maestrano-rails 0.12.0 → 0.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fedd1ff130d558fb306be8559c24744c04a07d37
-  data.tar.gz: 1cd98b728ff23732d4fecc76686ba46662965f55
+  metadata.gz: 38f6e4c01058ea2bc5b48ffe2b2bd4be30e7163f
+  data.tar.gz: e3cb08aedcfc7691c4ec6aac849842924406ddfd
 SHA512:
-  metadata.gz: aaea660651d7009b7868694cb2b52ae5f7cf9808a82588049e9e2ed73f7da363bba6516be3586a70c25b7b74f7dcf1e745b58d7e49312866ac14e93a15f0447a
-  data.tar.gz: 2785e1b32bbec1ecca65d252565e651086c348fa2384ccaccec90dc4d7445604925a6c299e5203c2a913998af5c09257b4652722d908d33a436a5faecdcf5988
+  metadata.gz: a7b5df754ad9e5bc9ad8e2f092691cab8924003ae3349b1bdb54e7562caf130e7740570d98b42eb33bd193e1bf79a56136909e9bfb6f473c437def5a3926ee4f
+  data.tar.gz: c69ced5c12f9d2913792787413a62b14cd2ed62f519a99282c01e93894be4ea9f8ee3c92a10a88bf25b4dfe142cac738d374d35f9603e6456c7749cfabb01b6b

data/Gemfile

@@ -2,7 +2,7 @@ source "http://rubygems.org"
 
 gem 'rails'
 gem 'jquery-rails'
-gem 'maestrano', '~> 0.12.0'
+gem 'maestrano', '~> 0.12.1'
 
 group :test do
   gem 'test-unit'

