Ash Framework•2mo ago

Subscriptions return all data regardless of tenant

I am running into an issue where all data is returned by a subscription even when multi-tenancy is set up. I have a product resource that belongs to an organization. The tenant attribute is the organization_id on the product. When creating a product, all subscribers receive the data including for products outside their tenant.

# in the product resource
graphql do
  type :product
  subscriptions do
    pubsub MyApp.Endpoint

    subscribe :product_created do
      action_types :create
      read_action :read
    end
  end
end

actions do
  defaults [:create, :read, :update, :destroy]
  default_accept [:name]
end

multitenancy do
  strategy :attribute
  attribute :organization_id
end

relationships do
  belongs_to :organization, MyApp.Accounts.Organization do
    public? true
  end
...
end

# in the product resource
graphql do
  type :product
  subscriptions do
    pubsub MyApp.Endpoint

    subscribe :product_created do
      action_types :create
      read_action :read
    end
  end
end

actions do
  defaults [:create, :read, :update, :destroy]
  default_accept [:name]
end

multitenancy do
  strategy :attribute
  attribute :organization_id
end

relationships do
  belongs_to :organization, MyApp.Accounts.Organization do
    public? true
  end
...
end

Is this behavior not implemented yet or is this a bug?

5 Replies

ZachDaniel•2mo ago

100% if thats happening it is a bug @barnabasj would need to confirm But if you could create a reproduction repo showing this behavior, or a test case in ash_graphql that would be very helpful and would help us help you faster 🙇‍♂️

Ty.nielson123OP•2mo ago

I'll do that. Thank you!

barnabasj•2mo ago

I can probably investigate a bit tomorrow

Ty.nielson123OP•2mo ago

I opened an issue here https://github.com/ash-project/ash_graphql/issues/352. And a test case here https://github.com/ash-project/ash_graphql/pull/351

GitHub

ash-project/ash_graphql

The extension for building GraphQL APIs with Ash. Contribute to ash-project/ash_graphql development by creating an account on GitHub.

GitHub

test: checks if multitenancy is respected by subscriptions by ty-ni...

Contributor checklist Leave anything that you believe does not apply unchecked. I accept the AI Policy, or AI was not used in the creation of this PR. Bug fixes include regression tests Chores ...

barnabasj•2mo ago

I created a PR that should fix the problem https://github.com/ash-project/ash_graphql/pull/353

GitHub

fix: only resolve notifications for the same tenant by barnabasJ ·...

Contributor checklist This should make the test in #351 in pass. Ash.can doesn&#39;t add the filter for the tenant, that&#39;s why we allowed the data to be passed through. But that would h...

Gaming

Programming

Subscriptions return all data regardless of tenant

Did you find this page helpful?