multi-tenant-support 1.0.4 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +135 -2
- data/lib/multi_tenant_support/concern/controller_concern.rb +12 -1
- data/lib/multi_tenant_support/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1519c4812629d4b3e66708ab8aaffca8925fe23cc75924e55d57a010dbd71022
|
|
4
|
+
data.tar.gz: 8de09d069ac3d0cb813b513fd77948e481682d4cef114f6054ab9c6089ea0df1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1dd7e70f8992e1bb9675e0e5dc4136a6395012b241eab4b022db02e3066d092449af6b69bd6532190d9c40de419d6784f3620c9b193bdbf3372f25ec32d11cc1
|
|
7
|
+
data.tar.gz: 1f5ab147795036d550935a3a12ba301a8c54905a3b61b154580401dbd1b9d832edc799ceeaa20d38eecea2086ccc6ccd36d65c6997e88ba6fe2fc8ef41d7a9ca
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# MultiTenantSupport
|
|
2
2
|
|
|
3
|
-
[](https://github.com/hoppergee/multi-tenant-support/actions/workflows/main.yaml)
|
|
3
|
+
[](https://github.com/hoppergee/multi-tenant-support/actions/workflows/main.yaml) [](https://badge.fury.io/rb/multi-tenant-support)
|
|
4
4
|
|
|
5
5
|
|
|
6
6
|
|
|
@@ -14,6 +14,137 @@ Keep your data secure with multi-tenant-support. Prevent most ActiveRecord CRUD
|
|
|
14
14
|
- Auto set current tenant through subdomain and domain in controller
|
|
15
15
|
- Support ActiveJob and Sidekiq
|
|
16
16
|
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
This gem was inspired much from [acts_as_tenant](https://github.com/ErwinM/acts_as_tenant), [multitenant](https://github.com/wireframe/multitenant), [multitenancy](https://github.com/Flipkart/multitenancy/blob/master/lib/multitenancy/model_extensions.rb), [rails-multitenant](https://github.com/salsify/rails-multitenant), [activerecord-firewall](https://github.com/Shopify/activerecord-firewall), [milia](https://github.com/jekuno/milia).
|
|
20
|
+
|
|
21
|
+
But it does more than them, and highly focuses on ActiveRecord data leak protection.
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
## What make it differnce on details
|
|
26
|
+
|
|
27
|
+
It protects data in every scenario in great detail. Currently, you can't find any multi-tenant gems doing a full data leak protect on ActiveRecord. But this gem does it.
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
Our protection code mainly focus on 5 scenarios:
|
|
31
|
+
|
|
32
|
+
- Action by tenant
|
|
33
|
+
- `CurrentTenantSupport.current_tenant` exists
|
|
34
|
+
- `CurrentTenantSupport.allow_read_across_tenant` is false (default)
|
|
35
|
+
- Action by wrong tenant
|
|
36
|
+
- `CurrentTenantSupport.current_tenant` does not match `target_record.account`
|
|
37
|
+
- `CurrentTenantSupport.allow_read_across_tenant` is false (default)
|
|
38
|
+
- Action when missing tenant
|
|
39
|
+
- `CurrentTenantSupport.current_tenant` is nil
|
|
40
|
+
- `CurrentTenantSupport.allow_read_across_tenant` is false (default)
|
|
41
|
+
- Action by super admin but readonly
|
|
42
|
+
- `CurrentTenantSupport.current_tenant` is nil
|
|
43
|
+
- `CurrentTenantSupport.allow_read_across_tenant` is true
|
|
44
|
+
- Action by super admin but want modify on a specific tenant
|
|
45
|
+
- `CurrentTenantSupport.current_tenant` is nil
|
|
46
|
+
- `CurrentTenantSupport.allow_read_across_tenant` is true
|
|
47
|
+
- Run code in the block of `CurrentTenantSupport.under_tenant`
|
|
48
|
+
|
|
49
|
+
|
|
50
|
+
Below are the behaviour of all ActiveRecord CRUD methods under abvove scenarios:
|
|
51
|
+
|
|
52
|
+
### Protect on read
|
|