data/Gemfile.lock

@@ -1,42 +1,54 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    actionmailer (4.1.4)
-      actionpack (= 4.1.4)
-      actionview (= 4.1.4)
-      mail (~> 2.5.4)
-    actionpack (4.1.4)
-      actionview (= 4.1.4)
-      activesupport (= 4.1.4)
-      rack (~> 1.5.2)
+    actionmailer (4.2.5)
+      actionpack (= 4.2.5)
+      actionview (= 4.2.5)
+      activejob (= 4.2.5)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.5)
+      actionview (= 4.2.5)
+      activesupport (= 4.2.5)
+      rack (~> 1.6)
       rack-test (~> 0.6.2)
-    actionview (4.1.4)
-      activesupport (= 4.1.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (4.2.5)
+      activesupport (= 4.2.5)
       builder (~> 3.1)
       erubis (~> 2.7.0)
-    activemodel (4.1.4)
-      activesupport (= 4.1.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    activejob (4.2.5)
+      activesupport (= 4.2.5)
+      globalid (>= 0.3.0)
+    activemodel (4.2.5)
+      activesupport (= 4.2.5)
       builder (~> 3.1)
-    activerecord (4.1.4)
-      activemodel (= 4.1.4)
-      activesupport (= 4.1.4)
-      arel (~> 5.0.0)
-    activesupport (4.1.4)
-      i18n (~> 0.6, >= 0.6.9)
+    activerecord (4.2.5)
+      activemodel (= 4.2.5)
+      activesupport (= 4.2.5)
+      arel (~> 6.0)
+    activesupport (4.2.5)
+      i18n (~> 0.7)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
-      thread_safe (~> 0.1)
+      thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
     addressable (2.3.6)
-    arel (5.0.1.20140414130214)
+    arel (6.0.3)
     bson (1.10.2)
+    bson (1.10.2-java)
     bson_ext (1.10.2)
       bson (~> 1.10.2)
     builder (3.2.2)
+    concurrent-ruby (1.0.0)
+    concurrent-ruby (1.0.0-java)
     database_cleaner (1.3.0)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
-    domain_name (0.5.24)
+    domain_name (0.5.25)
       unf (>= 0.0.5, < 1.0.0)
     durran-validatable (2.0.1)
     erubis (2.7.0)
@@ -51,15 +63,16 @@ GEM
       multi_json (>= 1.7.5, < 2.0)
       nokogiri (~> 1.6.3)
       oauth2
+    globalid (0.3.6)
+      activesupport (>= 4.1.0)
     hashie (3.2.0)
     highline (1.6.21)
-    hike (1.2.3)
     http-cookie (1.0.2)
       domain_name (~> 0.5)
     httparty (0.13.7)
       json (~> 1.8)
       multi_xml (>= 0.5.2)
-    i18n (0.6.11)
+    i18n (0.7.0)
     jeweler (2.0.1)
       builder
       bundler (>= 1.0)
@@ -72,39 +85,42 @@ GEM
     jquery-rails (3.1.1)
       railties (>= 3.0, < 5.0)
       thor (>= 0.14, < 2.0)
-    json (1.8.1)
-    json (1.8.1-java)
+    json (1.8.3)
+    json (1.8.3-java)
     jwt (1.0.0)
     leshill-will_paginate (2.3.11)
+    loofah (2.0.3)
+      nokogiri (>= 1.5.9)
     macaddr (1.7.1)
       systemu (~> 2.6.2)
-    maestrano (0.12.0)
+    maestrano (0.12.1)
       httparty (~> 0.13)
       json (~> 1.8)
       mime-types (~> 1.25)
       nokogiri (>= 1.5.0)
       rest-client (~> 1.4)
       uuid (~> 2.3)
-    mail (2.5.4)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
     metaclass (0.0.4)
     mime-types (1.25.1)
     mini_portile (0.6.0)
-    minitest (5.4.0)
+    minitest (5.8.3)
     mocha (1.1.0)
       metaclass (~> 0.0.1)
     mongo (1.10.2)
       bson (= 1.10.2)
+    mongo (1.10.2-java)
+      bson (= 1.10.2)
     mongoid (1.0.6)
       activesupport (>= 2.2.2)
       durran-validatable (>= 2.0.1)
       leshill-will_paginate (>= 2.3.11)
       mongo (>= 0.18.2)
-    multi_json (1.10.1)
+    multi_json (1.11.2)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
-    netrc (0.10.3)
+    netrc (0.11.0)
     nokogiri (1.6.3.1)
       mini_portile (= 0.6.0)
     nokogiri (1.6.3.1-java)
@@ -114,26 +130,34 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (~> 1.2)
-    polyglot (0.3.5)
-    rack (1.5.2)
-    rack-test (0.6.2)
+    rack (1.6.4)
+    rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.1.4)
-      actionmailer (= 4.1.4)
-      actionpack (= 4.1.4)
-      actionview (= 4.1.4)
-      activemodel (= 4.1.4)
-      activerecord (= 4.1.4)
-      activesupport (= 4.1.4)
+    rails (4.2.5)
+      actionmailer (= 4.2.5)
+      actionpack (= 4.2.5)
+      actionview (= 4.2.5)
+      activejob (= 4.2.5)
+      activemodel (= 4.2.5)
+      activerecord (= 4.2.5)
+      activesupport (= 4.2.5)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.1.4)
-      sprockets-rails (~> 2.0)
-    railties (4.1.4)
-      actionpack (= 4.1.4)
-      activesupport (= 4.1.4)
+      railties (= 4.2.5)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.7)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.2)
+      loofah (~> 2.0)
+    railties (4.2.5)
+      actionpack (= 4.2.5)
+      activesupport (= 4.2.5)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (10.3.2)
+    rake (10.5.0)
     rdoc (4.1.1)
       json (~> 1.4)
     rest-client (1.8.0)
@@ -146,25 +170,20 @@ GEM
     shoulda-context (1.2.1)
     shoulda-matchers (2.6.2)
       activesupport (>= 3.0.0)
-    sprockets (2.12.1)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.1.3)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      sprockets (~> 2.8)
+    sprockets (3.5.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.0.0)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
     sqlite3 (1.3.9)
     systemu (2.6.5)
     test-unit (2.5.5)
     thor (0.19.1)
-    thread_safe (0.3.4)
-    tilt (1.4.1)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (1.2.1)
+    thread_safe (0.3.5)
+    thread_safe (0.3.5-java)
+    tzinfo (1.2.2)
       thread_safe (~> 0.1)
     unf (0.1.4)
       unf_ext
@@ -182,10 +201,13 @@ DEPENDENCIES
   database_cleaner
   jeweler
   jquery-rails
-  maestrano (~> 0.12.0)
+  maestrano (~> 0.12.1)
   mocha
   mongoid
   rails
   shoulda
   sqlite3
   test-unit
+
+BUNDLED WITH
+   1.10.6

