RubyGems - maestrano-rails - Versions diffs - 0.12.0 → 0.13.0 - Mend

maestrano-rails 0.12.0 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (122) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fedd1ff130d558fb306be8559c24744c04a07d37
-  data.tar.gz: 1cd98b728ff23732d4fecc76686ba46662965f55
+  metadata.gz: 38f6e4c01058ea2bc5b48ffe2b2bd4be30e7163f
+  data.tar.gz: e3cb08aedcfc7691c4ec6aac849842924406ddfd
 SHA512:
-  metadata.gz: aaea660651d7009b7868694cb2b52ae5f7cf9808a82588049e9e2ed73f7da363bba6516be3586a70c25b7b74f7dcf1e745b58d7e49312866ac14e93a15f0447a
-  data.tar.gz: 2785e1b32bbec1ecca65d252565e651086c348fa2384ccaccec90dc4d7445604925a6c299e5203c2a913998af5c09257b4652722d908d33a436a5faecdcf5988
+  metadata.gz: a7b5df754ad9e5bc9ad8e2f092691cab8924003ae3349b1bdb54e7562caf130e7740570d98b42eb33bd193e1bf79a56136909e9bfb6f473c437def5a3926ee4f
+  data.tar.gz: c69ced5c12f9d2913792787413a62b14cd2ed62f519a99282c01e93894be4ea9f8ee3c92a10a88bf25b4dfe142cac738d374d35f9603e6456c7749cfabb01b6b

data/Gemfile CHANGED Viewed

@@ -2,7 +2,7 @@ source "http://rubygems.org"
 gem 'rails'
 gem 'jquery-rails'
-gem 'maestrano', '~> 0.12.0'
+gem 'maestrano', '~> 0.12.1'
 group :test do
   gem 'test-unit'

