rls_multi_tenant 0.1.9 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fa585ee59105f64a9b7469703907c8cf24b4ed80873a7cb72476d3bb0bd2082a
|
|
4
|
+
data.tar.gz: b9676fcf8125dd896ad04d66b9832cb52ea0b08664e117e4d55cfd26a8309139
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1d43085f2d1b25d28aec9380e6d30993bb59738ede4b4259457cdcd63577d8f1f996216717de8b16f78eeae531b6c96579b5b5f49e7f83895bcbacbf1538cff1
|
|
7
|
+
data.tar.gz: 4caa1cc6a5d697dda6dea0f2feab0460d0436c7d4c16bd82b979000510e66cacb482e493021af0d1356a0285455ad8a499dd55a9b64a6051dc04a0fe8db53f91
|
|
@@ -16,6 +16,7 @@ module RlsMultiTenant
|
|
|
16
16
|
# Switch tenant context for a block
|
|
17
17
|
def switch(tenant_or_id)
|
|
18
18
|
tenant_id = extract_tenant_id(tenant_or_id)
|
|
19
|
+
validate_tenant_exists!(tenant_id)
|
|
19
20
|
connection.execute format(SET_TENANT_ID_SQL, tenant_session_var, connection.quote(tenant_id))
|
|
20
21
|
yield
|
|
21
22
|
ensure
|
|
@@ -25,6 +26,7 @@ module RlsMultiTenant
|
|
|
25
26
|
# Switch tenant context permanently (until reset)
|
|
26
27
|
def switch!(tenant_or_id)
|
|
27
28
|
tenant_id = extract_tenant_id(tenant_or_id)
|
|
29
|
+
validate_tenant_exists!(tenant_id)
|
|
28
30
|
connection.execute format(SET_TENANT_ID_SQL, tenant_session_var, connection.quote(tenant_id))
|
|
29
31
|
end
|
|
30
32
|
|
|
@@ -59,6 +61,14 @@ module RlsMultiTenant
|
|
|
59
61
|
raise ArgumentError, "Expected #{RlsMultiTenant.tenant_class_name} object or tenant_id, got #{tenant_or_id.class}"
|
|
60
62
|
end
|
|
61
63
|
end
|
|
64
|
+
|
|
65
|
+
def validate_tenant_exists!(tenant_id)
|
|
66
|
+
return if tenant_id.blank?
|
|
67
|
+
|
|
68
|
+
unless RlsMultiTenant.tenant_class.exists?(id: tenant_id)
|
|
69
|
+
raise StandardError, "#{RlsMultiTenant.tenant_class_name} with id '#{tenant_id}' not found"
|
|
70
|
+
end
|
|
71
|
+
end
|
|
62
72
|
end
|
|
63
73
|
|
|
64
74
|
# Instance methods
|
|
@@ -19,7 +19,8 @@ module RlsMultiTenant
|
|
|
19
19
|
|
|
20
20
|
if superuser_check && superuser_check['rolsuper']
|
|
21
21
|
raise SecurityError, "Database user '#{username}' has SUPERUSER privileges. " \
|
|
22
|
-
"In order to use RLS Multi-tenant, you must use a non-privileged user without SUPERUSER rights."
|
|
22
|
+
"In order to use RLS Multi-tenant, you must use a non-privileged user without SUPERUSER rights." \
|
|
23
|
+
"Did you remember to edit database.yml in order to use the POSTGRES_APP_USER and POSTGRES_APP_PASSWORD?"
|
|
23
24
|
end
|
|
24
25
|
|
|
25
26
|
# Log the security check result
|
|
@@ -41,7 +42,8 @@ module RlsMultiTenant
|
|
|
41
42
|
raise ConfigurationError, "#{RlsMultiTenant.app_user_env_var} environment variable must be set"
|
|
42
43
|
elsif ["postgres", "root"].include?(app_user)
|
|
43
44
|
raise SecurityError, "Cannot use privileged PostgreSQL user '#{app_user}'. " \
|
|
44
|
-
"In order to use RLS Multi-tenant, you must use a non-privileged user without SUPERUSER rights."
|
|
45
|
+
"In order to use RLS Multi-tenant, you must use a non-privileged user without SUPERUSER rights." \
|
|
46
|
+
"Did you remember to edit database.yml in order to use the POSTGRES_APP_USER and POSTGRES_APP_PASSWORD?"
|
|
45
47
|
end
|
|
46
48
|
end
|
|
47
49
|
|