>
+Roll Call is implemented as a multi-tenant application: each user gets their own instance of the app, content is strictly scoped to a user&#8217;s instance. In Rails, this can be achieved in various ways. Guy Naor did a great job of diving into the pros and cons of each option in his <a href="http://confreaks.net/videos/111-aac2009-writing-multi-tenant-applications-in-rails">2009 Acts As Conference talk</a>. If you are doing multi-tenancy in Rails, you should watch his video.</p>
+<p>With a multi-db or multi-schema approach, you only deal with the multi-tenancy-aspect in a few specific spots in your app (Jerod Santo recently wrote an excellent post on implementing a <a href="http://blog.jerodsanto.net/2011/07/building-multi-tenant-rails-apps-with-postgresql-schemas/">multi-schema strategy</a>). Compared to the previous two strategies, a <strong>shared database</strong> strategy has the downside that the &#8216;multi-tenancy&#8217;-logic is something you need to actively be aware of and manage in almost every part of your app.</p>
+<h4>Using a Shared Database strategy is alot of work!</h4>
+<p>For various other reasons we opted for a <strong>shared database</strong> strategy. However, for us the prospect of dealing with the multi-tenancy-logic throughout our app, was not appealing. Worse, we run the risk of accidently exposing content of one tenant to another one, if we mismanage this logic. While researching this topic I noticed there are no real ready made solutions available that get you on your way, <a href="http://github.com/wireframe/multitenant">Ryan Sonnek</a> wrote his &#8216;multitenant&#8217; gem and <a href="http://github.com/mconnell/multi_tenant">Mark Connel</a> did the same. Neither of these solution seemed &#8220;finished&#8221; to us. So, we wrote our own implementation.</p>
+<h4>First, how does multi-tenancy with a shared database strategy work</h4>
+<p>A shared database strategy manages the multi-tenancy-logic through Rails associations. A tenant is represented by an object, for example an <code>Account</code>. All other objects are associated with a tenant: <code>belongs_to :account</code>. Each request starts with finding the <code>@current_account</code>. After that, each find is scoped through the tenant object: <code>current_account.projects.all</code>. This has to be remembered everywhere: in model method declarations and in controller actions. Otherwise, you&#8217;re exposing content of other tenants.</p>
+<p>In addition, you have to actively babysit other parts of your app: <code>validates_uniqueness_of</code> requires you to scope it to the current tenant. You also have to protect agaist all sorts of form-injections that could allow one tenant to gain access or temper with the content of another tenant (see <a href="http://www.slideshare.net/tardate/multitenancy-with-rails">Paul Gallaghers</a> presentation for more on these dangers).</p>
+<h4>Enter acts_as_tenant</h4>
+<p>I wanted to implement all the concerns above in an easy to manage, out of the way fashion. We should be able to add a single declaration to our model and that should implement:</p>
+<ol>
+	<li>scoping all searches to the current <code>Account</code></li>
+	<li>scoping the uniqueness validator to the current <code>Account</code></li>
+	<li>protecting against various nastiness trying to circumvent the scoping.</li>
+</ol>
+<p>The result is <code>acts_as_tenant</code> (<a href="https://github.com/ErwinM/acts_as_tenant">github</a>), a rails gem that will add multi tenancy using a shared database to your rails app in an out-of-your way fashion.</p>
+<p>In the <span class="caps">README</span>, you will find more information on using <code>acts_as_tenant</code> in your projects, so we&#8217;ll give you a high-level overview here. Let&#8217;s suppose that you have an app to which you want to add multi tenancy, tenants are represented by the <code>Account</code> model and <code>Project</code> is one of the models that should be scoped by tenant:</p>
+
+```ruby
+  class Addaccounttoproject < ActiveRecord::Migration
+    def change
+      add_column :projects, :account_id, :integer
+    end
+  end
+
+  class Project < ActiveRecord::Base
+    acts_as_tenant(:account)
+    validates_uniqueness_to_tenant :name
+  end
+```
+What does adding these two methods accomplish:
+<ol>
+	<li>it ensures every search on the project model will be scoped to the current tenant,</li>
+	<li>it adds validation for every association confirming the associated object does indeed belong to the current tenant,</li>
+	<li>it validates the uniqueness of `:name` to the current tenant,</li>
+	<li>it implements a bunch of safeguards preventing all kinds of nastiness from exposing other tenants data (mainly form-injection attacks).</li>
+</ol>
+<p>Ofcourse, all the above assumes `acts_as_tenant` actually knows who the current tenant is. Two strategies are implemented to help with this.</p>
+<p><strong>Using the subdomain to workout the current tenant</strong></p>
+
+```ruby
+  class ApplicationController < ActionController::Base
+    set_current_tenant_by_subdomain(:account, :subdomain)
+  end
+```
+<p>Adding the above method to your `application_controller` tells `acts_as_tenant`:</p>
+<ol>
+	<li>the current tenant should be found based on the subdomain (e.g. account1.myappdomain.com),</li>
+	<li>tenants are represented by the `Account`-model and</li>
+	<li>the `Account` model has a column named `subdomain` that should be used the lookup the current account, using the current subdomain.</li>
+</ol>
+<p><strong>Passing the current account to acts_as_tenant yourself</strong></p>
+
+```ruby
+  class ApplicationController < ActionController::Base
+    current_account = Account.method_to_find_the_current_account
+    set_current_tenant_to(current_account)
+  end
+```
+<p>`Acts_as_tenant` also adds a handy helper to your controllers `current_tenant`, containing the current tenant object.</p>
+<h4>Great! Anything else I should know? A few caveats:</h4>
+<ul>
+	<li>scoping of models *only* works if `acts_as_tenant` has a current_tenant available. If you do not set one by one of the methods described above, *no scope* will be applied!</li>
+	<li>for validating uniqueness within a tenant scope you must use the `validates_uniqueness_to_tenant`method. This method takes all the options the regular `validates_uniqueness_of` method takes.</li>
+	<li>it is probably best to add the `acts_as_tenant` declaration after any other `default_scope` declarations you add to a model (I am not exactly sure how rails 3 handles the chaining. If someone can enlighten me, thanks!).</li>
+</ul>
+<p>We have been testing <a href="https://github.com/ErwinM/acts_as_tenant">acts_as_tenant</a> within Roll Call during recent weeks and it seems to be behaving well. Having said that, we welcome any feedback. This is my first real attempt at a plugin and the possibility of various improvements is almost a given.</p>

