RubyGems - rls_multi_tenant - Versions diffs - 0.1.8 → 0.2.0 - Mend

rls_multi_tenant 0.1.8 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/rls_multi_tenant/generators/setup/templates/tenant_model.rb +1 -0
data/lib/rls_multi_tenant/generators/shared/templates/create_app_user.rb +7 -3
data/lib/rls_multi_tenant/security_validator.rb +4 -2
data/lib/rls_multi_tenant/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3fb27124134b3487ef6f83347eca26c0ac64431e44a01d92cf70bd3dd5a03e20
-  data.tar.gz: a4fceedb11cdc42c788aad2c8c8ac11f6344d497ec2f62b002719c7cfc5a6179
+  metadata.gz: 49b6d40d5e29350f1911f16aa361beaad5b1ad28dfab6da452260cd535ff6dd1
+  data.tar.gz: ba39dd57c6690a60b5d8e1ed466d7b42e25b745920ff5016030a405d89360f88
 SHA512:
-  metadata.gz: adff1ce5bde6c15d358e67041982e0506c97fa5b1e7eee02fd69fbf9eab3799fa67be034a8b584ea8cf5864a556751d1d8a679e3adf49cddbedc995d988b98d7
-  data.tar.gz: 0c125b52250a2fce049e4f0965af09c4ae13f75f8a7516b58f6a6d136179821471a2f7ff24340ba3654f2cfa1ec4bcf2af29d4ab76ddb58ddad2e3643edc5dbd
+  metadata.gz: 7f8c83ceedec1aa0dfee0bb9ab01c8123ce6bf58a1b75a5f6b6ea5ec083803ec917d526504c9f5897a274f40bf3eb2dd6ccd856b7f9ecee69b36c0ac2d90642a
+  data.tar.gz: 6e673789ff292c0258411c9e46cf3a7a899f862771b760651acdc9c8662540fb9b1674650238a3472ac80275004f910f673ca516099b86eddc26c2151929ed23

data/lib/rls_multi_tenant/generators/setup/templates/tenant_model.rb CHANGED Viewed

@@ -4,4 +4,5 @@ class <%= RlsMultiTenant.tenant_class_name %> < ApplicationRecord
   include RlsMultiTenant::Concerns::TenantContext
   validates :name, presence: true
+  validates :subdomain, presence: true, uniqueness: true
 end

data/lib/rls_multi_tenant/generators/shared/templates/create_app_user.rb CHANGED Viewed

@@ -23,9 +23,9 @@ class CreateAppUser < ActiveRecord::Migration[<%= Rails.version.to_f %>]
     execute "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO #{app_user};"
     execute "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO #{app_user};"
-    # Grant permissions on system tables
-    execute "GRANT SELECT ON TABLE schema_migrations TO #{app_user};"
-    execute "GRANT SELECT ON TABLE ar_internal_metadata TO #{app_user};"
+    # Grant permissions on all existing tables
+    execute "GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO #{app_user};"
+    execute "GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO #{app_user};"
   end
   def down
@@ -35,6 +35,10 @@ class CreateAppUser < ActiveRecord::Migration[<%= Rails.version.to_f %>]
     execute "REVOKE ALL ON SCHEMA public FROM #{app_user};"
     execute "REVOKE CONNECT ON DATABASE #{ActiveRecord::Base.connection.current_database} FROM #{app_user};"
+    # Revoke permissions from all existing tables and sequences
+    execute "REVOKE ALL ON ALL TABLES IN SCHEMA public FROM #{app_user};"
+    execute "REVOKE ALL ON ALL SEQUENCES IN SCHEMA public FROM #{app_user};"
     # Revoke default permissions for future tables in public schema
     execute "ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE SELECT, INSERT, UPDATE, DELETE ON TABLES FROM #{app_user};"
     execute "ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE USAGE, SELECT ON SEQUENCES FROM #{app_user};"

data/lib/rls_multi_tenant/security_validator.rb CHANGED Viewed

@@ -19,7 +19,8 @@ module RlsMultiTenant
           if superuser_check && superuser_check['rolsuper']
             raise SecurityError, "Database user '#{username}' has SUPERUSER privileges. " \
-                                "In order to use RLS Multi-tenant, you must use a non-privileged user without SUPERUSER rights."
+                                "In order to use RLS Multi-tenant, you must use a non-privileged user without SUPERUSER rights." \
+                                "Did you remember to edit database.yml in order to use the POSTGRES_APP_USER and POSTGRES_APP_PASSWORD?"
           end
           # Log the security check result
@@ -41,7 +42,8 @@ module RlsMultiTenant
           raise ConfigurationError, "#{RlsMultiTenant.app_user_env_var} environment variable must be set"
         elsif ["postgres", "root"].include?(app_user)
           raise SecurityError, "Cannot use privileged PostgreSQL user '#{app_user}'. " \
-                              "In order to use RLS Multi-tenant, you must use a non-privileged user without SUPERUSER rights."
+                              "In order to use RLS Multi-tenant, you must use a non-privileged user without SUPERUSER rights." \
+                              "Did you remember to edit database.yml in order to use the POSTGRES_APP_USER and POSTGRES_APP_PASSWORD?"
         end
       end

data/lib/rls_multi_tenant/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module RlsMultiTenant
-  VERSION = "0.1.8"
+  VERSION = "0.2.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rls_multi_tenant
 version: !ruby/object:Gem::Version
-  version: 0.1.8
+  version: 0.2.0
 platform: ruby
 authors:
 - Coding Ways