data/Gemfile.lock CHANGED Viewed

@@ -1,42 +1,54 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    actionmailer (4.1.4)
-      actionpack (= 4.1.4)
-      actionview (= 4.1.4)
-      mail (~> 2.5.4)
-    actionpack (4.1.4)
-      actionview (= 4.1.4)
-      activesupport (= 4.1.4)
-      rack (~> 1.5.2)
+    actionmailer (4.2.5)
+      actionpack (= 4.2.5)
+      actionview (= 4.2.5)
+      activejob (= 4.2.5)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.5)
+      actionview (= 4.2.5)
+      activesupport (= 4.2.5)
+      rack (~> 1.6)
       rack-test (~> 0.6.2)
-    actionview (4.1.4)
-      activesupport (= 4.1.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (4.2.5)
+      activesupport (= 4.2.5)
       builder (~> 3.1)
       erubis (~> 2.7.0)
-    activemodel (4.1.4)
-      activesupport (= 4.1.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    activejob (4.2.5)
+      activesupport (= 4.2.5)
+      globalid (>= 0.3.0)
+    activemodel (4.2.5)
+      activesupport (= 4.2.5)
       builder (~> 3.1)
-    activerecord (4.1.4)
-      activemodel (= 4.1.4)
-      activesupport (= 4.1.4)
-      arel (~> 5.0.0)
-    activesupport (4.1.4)
-      i18n (~> 0.6, >= 0.6.9)
+    activerecord (4.2.5)
+      activemodel (= 4.2.5)
+      activesupport (= 4.2.5)
+      arel (~> 6.0)
+    activesupport (4.2.5)
+      i18n (~> 0.7)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
-      thread_safe (~> 0.1)
+      thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
     addressable (2.3.6)
-    arel (5.0.1.20140414130214)
+    arel (6.0.3)
     bson (1.10.2)
+    bson (1.10.2-java)
     bson_ext (1.10.2)
       bson (~> 1.10.2)
     builder (3.2.2)
+    concurrent-ruby (1.0.0)
+    concurrent-ruby (1.0.0-java)
     database_cleaner (1.3.0)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
-    domain_name (0.5.24)
+    domain_name (0.5.25)
       unf (>= 0.0.5, < 1.0.0)
     durran-validatable (2.0.1)
     erubis (2.7.0)
@@ -51,15 +63,16 @@ GEM
       multi_json (>= 1.7.5, < 2.0)
       nokogiri (~> 1.6.3)
       oauth2
+    globalid (0.3.6)
+      activesupport (>= 4.1.0)
     hashie (3.2.0)
     highline (1.6.21)
-    hike (1.2.3)
     http-cookie (1.0.2)
       domain_name (~> 0.5)
     httparty (0.13.7)
       json (~> 1.8)
       multi_xml (>= 0.5.2)
-    i18n (0.6.11)
+    i18n (0.7.0)
     jeweler (2.0.1)
       builder
       bundler (>= 1.0)
@@ -72,39 +85,42 @@ GEM
     jquery-rails (3.1.1)
       railties (>= 3.0, < 5.0)
       thor (>= 0.14, < 2.0)
-    json (1.8.1)
-    json (1.8.1-java)
+    json (1.8.3)
+    json (1.8.3-java)
     jwt (1.0.0)
     leshill-will_paginate (2.3.11)
+    loofah (2.0.3)
+      nokogiri (>= 1.5.9)
     macaddr (1.7.1)
       systemu (~> 2.6.2)
-    maestrano (0.12.0)
+    maestrano (0.12.1)
       httparty (~> 0.13)
       json (~> 1.8)
       mime-types (~> 1.25)
       nokogiri (>= 1.5.0)
       rest-client (~> 1.4)
       uuid (~> 2.3)
-    mail (2.5.4)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
     metaclass (0.0.4)
     mime-types (1.25.1)
     mini_portile (0.6.0)
-    minitest (5.4.0)
+    minitest (5.8.3)
     mocha (1.1.0)
       metaclass (~> 0.0.1)
     mongo (1.10.2)
       bson (= 1.10.2)
+    mongo (1.10.2-java)
+      bson (= 1.10.2)
     mongoid (1.0.6)
       activesupport (>= 2.2.2)
       durran-validatable (>= 2.0.1)
       leshill-will_paginate (>= 2.3.11)
       mongo (>= 0.18.2)
-    multi_json (1.10.1)
+    multi_json (1.11.2)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
-    netrc (0.10.3)
+    netrc (0.11.0)
     nokogiri (1.6.3.1)
       mini_portile (= 0.6.0)
     nokogiri (1.6.3.1-java)
@@ -114,26 +130,34 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (~> 1.2)
-    polyglot (0.3.5)
-    rack (1.5.2)
-    rack-test (0.6.2)
+    rack (1.6.4)
+    rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.1.4)
-      actionmailer (= 4.1.4)
-      actionpack (= 4.1.4)
-      actionview (= 4.1.4)
-      activemodel (= 4.1.4)
-      activerecord (= 4.1.4)
-      activesupport (= 4.1.4)
+    rails (4.2.5)
+      actionmailer (= 4.2.5)
+      actionpack (= 4.2.5)
+      actionview (= 4.2.5)
+      activejob (= 4.2.5)
+      activemodel (= 4.2.5)
+      activerecord (= 4.2.5)
+      activesupport (= 4.2.5)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.1.4)
-      sprockets-rails (~> 2.0)
-    railties (4.1.4)
-      actionpack (= 4.1.4)
-      activesupport (= 4.1.4)
+      railties (= 4.2.5)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.7)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.2)
+      loofah (~> 2.0)
+    railties (4.2.5)
+      actionpack (= 4.2.5)
+      activesupport (= 4.2.5)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (10.3.2)
+    rake (10.5.0)
     rdoc (4.1.1)
       json (~> 1.4)
     rest-client (1.8.0)
@@ -146,25 +170,20 @@ GEM
     shoulda-context (1.2.1)
     shoulda-matchers (2.6.2)
       activesupport (>= 3.0.0)
-    sprockets (2.12.1)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.1.3)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      sprockets (~> 2.8)
+    sprockets (3.5.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.0.0)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
     sqlite3 (1.3.9)
     systemu (2.6.5)
     test-unit (2.5.5)
     thor (0.19.1)
-    thread_safe (0.3.4)
-    tilt (1.4.1)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (1.2.1)
+    thread_safe (0.3.5)
+    thread_safe (0.3.5-java)
+    tzinfo (1.2.2)
       thread_safe (~> 0.1)
     unf (0.1.4)
       unf_ext
@@ -182,10 +201,13 @@ DEPENDENCIES
   database_cleaner
   jeweler
   jquery-rails
-  maestrano (~> 0.12.0)
+  maestrano (~> 0.12.1)
   mocha
   mongoid
   rails
   shoulda
   sqlite3
   test-unit
+BUNDLED WITH
+   1.10.6