data/app/controllers/maestrano/rails/saml_base_controller.rb

@@ -3,12 +3,10 @@ class Maestrano::Rails::SamlBaseController < ApplicationController
   protect_from_forgery :except => [:consume]
   around_filter :saml_response_transaction, only: [:consume]
   
-  # GET /maestrano/auth/saml/init
   # GET /maestrano/auth/saml/init/:tenant
   #
   # Initialize the SAML request and redirects the user to Maestrano
   def init
-    session[:tenant] = params[:tenant]
     redirect_to Maestrano::Saml::Request[params[:tenant]].new(params, session).redirect_url
   end
   

data/lib/generators/active_record/maestrano_group_generator.rb

@@ -31,6 +31,7 @@ module ActiveRecord
       ## User source identification fields
       t.string :provider
       t.string :uid
+      t.string :tenant
 RUBY
       end
     end

data/lib/generators/active_record/maestrano_user_generator.rb

@@ -31,6 +31,7 @@ module ActiveRecord
       ## User source identification fields
       t.string :provider
       t.string :uid
+      t.string :tenant
 RUBY
       end
     end

data/lib/generators/maestrano/initializer_generator.rb

@@ -0,0 +1,12 @@
+module Maestrano
+  module Generators
+    class InitializerGenerator < ::Rails::Generators::Base
+      source_root File.expand_path("../templates", __FILE__)
+      desc "Creates a Maestrano initializer and a customizable controller for SAML Single Sign-On"
+
+      def copy_initializer
+        template "maestrano.rb", "config/initializers/maestrano.rb"
+      end
+    end
+  end
+end

data/lib/generators/maestrano/install_generator.rb

@@ -1,25 +1,27 @@
+require_relative 'initializer_generator'
+
 module Maestrano
   module Generators
     class InstallGenerator < ::Rails::Generators::Base
       source_root File.expand_path("../templates", __FILE__)
       desc "Creates a Maestrano initializer and a customizable controller for SAML Single Sign-On"
-      
+
       def copy_initializer
-        template "maestrano.rb", "config/initializers/maestrano.rb"
+        Maestrano::Generators::InitializerGenerator.new('maestrano:initializer').invoke_all
       end
-      
+
       def copy_saml_controller
         template "saml_controller.rb", "app/controllers/maestrano/auth/saml_controller.rb"
       end
-      
+
       def copy_account_groups_controller
         template "groups_controller.rb", "app/controllers/maestrano/account/groups_controller.rb"
       end
-      
+
       def copy_account_group_users_controller
         template "group_users_controller.rb", "app/controllers/maestrano/account/group_users_controller.rb"
       end
-      
+
       def add_maestrano_routes
         maestrano_routes = <<-CONTENT
 maestrano_routes

data/lib/generators/maestrano/orm_helpers.rb

@@ -7,7 +7,7 @@ module Maestrano
         if model_type == 'user'
           buffer = <<-CONTENT
   # Enable Maestrano for this user
-  maestrano_user_via :provider, :uid do |user,maestrano|
+  maestrano_user_via :provider, :uid, :tenant do |user,maestrano|
     user.name = maestrano.first_name
     user.surname = maestrano.last_name
     user.email = maestrano.email
@@ -20,7 +20,7 @@ CONTENT
         else
           buffer = <<-CONTENT
   # Enable Maestrano for this group
-  maestrano_group_via :provider, :uid do |group, maestrano|
+  maestrano_group_via :provider, :uid, :tenant do |group, maestrano|
     group.name = (maestrano.company_name || "Default Group name")
     # group.principal_email = maestrano.email
     # group.city = maestrano.city

