AF
Ash Framework•4mo ago
Marco Dell'Olio

Trickle down multitenancy :bypass

I have an entry point for a resource that bypasses the tenancy 
  read :get_public_event do
      get_by :id
      multitenancy :bypass
    end
  read :get_public_event do
      get_by :id
      multitenancy :bypass
    end
this resource preloads other tenanted resources returning an error 
** (Ash.Error.Invalid.TenantRequired) Bread Crumbs:
  > Error returned from: CalendarEvents.Ash.EventAttendee.read
  > Error returned from: CalendarEvents.Ash.Event.get_public_event
** (Ash.Error.Invalid.TenantRequired) Bread Crumbs:
  > Error returned from: CalendarEvents.Ash.EventAttendee.read
  > Error returned from: CalendarEvents.Ash.Event.get_public_event
is there a way to pass down that context or should I create a non tenanted interface for each resource?
17 Replies
ZachDaniel
ZachDaniel•4mo ago
There isn't a way currently. I can see how inconvenient it would be, so maybe we can add a feature for it, but you'll have to work around it w/ separate actiosn for now
Marco Dell'Olio
Marco Dell'OlioOP•4mo ago
is the :bypass option part of the context?
ZachDaniel
ZachDaniel•4mo ago
It is not, no
Marco Dell'Olio
Marco Dell'OlioOP•4mo ago
would that be a good way to do it? I assume the context get's propagate through the whole chain of actions
ZachDaniel
ZachDaniel•4mo ago
It does not, but "shared" context does, which is new Are you asking how we'd do it in core or how you'd propagate that down yourself?
Marco Dell'Olio
Marco Dell'OlioOP•4mo ago
yeah in case I want to open a PR
ZachDaniel
ZachDaniel•4mo ago
Gotcha, in that case yes that is likely how we'd do it 😄
Marco Dell'Olio
Marco Dell'OlioOP•4mo ago
are you able to point me where the actual tenant get used for filtering the query? is it here? https://github.com/xantrac/ash/blob/main/lib/ash/actions/update/update.ex#L742
Marco Dell'Olio
Marco Dell'OlioOP•4mo ago
https://github.com/ash-project/ash/pull/2154
GitHub
provide the tenant: :bypass option that can be configured at runtim...
Contributor checklist Leave anything that you believe does not apply unchecked. Bug fixes include regression tests Chores Documentation changes Features include unit/acceptance tests Refactor...
Marco Dell'Olio
Marco Dell'OlioOP•4mo ago
following up on this @Zach Daniel what kind of interface would you like? https://hexdocs.pm/ash/dsl-ash-resource.html#actions-read-multitenancy 
multitenancy :bypass
multitenancy_extend true
multitenancy :bypass
multitenancy_extend true
or 
multitenancy bypass: :extend
multitenancy bypass: :extend
or 
multitenancy :extended_bypass
multitenancy :extended_bypass
or else?
ZachDaniel
ZachDaniel•4mo ago
🤔 I think perhaps :bypass_all
Marco Dell'Olio
Marco Dell'OlioOP•4mo ago
do we have a way to identify the top level action when we handle relationships? I want to avoid if go through an action with this option enabled it will cascade down even if not specified in the top level action or at least being able to ask, is_top_level_query
ZachDaniel
ZachDaniel•4mo ago
'context[:accessing_from]` But I think whatever the rules are should be applied even if it's not the top level action
Marco Dell'Olio
Marco Dell'OlioOP•4mo ago
mmm that could lead to an unpredictable behavior though so you think if an intermediate resources has a bypass all action, all the following cascading ones should bypass ass well?
ZachDaniel
ZachDaniel•4mo ago
It's not done at the resource level but at an action level I see what you're saying though So you're saying it would only apply to immediate children
Marco Dell'Olio
Marco Dell'OlioOP•4mo ago
is the simple bypass logic actually implemented for create and update? I can't find any test in regard 
      like =
        Like
        |> Ash.Changeset.for_create(:bypass_tenant, %{post_id: post.id})
        |> Ash.create!()

      assert like.post_id == post.id
    end
      like =
        Like
        |> Ash.Changeset.for_create(:bypass_tenant, %{post_id: post.id})
        |> Ash.create!()

      assert like.post_id == post.id
    end
 Queries against the Ash.Actions.MultitenancyTest.Like resource require a tenant to be specified
       (ash 3.5.12) lib/ash/error/invalid/tenant_required.ex:5: Ash.Error.Invalid.TenantRequired.exception/1
 Queries against the Ash.Actions.MultitenancyTest.Like resource require a tenant to be specified
       (ash 3.5.12) lib/ash/error/invalid/tenant_required.ex:5: Ash.Error.Invalid.TenantRequired.exception/1
    create :bypass_tenant do
        multitenancy(:bypass)
      end
    create :bypass_tenant do
        multitenancy(:bypass)
      end
should I remove it from the docs?
Marco Dell'Olio
Marco Dell'OlioOP•4mo ago
this is r4r https://github.com/ash-project/ash/pull/2154
GitHub
provide the tenant: :bypass option that can be configured at runtim...
This PR allows the user to setup a new value bypass_all for the multitenancy option in the read action. With bypass_all the user can recursively bypass the tenancy of all the resources successively...

Did you find this page helpful?