multi-tenant-support 1.0.4 → 1.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +135 -2
- data/lib/multi_tenant_support/concern/controller_concern.rb +12 -1
- data/lib/multi_tenant_support/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1519c4812629d4b3e66708ab8aaffca8925fe23cc75924e55d57a010dbd71022
|
|
4
|
+
data.tar.gz: 8de09d069ac3d0cb813b513fd77948e481682d4cef114f6054ab9c6089ea0df1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1dd7e70f8992e1bb9675e0e5dc4136a6395012b241eab4b022db02e3066d092449af6b69bd6532190d9c40de419d6784f3620c9b193bdbf3372f25ec32d11cc1
|
|
7
|
+
data.tar.gz: 1f5ab147795036d550935a3a12ba301a8c54905a3b61b154580401dbd1b9d832edc799ceeaa20d38eecea2086ccc6ccd36d65c6997e88ba6fe2fc8ef41d7a9ca
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# MultiTenantSupport
|
|
2
2
|
|
|
3
|
-
[](https://github.com/hoppergee/multi-tenant-support/actions/workflows/main.yaml)
|
|
3
|
+
[](https://github.com/hoppergee/multi-tenant-support/actions/workflows/main.yaml) [](https://badge.fury.io/rb/multi-tenant-support)
|
|
4
4
|
|
|
5
5
|
|
|
6
6
|
|
|
@@ -14,6 +14,137 @@ Keep your data secure with multi-tenant-support. Prevent most ActiveRecord CRUD
|
|
|
14
14
|
- Auto set current tenant through subdomain and domain in controller
|
|
15
15
|
- Support ActiveJob and Sidekiq
|
|
16
16
|
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
This gem was inspired much from [acts_as_tenant](https://github.com/ErwinM/acts_as_tenant), [multitenant](https://github.com/wireframe/multitenant), [multitenancy](https://github.com/Flipkart/multitenancy/blob/master/lib/multitenancy/model_extensions.rb), [rails-multitenant](https://github.com/salsify/rails-multitenant), [activerecord-firewall](https://github.com/Shopify/activerecord-firewall), [milia](https://github.com/jekuno/milia).
|
|
20
|
+
|
|
21
|
+
But it does more than them, and highly focuses on ActiveRecord data leak protection.
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
## What make it differnce on details
|
|
26
|
+
|
|
27
|
+
It protects data in every scenario in great detail. Currently, you can't find any multi-tenant gems doing a full data leak protect on ActiveRecord. But this gem does it.
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
Our protection code mainly focus on 5 scenarios:
|
|
31
|
+
|
|
32
|
+
- Action by tenant
|
|
33
|
+
- `CurrentTenantSupport.current_tenant` exists
|
|
34
|
+
- `CurrentTenantSupport.allow_read_across_tenant` is false (default)
|
|
35
|
+
- Action by wrong tenant
|
|
36
|
+
- `CurrentTenantSupport.current_tenant` does not match `target_record.account`
|
|
37
|
+
- `CurrentTenantSupport.allow_read_across_tenant` is false (default)
|
|
38
|
+
- Action when missing tenant
|
|
39
|
+
- `CurrentTenantSupport.current_tenant` is nil
|
|
40
|
+
- `CurrentTenantSupport.allow_read_across_tenant` is false (default)
|
|
41
|
+
- Action by super admin but readonly
|
|
42
|
+
- `CurrentTenantSupport.current_tenant` is nil
|
|
43
|
+
- `CurrentTenantSupport.allow_read_across_tenant` is true
|
|
44
|
+
- Action by super admin but want modify on a specific tenant
|
|
45
|
+
- `CurrentTenantSupport.current_tenant` is nil
|
|
46
|
+
- `CurrentTenantSupport.allow_read_across_tenant` is true
|
|
47
|
+
- Run code in the block of `CurrentTenantSupport.under_tenant`
|
|
48
|
+
|
|
49
|
+
|
|
50
|
+
Below are the behaviour of all ActiveRecord CRUD methods under abvove scenarios:
|
|
51
|
+
|
|
52
|
+