53
|
+
|
|
54
|
+
|
|
55
|
+
| Read By | tenant | missing tenant | super admin | super admin(modify on a specific tenant) |
|
|
56
|
+
| -------- | ------ | -------------- | ----------- | ---------------------------------------- |
|
|
57
|
+
| count | 🍕 | 🚫 | 🌎 | 🍕 |
|
|
58
|
+
| first | 🍕 | 🚫 | 🌎 | 🍕 |
|
|
59
|
+
| last | 🍕 | 🚫 | 🌎 | 🍕 |
|
|
60
|
+
| where | 🍕 | 🚫 | 🌎 | 🍕 |
|
|
61
|
+
| find_by | 🍕 | 🚫 | 🌎 | 🍕 |
|
|
62
|
+
| unscoped | 🍕 | 🚫 | 🌎 | 🍕 |
|
|
63
|
+
|
|
64
|
+
🍕 scoped ​ ​ ​ 🌎 ​ unscoped ​ ​ ​ ✅ ​ allow ​ ​ ​ 🚫 ​ disallow ​ ​ ​ ⚠️ ​ Not protected
|
|
65
|
+
|
|
66
|
+
<br>
|
|
67
|
+
|
|
68
|
+
### Protect on initialize
|
|
69
|
+
|
|
70
|
+
| Initialize by | tenant | wrong tenant | missing tenant | super admin | super admin(modify on a specific tenant) |
|
|
71
|
+
| ------------------ | ------ | ------------ | -------------- | ----------- | ---------------------------------------- |
|
|
72
|
+
| new | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
73
|
+
| build | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
74
|
+
| reload | ✅ | 🚫 | 🚫 | ✅ | ✅ |
|
|
75
|
+
|
|
76
|
+
🍕 scoped ​ ​ ​ 🌎 ​ unscoped ​ ​ ​ ✅ ​ allow ​ ​ ​ 🚫 ​ disallow ​ ​ ​ ⚠️ ​ Not protected
|
|
77
|
+
|
|
78
|
+
<br>
|
|
79
|
+
|
|
80
|
+
|
|
81
|
+
### Protect on create
|
|
82
|
+
|
|
83
|
+
| create by | tenant | wrong tenant | missing tenant | super admin | super admin(modify on a specific tenant) |
|
|
84
|
+
| ----------- | ------ | ------------ | -------------- | ----------- | ---------------------------------------- |
|
|
85
|
+
| save | ✅ ​ 🍕 | 🚫 | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
86
|
+
| save! | ✅ ​ 🍕 | 🚫 | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
87
|
+
| create | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
88
|
+
| create! | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
89
|
+
| insert | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
90
|
+
| insert! | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
91
|
+
| insert_all | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
92
|
+
| insert_all! | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
93
|
+
|
|
94
|
+
🍕 scoped ​ ​ ​ 🌎 ​ unscoped ​ ​ ​ ✅ ​ allow ​ ​ ​ 🚫 ​ disallow ​ ​ ​ ⚠️ ​ Not protected
|
|
95
|
+
|
|
96
|
+
<br>
|
|
97
|
+
|
|
98
|
+
|
|
99
|
+
### Protect on tenant assign
|
|
100
|
+
|
|
101
|
+
| Manual assign or update tenant by | tenant | missing tenant | super admin | super admin(modify on a specific tenant) |
|
|
102
|
+
| --------------------------------- | ------ | -------------- | ----------- | ---------------------------------------- |
|
|
103
|
+
| account= | 🚫 | 🚫 | 🚫 | 🚫 |
|
|
104
|
+
| account_id= | 🚫 | 🚫 | 🚫 | 🚫 |
|
|
105
|
+
| update(account:) | 🚫 | 🚫 | 🚫 | 🚫 |
|
|
106
|
+
| update(account_id:) | 🚫 | 🚫 | 🚫 | 🚫 |
|
|
107
|
+
|
|
108
|
+
🍕 scoped ​ ​ ​ 🌎 ​ unscoped ​ ​ ​ ✅ ​ allow ​ ​ ​ 🚫 ​ disallow ​ ​ ​ ⚠️ ​ Not protected
|
|
109
|
+
|
|
110
|
+
<br>
|
|
111
|
+
|
|
112
|
+
|
|
113
|
+
### Protect on update
|
|
114
|
+
|
|
115
|
+
| Update by | tenant | wrong tenant | missing tenant | super admin | super admin(modify on a specific tenant) |
|
|
116
|
+
| ---------------- | ------ | ------------ | -------------- | ----------- | ---------------------------------------- |
|
|
117
|
+
| save | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
118
|
+
| save! | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
119
|
+
| update | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
