rls_multi_tenant 0.1.3 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 17fdf21d2e8cae31d03111544329e425150ced311f780e0b24a65c0f6da1c56f
-  data.tar.gz: 9b897e5953f79279ff81905ee3d80546150aebee2be1bdae8aab7f49468583bf
+  metadata.gz: f313946d33d5edb4a96fec341e7ab62fc325ab0d6700bad0aef7b05d6f240ec4
+  data.tar.gz: 0bbbdf115873c98b5487569cd21e63822fd1b2419b7eec55bbb875a5c131a417
 SHA512:
-  metadata.gz: 9f558b33906ab4350878e1ddff33fa21345d0daaaedc79069d9317dfbbdb925d57138294c8f37534f8ac59ec7b36fd0df747d0a815bf6e7230b1f91c2a8b4c60
-  data.tar.gz: 959bc2c1da5f39193fdbd978420411e0f628eabd2e0f58410a81e05c635ad8dfb23ebc8c00e0727e7b55e223833154d77212bf112342e49a50451481dbc9c9fd
+  metadata.gz: fe257329e8fff95796cc6b4510ce1672ddf16e86b572d0113fedcc902afa69fc7e13d925b4d2d5e0a0bb1a6bcc5692e1bdc477fe8aab365b4b838d3fbedf124f
+  data.tar.gz: 4ad4b27347d478b42e720c33c178eb655860d93809f0403fa58ff5197dbae98e563064e654ea51bdbabf0c3ae272e5871de402e1f6785fac0b3e39971a890341

data/README.md

@@ -32,15 +32,31 @@ bundle install
    rails generate rls_multi_tenant:install
    ```
 
-2. **Configure environment variables:**
+2. **Configure the gem settings:**
+   Edit `config/initializers/rls_multi_tenant.rb` to customize your tenant model:
+   ```ruby
+   RlsMultiTenant.configure do |config|
+     config.tenant_class_name = "Tenant"           # Change to your preferred tenant model name
+     config.tenant_id_column = :tenant_id          # Tenant ID column name
+     config.app_user_env_var = "POSTGRES_APP_USER" # Environment variable for app user
+     config.enable_security_validation = true      # Enable security checks
+   end
+   ```
+
+3. **Configure environment variables:**
    ```bash
    POSTGRES_USER=your_admin_user # This is the user that will run the migrations
    POSTGRES_PASSWORD=your_admin_user_password
    POSTGRES_APP_USER=your_app_user # This is the user that will run the app
-   POSTGRES_APP_PASSWORD=your_password
+   POSTGRES_APP_PASSWORD=your_app_user_password
+   ```
+
+4. **Setup the tenant model and migrations:**
+   ```bash
+   rails generate rls_multi_tenant:setup
    ```
 
-3. **Run migrations:**
+5. **Run migrations:**
    ```bash
    rails db_as:admin[migrate] # Custom rake task to run migrations with admin privileges
    ```
@@ -87,17 +103,19 @@ current_tenant = Tenant.current
 
 ## Configuration
 
-Configure the gem in `config/initializers/rls_multi_tenant.rb`:
+The gem is configured in `config/initializers/rls_multi_tenant.rb` (created by the install generator). You can customize the following options:
 
 ```ruby
 RlsMultiTenant.configure do |config|
-  config.tenant_class_name = "Tenant"           # Your tenant model class
+  config.tenant_class_name = "Tenant"           # Your tenant model class (e.g., "Organization", "Company")
   config.tenant_id_column = :tenant_id          # Tenant ID column name
   config.app_user_env_var = "POSTGRES_APP_USER" # Environment variable for app user
-  config.enable_security_validation = true      # Enable security checks. This will check if the app user is set without superuser privileges.
+  config.enable_security_validation = true      # Enable security checks (prevents running with superuser privileges)
 end
 ```
 
+**Important**: Configure these settings **before** running `rails generate rls_multi_tenant:setup`, as the setup generator will use these values to create the appropriate model and migrations.
+
 ### Database Admin Task
 ```bash
 # Run migrations with admin privileges (required because app user can't run migrations)
@@ -120,9 +138,9 @@ The gem includes multiple security layers:
 
 ## Requirements
 
-- Rails 7.0+
-- PostgreSQL 12+ (with UUID extension support)
-- Ruby 3.0+
+- Rails 6.0+
+- PostgreSQL 9.5+ (with UUID extension support)
+- Ruby 2.7+
 
 ## UUID Support
 

data/lib/rls_multi_tenant/concerns/tenant_context.rb

@@ -5,14 +5,17 @@ module RlsMultiTenant
     module TenantContext
       extend ActiveSupport::Concern
 
-      SET_TENANT_ID_SQL = 'SET rls.tenant_id = %s'.freeze
-      RESET_TENANT_ID_SQL = 'RESET rls.tenant_id'.freeze
+      SET_TENANT_ID_SQL = 'SET %s = %s'.freeze
+      RESET_TENANT_ID_SQL = 'RESET %s'.freeze
 
       class_methods do
+        def tenant_session_var
+          "rls.#{RlsMultiTenant.tenant_id_column}"
+        end
         # Switch tenant context for a block
         def switch(tenant_or_id)
           tenant_id = extract_tenant_id(tenant_or_id)
-          connection.execute format(SET_TENANT_ID_SQL, connection.quote(tenant_id))
+          connection.execute format(SET_TENANT_ID_SQL, tenant_session_var, connection.quote(tenant_id))
           yield
         ensure
           reset!