data/lib/generators/maestrano/templates/group_users_controller.rb

@@ -1,11 +1,12 @@
 class Maestrano::Account::GroupUsersController < Maestrano::Rails::WebHookController
 
-  # DELETE /maestrano/account/groups/cld-1/users/usr-1
+  # DELETE /maestrano/account/groups/cld-1/users/usr-1/:tenant
   # Remove a user from a group
   def destroy
     # Set the right uid based on Maestrano.param('sso.creation_mode')
     user_uid = Maestrano.mask_user(params[:id],params[:group_id]) 
     group_uid = params[:group_id]
+    tenant = params[:tenant]
     
     # Perform association deletion steps here
     # --
@@ -13,8 +14,8 @@ class Maestrano::Account::GroupUsersController < Maestrano::Rails::WebHookContro
     # then you might want to just delete/cancel/block the user
     #
     # E.g
-    # user = User.find_by_provider_and_uid('maestrano',user_uid)
-    # organization = Organization.find_by_provider_and_uid('maestrano',group_uid)
+    # user = User.find_by_tenant_and_uid(tenant, user_uid)
+    # organization = Organization.find_by_tenant_and_uid(tenant ,group_uid)
     # 
     # if Maestrano.param('sso.creation_mode') == 'virtual'
     #  user.destroy

data/lib/generators/maestrano/templates/groups_controller.rb

@@ -1,9 +1,10 @@
 class Maestrano::Account::GroupsController < Maestrano::Rails::WebHookController
   
-  # DELETE /maestrano/account/groups/cld-1
+  # DELETE /maestrano/account/groups/cld-1/:tenant
   # Delete an entire group
   def destroy
     group_uid = params[:id]
+    tenant = params[:tenant]
     
     # Perform deletion steps here
     # --
@@ -15,7 +16,7 @@ class Maestrano::Account::GroupsController < Maestrano::Rails::WebHookController
     # that group
     # --
     # E.g:
-    # organization = Organization.find_by_provider_and_uid('maestrano',group_uid)
+    # organization = Organization.find_by_tenant_and_uid(tenant, group_uid)
     #
     # amount_cents = organization.calculate_total_due_remaining
     # Maestrano::Account::Bill.create({

data/lib/generators/maestrano/templates/maestrano.rb

@@ -52,7 +52,7 @@ Maestrano.configure do |config|
   # generated when you run 'rake maestrano:install' and is available at
   # <rails_root>/app/controllers/maestrano/auth/saml.rb
   #
-  # config.sso.init_path = '/maestrano/auth/saml/init'
+  config.sso.init_path = '/maestrano/auth/saml/init/default'
   
   # ==> SSO Consumer endpoint
   # This is your application path to the SAML endpoint that allows users to
@@ -63,7 +63,7 @@ Maestrano.configure do |config|
   # generated when you run 'rake maestrano:install' and is available at
   # <rails_root>/app/controllers/maestrano/auth/saml.rb
   #
-  # config.sso.consume_path = '/maestrano/auth/saml/consume'
+  config.sso.consume_path = '/maestrano/auth/saml/consume/default'
   
   # ==> Single Logout activation
   # Enable/Disable single logout. When troubleshooting authentication issues
@@ -121,8 +121,8 @@ Maestrano.configure do |config|
   # you run 'rake maestrano:install' and is available under
   # <rails_root>/app/controllers/maestrano/account/
   #
-  # config.webhook.account.groups_path = '/maestrano/account/groups/:id',
-  # config.webhook.account.group_users_path = '/maestrano/account/groups/:group_id/users/:id',
+  config.webhook.account.groups_path = '/maestrano/account/groups/:id/default'
+  config.webhook.account.group_users_path = '/maestrano/account/groups/:group_id/users/:id/default'
 end
 