data/lib/acts_as_tenant.rb

@@ -18,6 +18,10 @@ if defined?(ActionController::Base)
   ActionController::Base.extend ActsAsTenant::ControllerExtensions
 end
 
+if defined?(ActionController::API)
+  ActionController::API.extend ActsAsTenant::ControllerExtensions
+end
+
 module ActsAsTenant
 end
   

data/lib/acts_as_tenant/controller_extensions.rb

@@ -13,8 +13,10 @@ module ActsAsTenant
       self.tenant_column = column.to_sym
 
       self.class_eval do
-        before_filter :find_tenant_by_subdomain
-        helper_method :current_tenant
+
+        before_action :find_tenant_by_subdomain
+        helper_method :current_tenant if respond_to?(:helper_method)
+
 
         private
           def find_tenant_by_subdomain
@@ -42,8 +44,10 @@ module ActsAsTenant
       self.tenant_second_column = second_column.to_sym
 
       self.class_eval do
-        before_filter :find_tenant_by_subdomain_or_domain
-        helper_method :current_tenant
+
+        before_action :find_tenant_by_subdomain_or_domain
+        helper_method :current_tenant if respond_to?(:helper_method)
+
 
         private
           def find_tenant_by_subdomain_or_domain
@@ -62,10 +66,10 @@ module ActsAsTenant
 
 
     # This method sets up a method that allows manual setting of the current_tenant. This method should
-    # be used in a before_filter. In addition, a helper is setup that returns the current_tenant
+    # be used in a before_action. In addition, a helper is setup that returns the current_tenant
     def set_current_tenant_through_filter
       self.class_eval do
-        helper_method :current_tenant
+        helper_method :current_tenant if respond_to?(:helper_method)
 
         private
           def set_current_tenant(current_tenant_object)

data/lib/acts_as_tenant/version.rb

@@ -1,3 +1,3 @@
 module ActsAsTenant
-  VERSION = "0.4.1"
+  VERSION = "0.4.2"
 end

data/spec/acts_as_tenant/model_extensions_spec.rb

@@ -24,7 +24,7 @@ describe ActsAsTenant do
       @project = @account.projects.create!(:name => 'bar')
     end
 
-    it { expect {@project.account_id = @account.id + 1}.to raise_error }
+    it { expect {@project.account_id = @account.id + 1}.to raise_error(ActsAsTenant::Errors::TenantIsImmutable) }
   end
 
   describe 'setting tenant_id to the same value should not error' do

data/spec/acts_as_tenant/tenant_by_filter_spec.rb

@@ -8,7 +8,7 @@ end
 class ApplicationController2 < ActionController::Base
   include Rails.application.routes.url_helpers
   set_current_tenant_through_filter
-  before_filter :your_method_that_finds_the_current_tenant
+  before_action :your_method_that_finds_the_current_tenant
 
   def your_method_that_finds_the_current_tenant
     current_account = Account.new
@@ -22,7 +22,7 @@ end
 describe ApplicationController2, :type => :controller do
   controller do
     def index
-      render :text => "custom called"
+      render :plain => "custom called"
     end
   end
 
@@ -30,4 +30,4 @@ describe ApplicationController2, :type => :controller do
     get :index
     expect(ActsAsTenant.current_tenant.name).to eq 'account1'
   end
-end
+end

data/spec/acts_as_tenant/tenant_by_subdomain_spec.rb

@@ -12,7 +12,7 @@ end
 describe ApplicationController, :type => :controller do
   controller do
     def index
-      render :text => "custom called"
+      render :plain => "custom called"
     end
   end
 
@@ -29,4 +29,4 @@ describe ApplicationController, :type => :controller do
     get :index
     expect(ActsAsTenant.current_tenant).to eq 'account1'
   end
-end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: acts_as_tenant
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.4.2
 platform: ruby
 authors:
 - Erwin Matthijssen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-13 00:00:00.000000000 Z
+date: 2018-01-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: request_store
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.5.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.5.3
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -123,7 +123,9 @@ files:
 - MIT-LICENSE
 - README.md
 - Rakefile
+- _config.yml
 - acts_as_tenant.gemspec
+- docs/blog_post.md
 - lib/acts_as_tenant.rb
 - lib/acts_as_tenant/configuration.rb
 - lib/acts_as_tenant/controller_extensions.rb
@@ -161,7 +163,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: acts_as_tenant
-rubygems_version: 2.4.5.1
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: Add multi-tenancy to Rails applications using a shared db strategy