@@ -21,20 +24,20 @@ module RlsMultiTenant
         # Switch tenant context permanently (until reset)
         def switch!(tenant_or_id)
           tenant_id = extract_tenant_id(tenant_or_id)
-          connection.execute format(SET_TENANT_ID_SQL, connection.quote(tenant_id))
+          connection.execute format(SET_TENANT_ID_SQL, tenant_session_var, connection.quote(tenant_id))
         end
 
         # Reset tenant context
         def reset!
-          connection.execute RESET_TENANT_ID_SQL
+          connection.execute format(RESET_TENANT_ID_SQL, tenant_session_var)
         end
 
         # Get current tenant from context
         def current
           return nil unless connection.active?
 
-          result = connection.execute("SHOW rls.tenant_id")
-          tenant_id = result.first&.dig('rls.tenant_id')
+          result = connection.execute("SHOW #{tenant_session_var}")
+          tenant_id = result.first&.dig(tenant_session_var)
           
           return nil if tenant_id.blank?
           

data/lib/rls_multi_tenant/generators/install/install_generator.rb

@@ -7,51 +7,15 @@ module RlsMultiTenant
     class InstallGenerator < Rails::Generators::Base
       source_root File.expand_path("templates", __dir__)
 
-      desc "Install RLS Multi-tenant gem configuration and initial setup"
+      desc "Install RLS Multi-tenant gem configuration"
 
       def create_initializer
         template "rls_multi_tenant.rb", "config/initializers/rls_multi_tenant.rb"
       end
 
-      def create_tenant_model
-        unless File.exist?(File.join(destination_root, "app/models/tenant.rb"))
-          template "tenant_model.rb", "app/models/tenant.rb"
-        else
-          say "Tenant model already exists, skipping creation", :yellow
-        end
-      end
-
-      def create_db_admin_task
-        unless File.exist?(File.join(destination_root, "lib/tasks/db_admin.rake"))
-          template "db_admin.rake", "lib/tasks/db_admin.rake"
-        else
-          say "Database admin task already exists, skipping creation", :yellow
-        end
-      end
-
-      def create_uuid_migration
-        unless Dir.glob(File.join(destination_root, "db/migrate/*_enable_uuid_extension.rb")).any?
-          create_migration_with_timestamp("enable_uuid", 1)
-        else
-          say "UUID extension migration already exists, skipping creation", :yellow
-        end
-      end
-
-      def create_app_user_migration
-        create_app_user_migrations_for_all_databases
-      end
-
-      def create_tenant_migration
-        unless Dir.glob(File.join(destination_root, "db/migrate/*_create_tenants.rb")).any?
-          create_migration_with_timestamp("create_tenant", 3)
-        else
-          say "Tenant migration already exists, skipping creation", :yellow
-        end
-      end
-
       def show_instructions
         say "\n" + "="*60, :green
-        say "RLS Multi-tenant gem installed successfully!", :green
+        say "RLS Multi-tenant gem configuration installed successfully!", :green
         say "="*60, :green
         say "\nNext steps:", :yellow
         say "1. Configure your environment variables:\n", :yellow
@@ -59,83 +23,18 @@ module RlsMultiTenant
         say "   POSTGRES_PASSWORD=your_admin_user_password", :yellow
         say "   POSTGRES_APP_USER=your_app_user # This is the user that will run the app", :yellow
         say "   POSTGRES_APP_PASSWORD=your_app_user_password", :yellow
-        say "\n2. Make sure to use the POSTGRES_APP_USER in your database.yml.", :yellow
-        say "\n3. Run the migrations with admin privileges:\n", :yellow
+        say "\n2. Configure the gem settings in config/initializers/rls_multi_tenant.rb", :yellow
+        say "   (tenant_class_name, tenant_id_column, app_user_env_var, enable_security_validation)", :yellow
+        say "\n3. Run the setup generator to create the tenant model and migrations:\n", :yellow
+        say "   rails generate rls_multi_tenant:setup", :yellow
+        say "\n4. Make sure to use the POSTGRES_APP_USER in your database.yml.", :yellow
+        say "\n5. Run the migrations with admin privileges:\n", :yellow
         say "   rails db_as:admin[migrate]", :yellow
         say "   Note: We must use the admin user because the app user doesn't have migration privileges", :yellow
-        say "\n4. Use 'rails generate rls_multi_tenant:model' for new multi-tenant models", :yellow
+        say "\n6. Use 'rails generate rls_multi_tenant:model' for new multi-tenant models", :yellow
         say "="*60, :green
       end
 
-      def create_app_user_migrations_for_all_databases
-        # Get database configuration for current environment
-        db_config = Rails.application.config.database_configuration[Rails.env]
-        
-        # Handle both single database and multiple databases configuration
-        databases_to_process = if db_config.is_a?(Hash) && db_config.key?('primary')
-          # Multiple databases configuration
-          db_config
-        else
-          # Single database configuration - treat as primary
-          { 'primary' => db_config }
-        end
-
-        databases_to_process.each do |db_name, config|
-          next if db_name == 'primary' # Skip primary database, handle it separately
-          
-          # Check if migrations_paths is defined for this database
-          if config['migrations_paths']
-            migration_paths = Array(config['migrations_paths'])
-            migration_paths.each do |migration_path|
-              migration_dir = File.join(destination_root, migration_path)
-              
-              # Check if migration already exists in this path
-              unless Dir.glob(File.join(migration_dir, "*_create_app_user.rb")).any?
