8 replies

Bypassing tenancy & authorization to load related data in special read

Th following action reads the received invitation of a user to join the establishment of an organization (both are tenants, org being the top tenant).

read :get_received_invitation do
  multitenancy :bypass
  get_by :id
  prepare build(load: [:inviter, establishment: [:organization]])
  filter expr(email == ^actor(:email))
end

read :get_received_invitation do
  multitenancy :bypass
  get_by :id
  prepare build(load: [:inviter, establishment: [:organization]])
  filter expr(email == ^actor(:email))
end

read :get_received_invitation do
  multitenancy :bypass
  get_by :id
  prepare build(load: [:inviter, establishment: [:organization]])
  filter expr(email == ^actor(:email))
end

read :get_received_invitation do
  multitenancy :bypass
  get_by :id
  prepare build(load: [:inviter, establishment: [:organization]])
  filter expr(email == ^actor(:email))
end

It successfully reads the invitation (which belongs to the establishment tenant) thanks to

multitenancy :bypass

multitenancy :bypass

multitenancy :bypass

multitenancy :bypass

However, loading inviter (an establishment_user) requires a tenant to be set, and establishment returns nil — I’m guessing because the policy doesn’t allow reading establishment data unless you’re a member, which we aren’t here (yet).

This means we never even reach organization (top-level tenant).

How can I bypass tenancy & authorization policies just for this exceptional case so I can load related data (inviter, establishment, organization)?

Solution

:bypass_all

:bypass_all

:bypass_all

:bypass_all IIRC

Jump to solution

Bypassing tenancy & authorization to load related data in special read

Similar Threads

Similar Threads

Similar Threads