### Protect on read
|
|
53
|
+
|
|
54
|
+
|
|
55
|
+
| Read By | tenant | missing tenant | super admin | super admin(modify on a specific tenant) |
|
|
56
|
+
| -------- | ------ | -------------- | ----------- | ---------------------------------------- |
|
|
57
|
+
| count | 🍕 | 🚫 | 🌎 | 🍕 |
|
|
58
|
+
| first | 🍕 | 🚫 | 🌎 | 🍕 |
|
|
59
|
+
| last | 🍕 | 🚫 | 🌎 | 🍕 |
|
|
60
|
+
| where | 🍕 | 🚫 | 🌎 | 🍕 |
|
|
61
|
+
| find_by | 🍕 | 🚫 | 🌎 | 🍕 |
|
|
62
|
+
| unscoped | 🍕 | 🚫 | 🌎 | 🍕 |
|
|
63
|
+
|
|
64
|
+
🍕 scoped ​ ​ ​ 🌎 ​ unscoped ​ ​ ​ ✅ ​ allow ​ ​ ​ 🚫 ​ disallow ​ ​ ​ ⚠️ ​ Not protected
|
|
65
|
+
|
|
66
|
+
<br>
|
|
67
|
+
|
|
68
|
+
### Protect on initialize
|
|
69
|
+
|
|
70
|
+
| Initialize by | tenant | wrong tenant | missing tenant | super admin | super admin(modify on a specific tenant) |
|
|
71
|
+
| ------------------ | ------ | ------------ | -------------- | ----------- | ---------------------------------------- |
|
|
72
|
+
| new | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
73
|
+
| build | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
74
|
+
| reload | ✅ | 🚫 | 🚫 | ✅ | ✅ |
|
|
75
|
+
|
|
76
|
+
🍕 scoped ​ ​ ​ 🌎 ​ unscoped ​ ​ ​ ✅ ​ allow ​ ​ ​ 🚫 ​ disallow ​ ​ ​ ⚠️ ​ Not protected
|
|
77
|
+
|
|
78
|
+
<br>
|
|
79
|
+
|
|
80
|
+
|
|
81
|
+
### Protect on create
|
|
82
|
+
|
|
83
|
+
| create by | tenant | wrong tenant | missing tenant | super admin | super admin(modify on a specific tenant) |
|
|
84
|
+
| ----------- | ------ | ------------ | -------------- | ----------- | ---------------------------------------- |
|
|
85
|
+
| save | ✅ ​ 🍕 | 🚫 | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
86
|
+
| save! | ✅ ​ 🍕 | 🚫 | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
87
|
+
| create | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
88
|
+
| create! | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
89
|
+
| insert | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
90
|
+
| insert! | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
91
|
+
| insert_all | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
92
|
+
| insert_all! | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
93
|
+
|
|
94
|
+
🍕 scoped ​ ​ ​ 🌎 ​ unscoped ​ ​ ​ ✅ ​ allow ​ ​ ​ 🚫 ​ disallow ​ ​ ​ ⚠️ ​ Not protected
|
|
95
|
+
|
|
96
|
+
<br>
|
|
97
|
+
|
|
98
|
+
|
|
99
|
+
### Protect on tenant assign
|
|
100
|
+
|
|
101
|
+
| Manual assign or update tenant by | tenant | missing tenant | super admin | super admin(modify on a specific tenant) |
|
|
102
|
+
| --------------------------------- | ------ | -------------- | ----------- | ---------------------------------------- |
|
|
103
|
+
| account= | 🚫 | 🚫 | 🚫 | 🚫 |
|
|
104
|
+
| account_id= | 🚫 | 🚫 | 🚫 | 🚫 |
|
|
105
|
+
| update(account:) | 🚫 | 🚫 | 🚫 | 🚫 |
|
|
106
|
+
| update(account_id:) | 🚫 | 🚫 | 🚫 | 🚫 |
|
|
107
|
+
|
|
108
|
+
🍕 scoped ​ ​ ​ 🌎 ​ unscoped ​ ​ ​ ✅ ​ allow ​ ​ ​ 🚫 ​ disallow ​ ​ ​ ⚠️ ​ Not protected
|
|
109
|
+
|
|
110
|
+
<br>
|
|
111
|
+
|
|
112
|
+
|
|
113
|
+
### Protect on update
|
|
114
|
+
|
|
115
|
+
| Update by | tenant | wrong tenant | missing tenant | super admin | super admin(modify on a specific tenant) |
|
|
116
|
+
| ---------------- | ------ | ------------ | -------------- | ----------- | ---------------------------------------- |
|
|
117
|
+
| save | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
118
|
+
| save! | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
119
|
+