-                FileUtils.mkdir_p(migration_dir) unless File.directory?(migration_dir)
-                create_migration_with_timestamp_for_path("create_app_user", 2, migration_path)
-                say "Created app user migration for #{db_name} in #{migration_path}", :green
-              else
-                say "App user migration already exists for #{db_name} in #{migration_path}, skipping creation", :yellow
-              end
-            end
-          else
-            say "No migrations_paths defined for database '#{db_name}', skipping app user migration", :yellow
-          end
-        end
-
-        # Handle primary database (default behavior)
-        unless Dir.glob(File.join(destination_root, "db/migrate/*_create_app_user.rb")).any?
-          create_migration_with_timestamp("create_app_user", 2)
-        else
-          say "App user migration already exists for primary database, skipping creation", :yellow
-        end
-      end
-
-      private
-
-      def create_migration_with_timestamp(migration_type, order)
-        base_timestamp = Time.current.strftime("%Y%m%d%H%M")
-        timestamp = "#{base_timestamp}#{sprintf('%02d', order)}"
-        
-        case migration_type
-        when "enable_uuid"
-          template "enable_uuid_extension.rb", "db/migrate/#{timestamp}_enable_uuid_extension.rb"
-        when "create_app_user"
-          template "create_app_user.rb", "db/migrate/#{timestamp}_create_app_user.rb"
-        when "create_tenant"
-          template "create_tenant.rb", "db/migrate/#{timestamp}_create_tenants.rb"
-        end
-      end
-
-      def create_migration_with_timestamp_for_path(migration_type, order, migration_path)
-        base_timestamp = Time.current.strftime("%Y%m%d%H%M")
-        timestamp = "#{base_timestamp}#{sprintf('%02d', order)}"
-        
-        case migration_type
-        when "create_app_user"
-          template "create_app_user.rb", "#{migration_path}/#{timestamp}_create_app_user.rb"
-        end
-      end
     end
   end
 end

data/lib/rls_multi_tenant/generators/migration/migration_generator.rb

@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
 require 'rails/generators'
+require 'rls_multi_tenant/generators/shared/template_helper'
 
 module RlsMultiTenant
   module Generators
     class MigrationGenerator < Rails::Generators::Base
+      include Shared::TemplateHelper
+      
       source_root File.expand_path("templates", __dir__)
 
       argument :migration_type, type: :string, desc: "Type of migration to generate"
@@ -39,13 +42,24 @@ module RlsMultiTenant
       end
 
       def create_tenant_migration
-        timestamp = Time.current.strftime("%Y%m%d%H%M%S")
-        template "create_tenant.rb", "db/migrate/#{timestamp}_create_tenant.rb"
+        tenant_class_name = RlsMultiTenant.tenant_class_name
+        migration_pattern = "*_create_#{tenant_class_name.underscore.pluralize}.rb"
+        
+        unless Dir.glob(File.join(destination_root, "db/migrate/#{migration_pattern}")).any?
+          timestamp = Time.current.strftime("%Y%m%d%H%M%S")
+          render_shared_template "create_tenant.rb", "db/migrate/#{timestamp}_create_#{tenant_class_name.underscore.pluralize}.rb"
+        else
+          say "#{tenant_class_name} migration already exists, skipping creation", :yellow
+        end
       end
 
       def create_enable_uuid_migration
-        timestamp = Time.current.strftime("%Y%m%d%H%M%S")
-        template "enable_uuid_extension.rb", "db/migrate/#{timestamp}_enable_uuid_extension.rb"
+        unless Dir.glob(File.join(destination_root, "db/migrate/*_enable_uuid_extension.rb")).any?