data/app/controllers/maestrano/rails/saml_base_controller.rb CHANGED Viewed

@@ -3,12 +3,10 @@ class Maestrano::Rails::SamlBaseController < ApplicationController
   protect_from_forgery :except => [:consume]
   around_filter :saml_response_transaction, only: [:consume]
-  # GET /maestrano/auth/saml/init
   # GET /maestrano/auth/saml/init/:tenant
   #
   # Initialize the SAML request and redirects the user to Maestrano
   def init
-    session[:tenant] = params[:tenant]
     redirect_to Maestrano::Saml::Request[params[:tenant]].new(params, session).redirect_url
   end

data/lib/generators/active_record/maestrano_group_generator.rb CHANGED Viewed

@@ -31,6 +31,7 @@ module ActiveRecord
       ## User source identification fields
       t.string :provider
       t.string :uid
+      t.string :tenant
 RUBY
       end
     end

data/lib/generators/active_record/maestrano_user_generator.rb CHANGED Viewed

@@ -31,6 +31,7 @@ module ActiveRecord
       ## User source identification fields
       t.string :provider
       t.string :uid
+      t.string :tenant
 RUBY
       end
     end

data/lib/generators/maestrano/initializer_generator.rb ADDED Viewed

@@ -0,0 +1,12 @@
+module Maestrano
+  module Generators
+    class InitializerGenerator < ::Rails::Generators::Base
+      source_root File.expand_path("../templates", __FILE__)
+      desc "Creates a Maestrano initializer and a customizable controller for SAML Single Sign-On"
+      def copy_initializer
+        template "maestrano.rb", "config/initializers/maestrano.rb"
+      end
+    end
+  end
+end

data/lib/generators/maestrano/install_generator.rb CHANGED Viewed

@@ -1,25 +1,27 @@
+require_relative 'initializer_generator'
 module Maestrano
   module Generators
     class InstallGenerator < ::Rails::Generators::Base
       source_root File.expand_path("../templates", __FILE__)
       desc "Creates a Maestrano initializer and a customizable controller for SAML Single Sign-On"
       def copy_initializer
-        template "maestrano.rb", "config/initializers/maestrano.rb"
+        Maestrano::Generators::InitializerGenerator.new('maestrano:initializer').invoke_all
       end
       def copy_saml_controller
         template "saml_controller.rb", "app/controllers/maestrano/auth/saml_controller.rb"
       end
       def copy_account_groups_controller
         template "groups_controller.rb", "app/controllers/maestrano/account/groups_controller.rb"
       end
       def copy_account_group_users_controller
         template "group_users_controller.rb", "app/controllers/maestrano/account/group_users_controller.rb"
       end
       def add_maestrano_routes
         maestrano_routes = <<-CONTENT
 maestrano_routes