 # Example of multi-tenant configuration
@@ -132,4 +132,9 @@ Maestrano['other-tenant'].configure do |config|
   
   config.api.id = (config.environment == 'production' ? 'prod_app_id' : 'sandbox_app_id')
   config.api.key = (config.environment == 'production' ? 'prod_api_key' : 'sandbox_api_key')
+
+  config.sso.init_path = '/maestrano/auth/saml/init/other-tenant'
+  config.sso.consume_path = '/maestrano/auth/saml/consume/other-tenant'
+  config.webhook.account.groups_path = '/maestrano/account/groups/:id/other-tenant'
+  config.webhook.account.group_users_path = '/maestrano/account/groups/:group_id/users/:id/other-tenant'
 end

data/lib/generators/maestrano/templates/saml_controller.rb

@@ -1,6 +1,6 @@
 class Maestrano::Auth::SamlController < Maestrano::Rails::SamlBaseController
   
-  #== POST '/maestrano/auth/saml/consume'
+  #== POST '/maestrano/auth/saml/consume/:tenant'
   # Final phase of the Single Sign-On handshake. Find or create
   # the required resources (user and group) and sign the user
   # in
@@ -25,6 +25,11 @@ class Maestrano::Auth::SamlController < Maestrano::Rails::SamlBaseController
     # user = User.find_or_create_for_maestrano(user_auth_hash)
     # organization = Organization.find_or_create_for_maestrano(group_auth_hash)
     #
+    # user.tenant = params[:tenant]
+    # user.save
+    # organization.tenant = params[:tenant]
+    # organization.save
+    #
     #
     ### 2) Add the user to the group if not already a member
     ### --

data/lib/generators/mongoid/maestrano_group_generator.rb

@@ -19,6 +19,7 @@ module Mongoid
   ## User source identification fields
   field :provider,  type: String, default: ""
   field :uid,       type: String, default: ""
+  field :tenant,    type: String, default: ""
 RUBY
       end
     end

data/lib/generators/mongoid/maestrano_user_generator.rb

@@ -19,6 +19,7 @@ module Mongoid
   ## User source identification fields
   field :provider,  type: String, default: ""
   field :uid,       type: String, default: ""
+  field :tenant,    type: String, default: ""
 RUBY
       end
     end

data/lib/maestrano/rails/models/maestrano_auth_resource.rb

@@ -13,9 +13,9 @@ module Maestrano
       module ClassMethods
         # Configure a user model with mapping to SSO fields
         # and add user behaviour
-        def maestrano_user_via(provider_field,uid_field, &block)
+        def maestrano_user_via(provider_field, uid_field, tenant_field, &block)
           extend Maestrano::Rails::MaestranoAuthResource::LocalClassGenericMethods
-          self.maestrano_generic_configurator(provider_field,uid_field, &block)
+          self.maestrano_generic_configurator(provider_field, uid_field, tenant_field, &block)
           
           include Maestrano::Rails::MaestranoAuthResource::LocalInstanceUserMethods
           
@@ -27,9 +27,9 @@ module Maestrano
         
         # Configure a group model with mapping to SSO fields
         # and add group behaviour
-        def maestrano_group_via(provider_field,uid_field, &block)
+        def maestrano_group_via(provider_field, uid_field, tenant_field, &block)
           extend Maestrano::Rails::MaestranoAuthResource::LocalClassGenericMethods
-          self.maestrano_generic_configurator(provider_field,uid_field, &block)
+          self.maestrano_generic_configurator(provider_field, uid_field, tenant_field, &block)
           
           include Maestrano::Rails::MaestranoAuthResource::LocalInstanceGroupMethods
         end
@@ -38,11 +38,12 @@ module Maestrano
       # Actual class methods - injected after behaviour 
       # has been added (don't polute the model scope)
       module LocalClassGenericMethods
-        def maestrano_generic_configurator(provider_field,uid_field, &block)
+        def maestrano_generic_configurator(provider_field, uid_field, tenant_field, &block)
           cattr_accessor :maestrano_options
           self.maestrano_options = {
             provider: provider_field.to_s,
             uid: uid_field.to_s,
+            tenant: tenant_field.to_s,
             mapping: block
           }
           