+          timestamp = Time.current.strftime("%Y%m%d%H%M%S")
+          render_shared_template "enable_uuid_extension.rb", "db/migrate/#{timestamp}_enable_uuid_extension.rb"
+        else
+          say "UUID extension migration already exists, skipping creation", :yellow
+        end
       end
 
       def create_app_user_migrations_for_all_databases
@@ -72,7 +86,7 @@ module RlsMultiTenant
               FileUtils.mkdir_p(migration_dir) unless File.directory?(migration_dir)
               
               timestamp = Time.current.strftime("%Y%m%d%H%M%S")
-              template "create_app_user.rb", "#{migration_path}/#{timestamp}_create_app_user.rb"
+              render_shared_template "create_app_user.rb", "#{migration_path}/#{timestamp}_create_app_user.rb"
               say "Created app user migration for #{db_name} in #{migration_path}", :green
             end
           else
@@ -82,7 +96,7 @@ module RlsMultiTenant
 
         # Handle primary database (default behavior)
         timestamp = Time.current.strftime("%Y%m%d%H%M%S")
-        template "create_app_user.rb", "db/migrate/#{timestamp}_create_app_user.rb"
+        render_shared_template "create_app_user.rb", "db/migrate/#{timestamp}_create_app_user.rb"
         say "Created app user migration for primary database", :green
       end
 

data/lib/rls_multi_tenant/generators/migration/templates/enable_rls.rb

@@ -6,7 +6,7 @@ class EnableRlsFor<%= table_name.camelize %> < ActiveRecord::Migration[<%= Rails
         execute 'ALTER TABLE <%= table_name %> ENABLE ROW LEVEL SECURITY'
         
         # Create RLS policy
-        execute "CREATE POLICY <%= table_name %>_app_user ON <%= table_name %> TO #{ENV['<%= RlsMultiTenant.app_user_env_var %>']} USING (<%= RlsMultiTenant.tenant_id_column %> = NULLIF(current_setting('rls.tenant_id', TRUE), '')::uuid)"
+        execute "CREATE POLICY <%= table_name %>_app_user ON <%= table_name %> TO #{ENV['<%= RlsMultiTenant.app_user_env_var %>']} USING (<%= RlsMultiTenant.tenant_id_column %> = NULLIF(current_setting('rls.<%= RlsMultiTenant.tenant_id_column %>', TRUE), '')::uuid)"
         
         # Grant permissions
         execute "GRANT SELECT, INSERT, UPDATE, DELETE ON <%= table_name %> TO #{ENV['<%= RlsMultiTenant.app_user_env_var %>']}"

data/lib/rls_multi_tenant/generators/setup/setup_generator.rb

@@ -0,0 +1,149 @@
+# frozen_string_literal: true
+
+require 'rails/generators'
+require 'rls_multi_tenant/generators/shared/template_helper'
+
+module RlsMultiTenant
+  module Generators
+    class SetupGenerator < Rails::Generators::Base
+      include Shared::TemplateHelper
+      
+      source_root File.expand_path("templates", __dir__)
+
+      desc "Setup RLS Multi-tenant gem with tenant model and migrations"
+
+      def create_tenant_model
+        tenant_class_name = RlsMultiTenant.tenant_class_name
+        tenant_file_path = "app/models/#{tenant_class_name.underscore}.rb"
+        
+        unless File.exist?(File.join(destination_root, tenant_file_path))
+          template "tenant_model.rb", tenant_file_path
+        else
+          say "#{tenant_class_name} model already exists, skipping creation", :yellow
+        end
+      end
+
+      def create_db_admin_task
+        unless File.exist?(File.join(destination_root, "lib/tasks/db_admin.rake"))
+          copy_shared_template "db_admin.rake", "lib/tasks/db_admin.rake"
+        else
+          say "Database admin task already exists, skipping creation", :yellow
+        end
+      end
+
+      def create_uuid_migration
+        unless Dir.glob(File.join(destination_root, "db/migrate/*_enable_uuid_extension.rb")).any?
+          create_migration_with_timestamp("enable_uuid", 1)
+        else
+          say "UUID extension migration already exists, skipping creation", :yellow
+        end
+      end
+
+      def create_app_user_migration
+        create_app_user_migrations_for_all_databases
+      end
+
+      def create_tenant_migration
+        tenant_class_name = RlsMultiTenant.tenant_class_name
+        migration_pattern = "*_create_#{tenant_class_name.underscore.pluralize}.rb"
+        
+        unless Dir.glob(File.join(destination_root, "db/migrate/#{migration_pattern}")).any?
+          create_migration_with_timestamp("create_tenant", 3)
+        else
+          say "#{tenant_class_name} migration already exists, skipping creation", :yellow
+        end
+      end
+
+      def show_instructions
+        tenant_class_name = RlsMultiTenant.tenant_class_name
+        say "\n" + "="*60, :green
+        say "RLS Multi-tenant setup completed successfully!", :green
+        say "="*60, :green
+        say "\nCreated:", :yellow
+        say "• #{tenant_class_name} model", :green
+        say "• Database admin task", :green
+        say "• UUID extension migration", :green
+        say "• App user migration(s)", :green
+        say "• #{tenant_class_name} migration", :green
+        say "\nNext steps:", :yellow
+        say "1. Make sure to use the POSTGRES_APP_USER in your database.yml.", :yellow
+        say "\n2. Run the migrations with admin privileges:\n", :yellow
+        say "   rails db_as:admin[migrate]", :yellow
+        say "   Note: We must use the admin user because the app user doesn't have migration privileges", :yellow
+        say "\n3. Use 'rails generate rls_multi_tenant:model' for new multi-tenant models", :yellow
+        say "="*60, :green
+      end
+
+      private
+
+      def create_app_user_migrations_for_all_databases
+        # Get database configuration for current environment
+        db_config = Rails.application.config.database_configuration[Rails.env]
+        
+        # Handle both single database and multiple databases configuration
+        databases_to_process = if db_config.is_a?(Hash) && db_config.key?('primary')
+          # Multiple databases configuration
+          db_config
+        else
+          # Single database configuration - treat as primary
+          { 'primary' => db_config }
+        end
+
+        databases_to_process.each do |db_name, config|
+          next if db_name == 'primary' # Skip primary database, handle it separately
+          
+          # Check if migrations_paths is defined for this database
+          if config['migrations_paths']
+            migration_paths = Array(config['migrations_paths'])
+            migration_paths.each do |migration_path|
+              migration_dir = File.join(destination_root, migration_path)
+              
+              # Check if migration already exists in this path
+              unless Dir.glob(File.join(migration_dir, "*_create_app_user.rb")).any?