data/lib/generators/maestrano/orm_helpers.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Maestrano
         if model_type == 'user'
           buffer = <<-CONTENT
   # Enable Maestrano for this user
-  maestrano_user_via :provider, :uid do |user,maestrano|
+  maestrano_user_via :provider, :uid, :tenant do |user,maestrano|
     user.name = maestrano.first_name
     user.surname = maestrano.last_name
     user.email = maestrano.email
@@ -20,7 +20,7 @@ CONTENT
         else
           buffer = <<-CONTENT
   # Enable Maestrano for this group
-  maestrano_group_via :provider, :uid do |group, maestrano|
+  maestrano_group_via :provider, :uid, :tenant do |group, maestrano|
     group.name = (maestrano.company_name || "Default Group name")
     # group.principal_email = maestrano.email
     # group.city = maestrano.city

data/lib/generators/maestrano/templates/group_users_controller.rb CHANGED Viewed

@@ -1,11 +1,12 @@
 class Maestrano::Account::GroupUsersController < Maestrano::Rails::WebHookController
-  # DELETE /maestrano/account/groups/cld-1/users/usr-1
+  # DELETE /maestrano/account/groups/cld-1/users/usr-1/:tenant
   # Remove a user from a group
   def destroy
     # Set the right uid based on Maestrano.param('sso.creation_mode')
     user_uid = Maestrano.mask_user(params[:id],params[:group_id])
     group_uid = params[:group_id]
+    tenant = params[:tenant]
     # Perform association deletion steps here
     # --
@@ -13,8 +14,8 @@ class Maestrano::Account::GroupUsersController < Maestrano::Rails::WebHookContro
     # then you might want to just delete/cancel/block the user
     #
     # E.g
-    # user = User.find_by_provider_and_uid('maestrano',user_uid)
-    # organization = Organization.find_by_provider_and_uid('maestrano',group_uid)
+    # user = User.find_by_tenant_and_uid(tenant, user_uid)
+    # organization = Organization.find_by_tenant_and_uid(tenant ,group_uid)
     #
     # if Maestrano.param('sso.creation_mode') == 'virtual'
     #  user.destroy

data/lib/generators/maestrano/templates/groups_controller.rb CHANGED Viewed

@@ -1,9 +1,10 @@
 class Maestrano::Account::GroupsController < Maestrano::Rails::WebHookController
-  # DELETE /maestrano/account/groups/cld-1
+  # DELETE /maestrano/account/groups/cld-1/:tenant
   # Delete an entire group
   def destroy
     group_uid = params[:id]
+    tenant = params[:tenant]
     # Perform deletion steps here
     # --
@@ -15,7 +16,7 @@ class Maestrano::Account::GroupsController < Maestrano::Rails::WebHookController
     # that group
     # --
     # E.g:
-    # organization = Organization.find_by_provider_and_uid('maestrano',group_uid)
+    # organization = Organization.find_by_tenant_and_uid(tenant, group_uid)
     #
     # amount_cents = organization.calculate_total_due_remaining
     # Maestrano::Account::Bill.create({

data/lib/generators/maestrano/templates/maestrano.rb CHANGED Viewed

@@ -52,7 +52,7 @@ Maestrano.configure do |config|
   # generated when you run 'rake maestrano:install' and is available at
   # <rails_root>/app/controllers/maestrano/auth/saml.rb
   #
-  # config.sso.init_path = '/maestrano/auth/saml/init'
+  config.sso.init_path = '/maestrano/auth/saml/init/default'
   # ==> SSO Consumer endpoint
   # This is your application path to the SAML endpoint that allows users to
@@ -63,7 +63,7 @@ Maestrano.configure do |config|
   # generated when you run 'rake maestrano:install' and is available at
   # <rails_root>/app/controllers/maestrano/auth/saml.rb
   #
-  # config.sso.consume_path = '/maestrano/auth/saml/consume'
+  config.sso.consume_path = '/maestrano/auth/saml/consume/default'
   # ==> Single Logout activation
   # Enable/Disable single logout. When troubleshooting authentication issues
@@ -121,8 +121,8 @@ Maestrano.configure do |config|
   # you run 'rake maestrano:install' and is available under
   # <rails_root>/app/controllers/maestrano/account/
   #
-  # config.webhook.account.groups_path = '/maestrano/account/groups/:id',
-  # config.webhook.account.group_users_path = '/maestrano/account/groups/:group_id/users/:id',
+  config.webhook.account.groups_path = '/maestrano/account/groups/:id/default'
+  config.webhook.account.group_users_path = '/maestrano/account/groups/:group_id/users/:id/default'
 end
 # Example of multi-tenant configuration
@@ -132,4 +132,9 @@ Maestrano['other-tenant'].configure do |config|
   config.api.id = (config.environment == 'production' ? 'prod_app_id' : 'sandbox_app_id')
   config.api.key = (config.environment == 'production' ? 'prod_api_key' : 'sandbox_api_key')
+  config.sso.init_path = '/maestrano/auth/saml/init/other-tenant'
+  config.sso.consume_path = '/maestrano/auth/saml/consume/other-tenant'
+  config.webhook.account.groups_path = '/maestrano/account/groups/:id/other-tenant'
+  config.webhook.account.group_users_path = '/maestrano/account/groups/:group_id/users/:id/other-tenant'
 end