120
|
+
| update_all | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
121
|
+
| update_attribute | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
122
|
+
| update_columns | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
123
|
+
| update_column | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
124
|
+
| upsert_all | ⚠️ | - | 🚫 | ⚠️ | ⚠️ |
|
|
125
|
+
| upsert | ⚠️ | - | 🚫 | ⚠️ | ⚠️ |
|
|
126
|
+
|
|
127
|
+
🍕 scoped ​ ​ ​ 🌎 ​ unscoped ​ ​ ​ ✅ ​ allow ​ ​ ​ 🚫 ​ disallow ​ ​ ​ ⚠️ ​ Not protected
|
|
128
|
+
|
|
129
|
+
<br>
|
|
130
|
+
|
|
131
|
+
|
|
132
|
+
### Protect on delete
|
|
133
|
+
|
|
134
|
+
| Delete by | tenant | wrong tenant | missing tenant | super admin | super admin(modify on a specific tenant) |
|
|
135
|
+
| ----------- | ------ | ------------ | -------------- | ----------- | ---------------------------------------- |
|
|
136
|
+
| destroy | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
137
|
+
| destroy! | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
138
|
+
| destroy_all | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
139
|
+
| destroy_by | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
140
|
+
| delete_all | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
141
|
+
| delete_by | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
142
|
+
|
|
143
|
+
🍕 scoped ​ ​ ​ 🌎 ​ unscoped ​ ​ ​ ✅ ​ allow ​ ​ ​ 🚫 ​ disallow ​ ​ ​ ⚠️ ​ Not protected
|
|
144
|
+
|
|
145
|
+
<br>
|
|
146
|
+
|
|
147
|
+
|
|
17
148
|
## Installation
|
|
18
149
|
|
|
19
150
|
1. Add this line to your application's Gemfile:
|
|
@@ -234,7 +365,7 @@ end
|
|
|
234
365
|
<td>account=</td>
|
|
235
366
|
<td>🔒</td>
|
|
236
367
|
<td>upsert</td>
|
|
237
|
-
<td
|
|
368
|
+
<td>⚠️ (Partial)</td>
|
|
238
369
|
</tr>
|
|
239
370
|
<tr>
|
|
240
371
|
<td>first</td>
|
|
@@ -310,6 +441,7 @@ end
|
|
|
310
441
|
</table>
|
|
311
442
|
|
|
312
443
|
|
|
444
|
+
|
|
313
445
|
## Development
|
|
314
446
|
|
|
315
447
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
@@ -323,3 +455,4 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/hopper
|
|
|
323
455
|
## License
|
|
324
456
|
|
|
325
457
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
|
458
|
+
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
module MultiTenantSupport
|
|
2
|
+
|
|
2
3
|
module ControllerConcern
|
|
3
4
|
extend ActiveSupport::Concern
|
|
4
5
|
|
|
5
6
|
included do
|
|
6
|
-
|
|
7
|
+
include ViewHelper
|
|
7
8
|
|
|
8
9
|
before_action :set_current_tenant_account
|
|
9
10
|
|
|
@@ -23,8 +24,18 @@ module MultiTenantSupport
|
|
|
23
24
|
end
|
|
24
25
|
end
|
|
25
26
|
end
|
|
27
|
+
|
|
28
|
+
module ViewHelper
|
|
29
|
+
define_method(MultiTenantSupport.current_tenant_account_method) do
|
|
30
|
+
instance_variable_get("@#{MultiTenantSupport.current_tenant_account_method}")
|
|
31
|
+
end
|
|
32
|
+
end
|
|
26
33
|
end
|
|
27
34
|
|
|
28
35
|
ActiveSupport.on_load(:action_controller) do |base|
|
|
29
36
|
base.include MultiTenantSupport::ControllerConcern
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
ActiveSupport.on_load(:action_view) do |base|
|
|
40
|
+
base.include MultiTenantSupport::ViewHelper
|
|
30
41
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: multi-tenant-support
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hopper Gee
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-10-
|
|
11
|
+
date: 2021-10-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|