+                FileUtils.mkdir_p(migration_dir) unless File.directory?(migration_dir)
+                create_migration_with_timestamp_for_path("create_app_user", 2, migration_path)
+                say "Created app user migration for #{db_name} in #{migration_path}", :green
+              else
+                say "App user migration already exists for #{db_name} in #{migration_path}, skipping creation", :yellow
+              end
+            end
+          else
+            say "No migrations_paths defined for database '#{db_name}', skipping app user migration", :yellow
+          end
+        end
+
+        # Handle primary database (default behavior)
+        unless Dir.glob(File.join(destination_root, "db/migrate/*_create_app_user.rb")).any?
+          create_migration_with_timestamp("create_app_user", 2)
+        else
+          say "App user migration already exists for primary database, skipping creation", :yellow
+        end
+      end
+
+      def create_migration_with_timestamp(migration_type, order)
+        base_timestamp = Time.current.strftime("%Y%m%d%H%M")
+        timestamp = "#{base_timestamp}#{sprintf('%02d', order)}"
+        
+        case migration_type
+        when "enable_uuid"
+          render_shared_template "enable_uuid_extension.rb", "db/migrate/#{timestamp}_enable_uuid_extension.rb"
+        when "create_app_user"
+          render_shared_template "create_app_user.rb", "db/migrate/#{timestamp}_create_app_user.rb"
+        when "create_tenant"
+          tenant_class_name = RlsMultiTenant.tenant_class_name
+          render_shared_template "create_tenant.rb", "db/migrate/#{timestamp}_create_#{tenant_class_name.underscore.pluralize}.rb"
+        end
+      end
+
+      def create_migration_with_timestamp_for_path(migration_type, order, migration_path)
+        base_timestamp = Time.current.strftime("%Y%m%d%H%M")
+        timestamp = "#{base_timestamp}#{sprintf('%02d', order)}"
+        
+        case migration_type
+        when "create_app_user"
+          render_shared_template "create_app_user.rb", "#{migration_path}/#{timestamp}_create_app_user.rb"
+        end
+      end
+    end
+  end
+end

data/lib/rls_multi_tenant/generators/{install → setup}/templates/tenant_model.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Tenant < ApplicationRecord
+class <%= RlsMultiTenant.tenant_class_name %> < ApplicationRecord
   include RlsMultiTenant::Concerns::TenantContext
 
   validates :name, presence: true

data/lib/rls_multi_tenant/generators/shared/template_helper.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module RlsMultiTenant
+  module Generators
+    module Shared
+      module TemplateHelper
+        extend ActiveSupport::Concern
+
+        private
+
+        def shared_template_path
+          File.expand_path("templates", File.dirname(__FILE__))
+        end
+
+        def copy_shared_template(template_name, destination_path)
+          template_path = File.join(shared_template_path, template_name)
+          copy_file template_path, destination_path
+        end
+
+        def shared_template_exists?(template_name)
+          File.exist?(File.join(shared_template_path, template_name))
+        end
+
+        def render_shared_template(template_name, destination_path, context = {})
+          template_path = File.join(shared_template_path, template_name)
+          template template_path, destination_path, context
+        end
+      end
+    end
+  end
+end

data/lib/rls_multi_tenant/generators/{install → shared}/templates/create_app_user.rb

@@ -19,6 +19,10 @@ class CreateAppUser < ActiveRecord::Migration[<%= Rails.version.to_f %>]
     execute "GRANT USAGE ON SCHEMA public TO #{app_user};"
     execute "GRANT CREATE ON SCHEMA public TO #{app_user};"
 
+    # Grant default permissions for future tables in public schema
+    execute "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO #{app_user};"
+    execute "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO #{app_user};"
+
     # Grant permissions on system tables
     execute "GRANT SELECT ON TABLE schema_migrations TO #{app_user};"
     execute "GRANT SELECT ON TABLE ar_internal_metadata TO #{app_user};"
@@ -30,6 +34,10 @@ class CreateAppUser < ActiveRecord::Migration[<%= Rails.version.to_f %>]
