How to write a policy to ensure the user belongs to the tenant through a membership relation?
I have read many examples on multitenancy implementation with Ash, but most of these examples assume that the user belongs to one tenant.
In my case, a user can belong to one or more tenants and can switch from one to another using a select list.
We therefore have three resources, Organization, User, and Membership, to make the connection. Our application mainly uses a JSON API where we pass an authentication token in each request, as well as a custom X-Org-Id header with the current tenant ID the user selected.
I would like to create a policy that ensures that the user belongs to the organization through the Membership relationship.
I thought about using the
This use case seems standard to me, so I'm thinking I'm probably missing something. Any ideas on how I could do this?
Edit: Whitout that check, it means that the User could create ressource under Organization that he does not belongs to, correct?
In my case, a user can belong to one or more tenants and can switch from one to another using a select list.
We therefore have three resources, Organization, User, and Membership, to make the connection. Our application mainly uses a JSON API where we pass an authentication token in each request, as well as a custom X-Org-Id header with the current tenant ID the user selected.
I would like to create a policy that ensures that the user belongs to the organization through the Membership relationship.
I thought about using the
relates_to_actor_viaThis use case seems standard to me, so I'm thinking I'm probably missing something. Any ideas on how I could do this?
Edit: Whitout that check, it means that the User could create ressource under Organization that he does not belongs to, correct?
Solution
You should be able to create a SimpleCheck that can confirm that the actor has a membership for the tenant though: https://hexdocs.pm/ash/Ash.Policy.SimpleCheck.html#content
The Elixir backend framework for unparalleled productivity. Declarative tools that let you stop wasting time. Use with Phoenix LiveView or build APIs in minutes for your front-end of choice.
2,193Members
Resources
Was this page helpful?