data/lib/generators/maestrano/templates/saml_controller.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 class Maestrano::Auth::SamlController < Maestrano::Rails::SamlBaseController
-  #== POST '/maestrano/auth/saml/consume'
+  #== POST '/maestrano/auth/saml/consume/:tenant'
   # Final phase of the Single Sign-On handshake. Find or create
   # the required resources (user and group) and sign the user
   # in
@@ -25,6 +25,11 @@ class Maestrano::Auth::SamlController < Maestrano::Rails::SamlBaseController
     # user = User.find_or_create_for_maestrano(user_auth_hash)
     # organization = Organization.find_or_create_for_maestrano(group_auth_hash)
     #
+    # user.tenant = params[:tenant]
+    # user.save
+    # organization.tenant = params[:tenant]
+    # organization.save
+    #
     #
     ### 2) Add the user to the group if not already a member
     ### --

data/lib/generators/mongoid/maestrano_group_generator.rb CHANGED Viewed

@@ -19,6 +19,7 @@ module Mongoid
   ## User source identification fields
   field :provider,  type: String, default: ""
   field :uid,       type: String, default: ""
+  field :tenant,    type: String, default: ""
 RUBY
       end
     end

data/lib/generators/mongoid/maestrano_user_generator.rb CHANGED Viewed

@@ -19,6 +19,7 @@ module Mongoid
   ## User source identification fields
   field :provider,  type: String, default: ""
   field :uid,       type: String, default: ""
+  field :tenant,    type: String, default: ""
 RUBY
       end
     end