     # Revoke permissions
     execute "REVOKE ALL ON SCHEMA public FROM #{app_user};"
     execute "REVOKE CONNECT ON DATABASE #{ActiveRecord::Base.connection.current_database} FROM #{app_user};"
+
+    # Revoke default permissions for future tables in public schema
+    execute "ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE SELECT, INSERT, UPDATE, DELETE ON TABLES FROM #{app_user};"
+    execute "ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE USAGE, SELECT ON SEQUENCES FROM #{app_user};"
     
     # Drop user
     execute "DROP ROLE IF EXISTS #{app_user};"

data/lib/rls_multi_tenant/generators/shared/templates/create_tenant.rb

@@ -0,0 +1,11 @@
+class Create<%= RlsMultiTenant.tenant_class_name.pluralize %> < ActiveRecord::Migration[<%= Rails.version.to_f %>]
+  def change
+    create_table :<%= RlsMultiTenant.tenant_class_name.underscore.pluralize %>, id: :uuid do |t|
+      t.string :name, null: false
+
+      t.timestamps
+    end
+
+    add_index :<%= RlsMultiTenant.tenant_class_name.underscore.pluralize %>, :name, unique: true
+  end
+end

data/lib/rls_multi_tenant/generators/task/task_generator.rb

@@ -1,16 +1,19 @@
 # frozen_string_literal: true
 
 require 'rails/generators'
+require 'rls_multi_tenant/generators/shared/template_helper'
 
 module RlsMultiTenant
   module Generators
     class TaskGenerator < Rails::Generators::Base
+      include Shared::TemplateHelper
+      
       source_root File.expand_path("templates", __dir__)
 
       desc "Generate RLS Multi-tenant rake tasks"
 
       def create_db_admin_task
-        template "db_admin.rake", "lib/tasks/db_admin.rake"
+        copy_shared_template "db_admin.rake", "lib/tasks/db_admin.rake"
         show_instructions
       end
 

data/lib/rls_multi_tenant/railtie.rb

@@ -5,6 +5,7 @@ module RlsMultiTenant
     # Load generators after Rails is fully initialized
     initializer "rls_multi_tenant.load_generators", after: :set_routes_reloader do |app|
       require "rls_multi_tenant/generators/install/install_generator"
+      require "rls_multi_tenant/generators/setup/setup_generator"
       require "rls_multi_tenant/generators/migration/migration_generator"
       require "rls_multi_tenant/generators/model/model_generator"
       require "rls_multi_tenant/generators/task/task_generator"

data/lib/rls_multi_tenant/rls_helper.rb

@@ -16,8 +16,9 @@ module RlsMultiTenant
         policy_name = "#{table_name}_app_user"
         ActiveRecord::Base.connection.execute("DROP POLICY IF EXISTS #{policy_name} ON #{table_name}")
         
+        tenant_session_var = "rls.#{RlsMultiTenant.tenant_id_column}"
         policy_sql = "CREATE POLICY #{policy_name} ON #{table_name} TO #{app_user} " \
-                    "USING (#{tenant_column} = NULLIF(current_setting('rls.tenant_id', TRUE), '')::uuid)"
+                    "USING (#{tenant_column} = NULLIF(current_setting('#{tenant_session_var}', TRUE), '')::uuid)"
         
         ActiveRecord::Base.connection.execute(policy_sql)
         

data/lib/rls_multi_tenant/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RlsMultiTenant
-  VERSION = "0.1.3"
+  VERSION = "0.1.5"
 end

data/lib/rls_multi_tenant.rb

@@ -5,9 +5,7 @@ require "rls_multi_tenant/concerns/multi_tenant"
 require "rls_multi_tenant/concerns/tenant_context"
 require "rls_multi_tenant/security_validator"
 require "rls_multi_tenant/rls_helper"
-# require "rls_multi_tenant/generators/install/install_generator" if defined?(Rails)
-# require "rls_multi_tenant/generators/migration/migration_generator" if defined?(Rails)
-# require "rls_multi_tenant/generators/model/model_generator" if defined?(Rails)
+require "rls_multi_tenant/generators/shared/template_helper"
 require "rls_multi_tenant/railtie" if defined?(Rails)
 
 module RlsMultiTenant

data/rls_multi_tenant.gemspec

@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = "https://github.com/codingways/rls_multi_tenant"
   spec.metadata["changelog_uri"] = "https://github.com/codingways/rls_multi_tenant/blob/main/CHANGELOG.md"
+  spec.metadata["bug_tracker_uri"] = "https://github.com/codingways/rls_multi_tenant/issues"
+  spec.metadata["documentation_uri"] = "https://github.com/codingways/rls_multi_tenant#readme"
 