@@ -51,11 +52,12 @@ module Maestrano
         
         # Find the resource based on provider and uid fields or create
         # it using the mapping block defined at the model level
-        def find_or_create_for_maestrano(auth_hash)
+        def find_or_create_for_maestrano(auth_hash, tenant='default')
           # Look for the entity first
           entity = self.where(
             self.maestrano_options[:provider].to_sym => auth_hash[:provider],
             self.maestrano_options[:uid].to_sym => auth_hash[:uid],
+            self.maestrano_options[:tenant].to_sym => tenant
           ).first
           
           # Create it otherwise
@@ -78,11 +80,12 @@ module Maestrano
             end
             
             # Call mapping block
-            self.maestrano_options[:mapping].call(entity,info,extra)
+            self.maestrano_options[:mapping].call(entity, info, extra)
             
-            # Finally set provider and uid then save
-            entity.send("#{self.maestrano_options[:provider]}=",auth_hash[:provider])
-            entity.send("#{self.maestrano_options[:uid]}=",auth_hash[:uid])
+            # Finally set provider, uid and tenant then save
+            entity.send("#{self.maestrano_options[:provider]}=", auth_hash[:provider])
+            entity.send("#{self.maestrano_options[:uid]}=", auth_hash[:uid])
+            entity.send("#{self.maestrano_options[:tenant]}=", tenant)
             entity.save!
           end
           

data/lib/maestrano/rails/routing/routes.rb

@@ -3,22 +3,41 @@ module ActionDispatch::Routing
     def maestrano_routes
       namespace :maestrano do
         scope module: :rails do
+          # GET /maestrano/metadata
           get '/metadata', to: 'metadata#index'
-          get '/metadata/:tenant', to: 'metadata#index', as: 'tenant'
+
+          # GET /maestrano/metadata/mytenant
+          get '/metadata/:tenant', to: 'metadata#index'
         end
 
         namespace :auth do
           resources :saml, only:[] do
-            get 'init', on: :collection
-            get 'init/:tenant', on: :collection, to: 'saml#init', as: 'tenant'
-            post 'consume', on: :collection
+            # GET /maestrano/auth/saml/init
+            get 'init', on: :collection, to: 'saml#init', as: :default
+
+            # GET /maestrano/auth/saml/init/mytenant
+            get 'init/:tenant', on: :collection, to: 'saml#init', as: :tenant
+
+            # POST /maestrano/auth/saml/consume
+            post 'consume', on: :collection, to: 'saml#consume'
+
+            # POST /maestrano/auth/saml/consume/mytenant
+            post 'consume/:tenant', on: :collection, to: 'saml#consume'
           end
         end
-        
+
         namespace :account do
-          resources :groups, only: [:destroy] do
-            resources :users, only: [:destroy], controller: 'group_users'
-          end
+          # DELETE /maestrano/account/groups/cld-1234
+          delete 'groups/:id', to: 'groups#destroy'
+
+          # DELETE /maestrano/account/groups/cld-1234/mytenant
+          delete 'groups/:id/:tenant', to: 'groups#destroy'
+
+          # DELETE /maestrano/account/groups/cld-1234/users/usr-1234
+          delete 'groups/:group_id/users/:id', to: 'group_users#destroy'
+
+          # DELETE /maestrano/account/groups/cld-1234/users/usr-1234/mytenant
+          delete 'groups/:group_id/users/:id/:tenant', to: 'group_users#destroy'
         end
       end
     end