data/lib/maestrano/rails/models/maestrano_auth_resource.rb CHANGED Viewed

@@ -13,9 +13,9 @@ module Maestrano
       module ClassMethods
         # Configure a user model with mapping to SSO fields
         # and add user behaviour
-        def maestrano_user_via(provider_field,uid_field, &block)
+        def maestrano_user_via(provider_field, uid_field, tenant_field, &block)
           extend Maestrano::Rails::MaestranoAuthResource::LocalClassGenericMethods
-          self.maestrano_generic_configurator(provider_field,uid_field, &block)
+          self.maestrano_generic_configurator(provider_field, uid_field, tenant_field, &block)
           include Maestrano::Rails::MaestranoAuthResource::LocalInstanceUserMethods
@@ -27,9 +27,9 @@ module Maestrano
         # Configure a group model with mapping to SSO fields
         # and add group behaviour
-        def maestrano_group_via(provider_field,uid_field, &block)
+        def maestrano_group_via(provider_field, uid_field, tenant_field, &block)
           extend Maestrano::Rails::MaestranoAuthResource::LocalClassGenericMethods
-          self.maestrano_generic_configurator(provider_field,uid_field, &block)
+          self.maestrano_generic_configurator(provider_field, uid_field, tenant_field, &block)
           include Maestrano::Rails::MaestranoAuthResource::LocalInstanceGroupMethods
         end
@@ -38,11 +38,12 @@ module Maestrano
       # Actual class methods - injected after behaviour
       # has been added (don't polute the model scope)
       module LocalClassGenericMethods
-        def maestrano_generic_configurator(provider_field,uid_field, &block)
+        def maestrano_generic_configurator(provider_field, uid_field, tenant_field, &block)
           cattr_accessor :maestrano_options
           self.maestrano_options = {
             provider: provider_field.to_s,
             uid: uid_field.to_s,
+            tenant: tenant_field.to_s,
             mapping: block
           }
@@ -51,11 +52,12 @@ module Maestrano
         # Find the resource based on provider and uid fields or create
         # it using the mapping block defined at the model level
-        def find_or_create_for_maestrano(auth_hash)
+        def find_or_create_for_maestrano(auth_hash, tenant='default')
           # Look for the entity first
           entity = self.where(
             self.maestrano_options[:provider].to_sym => auth_hash[:provider],
             self.maestrano_options[:uid].to_sym => auth_hash[:uid],
+            self.maestrano_options[:tenant].to_sym => tenant
           ).first
           # Create it otherwise
@@ -78,11 +80,12 @@ module Maestrano
             end
             # Call mapping block
-            self.maestrano_options[:mapping].call(entity,info,extra)
+            self.maestrano_options[:mapping].call(entity, info, extra)
-            # Finally set provider and uid then save
-            entity.send("#{self.maestrano_options[:provider]}=",auth_hash[:provider])
-            entity.send("#{self.maestrano_options[:uid]}=",auth_hash[:uid])
+            # Finally set provider, uid and tenant then save
+            entity.send("#{self.maestrano_options[:provider]}=", auth_hash[:provider])
+            entity.send("#{self.maestrano_options[:uid]}=", auth_hash[:uid])
+            entity.send("#{self.maestrano_options[:tenant]}=", tenant)
             entity.save!
           end

data/lib/maestrano/rails/routing/routes.rb CHANGED Viewed

@@ -3,22 +3,41 @@ module ActionDispatch::Routing
     def maestrano_routes
       namespace :maestrano do
         scope module: :rails do
+          # GET /maestrano/metadata
           get '/metadata', to: 'metadata#index'
-          get '/metadata/:tenant', to: 'metadata#index', as: 'tenant'
+          # GET /maestrano/metadata/mytenant
+          get '/metadata/:tenant', to: 'metadata#index'
         end
         namespace :auth do
           resources :saml, only:[] do
-            get 'init', on: :collection
-            get 'init/:tenant', on: :collection, to: 'saml#init', as: 'tenant'
-            post 'consume', on: :collection
+            # GET /maestrano/auth/saml/init
+            get 'init', on: :collection, to: 'saml#init', as: :default
+            # GET /maestrano/auth/saml/init/mytenant
+            get 'init/:tenant', on: :collection, to: 'saml#init', as: :tenant
+            # POST /maestrano/auth/saml/consume
+            post 'consume', on: :collection, to: 'saml#consume'
+            # POST /maestrano/auth/saml/consume/mytenant
+            post 'consume/:tenant', on: :collection, to: 'saml#consume'
           end
         end
         namespace :account do
-          resources :groups, only: [:destroy] do
-            resources :users, only: [:destroy], controller: 'group_users'
-          end
+          # DELETE /maestrano/account/groups/cld-1234
+          delete 'groups/:id', to: 'groups#destroy'
+          # DELETE /maestrano/account/groups/cld-1234/mytenant
+          delete 'groups/:id/:tenant', to: 'groups#destroy'
+          # DELETE /maestrano/account/groups/cld-1234/users/usr-1234
+          delete 'groups/:group_id/users/:id', to: 'group_users#destroy'
+          # DELETE /maestrano/account/groups/cld-1234/users/usr-1234/mytenant
+          delete 'groups/:group_id/users/:id/:tenant', to: 'group_users#destroy'
         end
       end
     end