   # Specify which files should be added to the gem when it is released.
   spec.files = Dir.chdir(__dir__) do
@@ -30,8 +32,8 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   # Dependencies
-  spec.add_dependency "rails", ">= 7.0"
-  spec.add_dependency "pg", ">= 1.0"
+  spec.add_dependency "rails", ">= 6.0", "< 9.0"
+  spec.add_dependency "pg", ">= 1.0", "< 3.0"
 
   # Development dependencies
   spec.add_development_dependency "rspec-rails", "~> 6.0"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rls_multi_tenant
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.5
 platform: ruby
 authors:
 - Coding Ways
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2025-09-10 00:00:00.000000000 Z
+date: 2025-09-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,14 +16,20 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '6.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '6.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -31,6 +37,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -38,6 +47,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -151,23 +163,20 @@ files:
 - lib/rls_multi_tenant/concerns/multi_tenant.rb
 - lib/rls_multi_tenant/concerns/tenant_context.rb
 - lib/rls_multi_tenant/generators/install/install_generator.rb
-- lib/rls_multi_tenant/generators/install/templates/create_app_user.rb
-- lib/rls_multi_tenant/generators/install/templates/create_tenant.rb
-- lib/rls_multi_tenant/generators/install/templates/db_admin.rake
-- lib/rls_multi_tenant/generators/install/templates/enable_rls.rb
-- lib/rls_multi_tenant/generators/install/templates/enable_uuid_extension.rb
 - lib/rls_multi_tenant/generators/install/templates/rls_multi_tenant.rb
-- lib/rls_multi_tenant/generators/install/templates/tenant_model.rb
 - lib/rls_multi_tenant/generators/migration/migration_generator.rb
-- lib/rls_multi_tenant/generators/migration/templates/create_app_user.rb
-- lib/rls_multi_tenant/generators/migration/templates/create_tenant.rb
 - lib/rls_multi_tenant/generators/migration/templates/enable_rls.rb
-- lib/rls_multi_tenant/generators/migration/templates/enable_uuid_extension.rb
 - lib/rls_multi_tenant/generators/model/model_generator.rb
 - lib/rls_multi_tenant/generators/model/templates/migration.rb
 - lib/rls_multi_tenant/generators/model/templates/model.rb
+- lib/rls_multi_tenant/generators/setup/setup_generator.rb
+- lib/rls_multi_tenant/generators/setup/templates/tenant_model.rb
+- lib/rls_multi_tenant/generators/shared/template_helper.rb
+- lib/rls_multi_tenant/generators/shared/templates/create_app_user.rb
+- lib/rls_multi_tenant/generators/shared/templates/create_tenant.rb
+- lib/rls_multi_tenant/generators/shared/templates/db_admin.rake
+- lib/rls_multi_tenant/generators/shared/templates/enable_uuid_extension.rb
 - lib/rls_multi_tenant/generators/task/task_generator.rb
-- lib/rls_multi_tenant/generators/task/templates/db_admin.rake
 - lib/rls_multi_tenant/railtie.rb
 - lib/rls_multi_tenant/rls_helper.rb
 - lib/rls_multi_tenant/rls_multi_tenant.rb
@@ -181,6 +190,8 @@ metadata:
   homepage_uri: https://github.com/codingways/rls_multi_tenant
   source_code_uri: https://github.com/codingways/rls_multi_tenant
   changelog_uri: https://github.com/codingways/rls_multi_tenant/blob/main/CHANGELOG.md
+  bug_tracker_uri: https://github.com/codingways/rls_multi_tenant/issues
+  documentation_uri: https://github.com/codingways/rls_multi_tenant#readme
 post_install_message: 
 rdoc_options: []
 require_paths:

data/lib/rls_multi_tenant/generators/install/templates/create_tenant.rb

@@ -1,20 +0,0 @@
-class CreateTenants < ActiveRecord::Migration[<%= Rails.version.to_f %>]
-  def change
-    create_table :tenants, id: :uuid do |t|
-      t.string :name, null: false
-
-      t.timestamps
-    end
-
-    add_index :tenants, :name, unique: true
-
-    reversible do |dir|
-      dir.up do
-        execute "GRANT SELECT, INSERT, UPDATE, DELETE ON tenants TO #{ENV['<%= RlsMultiTenant.app_user_env_var %>']}"
-      end
-      dir.down do
-        execute "REVOKE SELECT, INSERT, UPDATE, DELETE ON tenants FROM #{ENV['<%= RlsMultiTenant.app_user_env_var %>']}"
-      end
-    end
-  end
-end

data/lib/rls_multi_tenant/generators/install/templates/enable_rls.rb

@@ -1,27 +0,0 @@
-class EnableRlsFor<%= table_name.camelize %> < ActiveRecord::Migration[<%= Rails.version.to_f %>]
-  def change
-    reversible do |dir|
-      dir.up do
-        # Enable Row Level Security