| update | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
120
|
+
| update_all | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
121
|
+
| update_attribute | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
122
|
+
| update_columns | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
123
|
+
| update_column | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
124
|
+
| upsert_all | ⚠️ | - | 🚫 | ⚠️ | ⚠️ |
|
|
125
|
+
| upsert | ⚠️ | - | 🚫 | ⚠️ | ⚠️ |
|
|
126
|
+
|
|
127
|
+
🍕 scoped ​ ​ ​ 🌎 ​ unscoped ​ ​ ​ ✅ ​ allow ​ ​ ​ 🚫 ​ disallow ​ ​ ​ ⚠️ ​ Not protected
|
|
128
|
+
|
|
129
|
+
<br>
|
|
130
|
+
|
|
131
|
+
|
|
132
|
+
### Protect on delete
|
|
133
|
+
|
|
134
|
+
| Delete by | tenant | wrong tenant | missing tenant | super admin | super admin(modify on a specific tenant) |
|
|
135
|
+
| ----------- | ------ | ------------ | -------------- | ----------- | ---------------------------------------- |
|
|
136
|
+
| destroy | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
137
|
+
| destroy! | ✅ | 🚫 | 🚫 | 🚫 | ✅ |
|
|
138
|
+
| destroy_all | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
139
|
+
| destroy_by | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
140
|
+
| delete_all | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
141
|
+
| delete_by | ✅ ​ 🍕 | - | 🚫 | 🚫 | ✅ ​ 🍕 |
|
|
142
|
+
|
|
143
|
+
🍕 scoped ​ ​ ​ 🌎 ​ unscoped ​ ​ ​ ✅ ​ allow ​ ​ ​ 🚫 ​ disallow ​ ​ ​ ⚠️ ​ Not protected
|
|
144
|
+
|
|
145
|
+
<br>
|
|
146
|
+
|
|
147
|
+
|
|
17
148
|
## Installation
|
|
18
149
|
|
|
19
150
|
1. Add this line to your application's Gemfile:
|
|
@@ -234,7 +365,7 @@ end
|
|
|
234
365
|
<td>account=</td>
|
|
235
366
|
<td>🔒</td>
|
|
236
367
|
<td>upsert</td>
|
|
237
|
-
<td
|
|
368
|
+
<td>⚠️ (Partial)</td>
|
|
238
369
|
</tr>
|
|
239
370
|
<tr>
|
|
240
371
|
<td>first</td>
|
|
@@ -310,6 +441,7 @@ end
|
|
|
310
441
|
</table>
|
|
311
442
|
|
|
312
443
|
|
|
444
|
+
|
|
313
445
|
## Development
|
|
314
446
|
|
|
315
447
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
@@ -323,3 +455,4 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/hopper
|
|
|
323
455
|
## License
|
|
324
456
|
|
|
325
457
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
|
458
|
+
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
module MultiTenantSupport
|
|
2
|
+
|
|
2
3
|
module ControllerConcern
|
|
3
4
|
extend ActiveSupport::Concern
|
|
4
5
|
|
|
5
6
|
included do
|
|
6
|
-
|
|
7
|
+
include ViewHelper
|
|
7
8
|
|
|
8
9
|
before_action :set_current_tenant_account
|
|
9
10
|
|
|
@@ -23,8 +24,18 @@ module MultiTenantSupport
|
|
|
23
24
|
end
|
|
24
25
|
end
|
|
25
26
|
end
|
|
27
|
+
|
|
28
|
+
module ViewHelper
|
|
29
|
+
define_method(MultiTenantSupport.current_tenant_account_method) do
|
|
30
|
+
instance_variable_get("@#{MultiTenantSupport.current_tenant_account_method}")
|
|
31
|
+
end
|
|
32
|
+
end
|
|
26
33
|
end
|
|
27
34
|
|
|
28
35
|
ActiveSupport.on_load(:action_controller) do |base|
|
|
29
36
|
base.include MultiTenantSupport::ControllerConcern
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
ActiveSupport.on_load(:action_view) do |base|
|
|
40
|
+
base.include MultiTenantSupport::ViewHelper
|
|
30
41
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: multi-tenant-support
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hopper Gee
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-10-
|
|
11
|
+
date: 2021-10-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|