-        execute 'ALTER TABLE <%= table_name %> ENABLE ROW LEVEL SECURITY'
-        
-        # Create RLS policy
-        execute "CREATE POLICY <%= table_name %>_app_user ON <%= table_name %> TO #{ENV['<%= RlsMultiTenant.app_user_env_var %>']} USING (<%= RlsMultiTenant.tenant_id_column %> = NULLIF(current_setting('rls.tenant_id', TRUE), '')::uuid)"
-        
-        # Grant permissions
-        execute "GRANT SELECT, INSERT, UPDATE, DELETE ON <%= table_name %> TO #{ENV['<%= RlsMultiTenant.app_user_env_var %>']}"
-      end
-      
-      dir.down do
-        # Revoke permissions
-        execute "REVOKE SELECT, INSERT, UPDATE, DELETE ON <%= table_name %> FROM #{ENV['<%= RlsMultiTenant.app_user_env_var %>']}"
-        
-        # Drop policy
-        execute "DROP POLICY <%= table_name %>_app_user ON <%= table_name %>"
-        
-        # Disable RLS
-        execute "ALTER TABLE <%= table_name %> DISABLE ROW LEVEL SECURITY"
-      end
-    end
-  end
-end

data/lib/rls_multi_tenant/generators/migration/templates/create_app_user.rb

@@ -1,37 +0,0 @@
-class CreateAppUser < ActiveRecord::Migration[<%= Rails.version.to_f %>]
-  def up
-    app_user = ENV['<%= RlsMultiTenant.app_user_env_var %>']
-    app_password = ENV['POSTGRES_APP_PASSWORD']
-
-    # Create user with RLS privileges in PostgreSQL
-    execute <<-SQL
-      DO $$
-      BEGIN
-        IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '#{app_user}') THEN
-          CREATE ROLE #{app_user} WITH LOGIN PASSWORD '#{app_password}';
-        END IF;
-      END
-      $$;
-    SQL
-
-    # Grant basic permissions to the user
-    execute "GRANT CONNECT ON DATABASE #{ActiveRecord::Base.connection.current_database} TO #{app_user};"
-    execute "GRANT USAGE ON SCHEMA public TO #{app_user};"
-    execute "GRANT CREATE ON SCHEMA public TO #{app_user};"
-
-    # Grant permissions on system tables
-    execute "GRANT SELECT ON TABLE schema_migrations TO #{app_user};"
-    execute "GRANT SELECT ON TABLE ar_internal_metadata TO #{app_user};"
-  end
-
-  def down
-    app_user = ENV['<%= RlsMultiTenant.app_user_env_var %>']
-    
-    # Revoke permissions
-    execute "REVOKE ALL ON SCHEMA public FROM #{app_user};"
-    execute "REVOKE CONNECT ON DATABASE #{ActiveRecord::Base.connection.current_database} FROM #{app_user};"
-    
-    # Drop user
-    execute "DROP ROLE IF EXISTS #{app_user};"
-  end
-end

data/lib/rls_multi_tenant/generators/migration/templates/create_tenant.rb

@@ -1,20 +0,0 @@
-class CreateTenants < ActiveRecord::Migration[<%= Rails.version.to_f %>]
-  def change
-    create_table :tenants, id: :uuid do |t|
-      t.string :name, null: false
-
-      t.timestamps
-    end
-
-    add_index :tenants, :name, unique: true
-
-    reversible do |dir|
-      dir.up do
-        execute "GRANT SELECT, INSERT, UPDATE, DELETE ON tenants TO #{ENV['<%= RlsMultiTenant.app_user_env_var %>']}"
-      end
-      dir.down do
-        execute "REVOKE SELECT, INSERT, UPDATE, DELETE ON tenants FROM #{ENV['<%= RlsMultiTenant.app_user_env_var %>']}"
-      end
-    end
-  end
-end

data/lib/rls_multi_tenant/generators/migration/templates/enable_uuid_extension.rb

@@ -1,5 +0,0 @@
-class EnableUuidExtension < ActiveRecord::Migration[<%= Rails.version.to_f %>]
-  def change
-    enable_extension 'uuid-ossp'
-  end
-end

data/lib/rls_multi_tenant/generators/task/templates/db_admin.rake

@@ -1,24 +0,0 @@
-namespace :db_as do
-  desc "Run a db: task with admin privileges. Usage: `rails db_as:admin[migrate]`"
-  task :admin, [:sub_task] do |t, args|
-    sub_task = args[:sub_task]
-
-    # Check if a sub-task was provided
-    if sub_task.nil? || !Rake::Task.task_defined?("db:#{sub_task}")
-      puts "Usage: rails db_as:admin[sub_task]"
-      puts "Valid sub-tasks: #{Rake.application.tasks.map(&:name).select { |name| name.start_with?("db:") }.map { |name| name.split(':', 2).last }.uniq.sort.join(', ')}"
-      exit
-    end
-
-    database_url = "postgresql://#{ENV['POSTGRES_USER']}:#{ENV['POSTGRES_PASSWORD']}@#{ENV['POSTGRES_HOST']}:5432/#{ENV['POSTGRES_DB']}"
-
-    # Set the DATABASE_URL with admin user details.
-    ENV['DATABASE_URL'] = database_url
-    ENV['CACHE_DATABASE_URL'] = "#{database_url}_cache"
-    ENV['QUEUE_DATABASE_URL'] = "#{database_url}_queue"
-    ENV['CABLE_DATABASE_URL'] = "#{database_url}_cable"
-
-    puts "Executing db:#{sub_task} with admin privileges..."
-    Rake::Task["db:#{sub_task}"].invoke
-  end
-end