mirror of
https://github.com/ent/ent.git
synced 2026-05-24 09:31:56 +03:00
doc/md: improving privacy docs and multi tenant example (#1724)
* doc/md: improving privacy docs and multi tenant example * cr changes * removing error wrap in since it already exists in Denyf function * Apply suggestions from code review Co-authored-by: Ariel Mashraki <7413593+a8m@users.noreply.github.com> * cr fixes * Update doc/md/privacy.md * Update doc/md/privacy.md * Update doc/md/privacy.md * Update doc/md/privacy.md * Update examples/privacytenant/example_test.go * Update examples/privacytenant/rule/rule.go Co-authored-by: Ariel Mashraki <7413593+a8m@users.noreply.github.com>
This commit is contained in:
Zeev Manilovich
GitHub
@@ -45,7 +45,14 @@ func (Group) Edges() []ent.Edge {
|
||||
func (Group) Policy() ent.Policy {
|
||||
return privacy.Policy{
|
||||
Mutation: privacy.MutationPolicy{
|
||||
rule.DenyMismatchedTenants(),
|
||||
// Limit DenyMismatchedTenants only for
|
||||
// Create operations
|
||||
privacy.OnMutationOperation(
|
||||
rule.DenyMismatchedTenants(),
|
||||
ent.OpCreate,
|
||||
),
|
||||
// Limit the FilterTenantRule only for
|
||||
// UpdateOne and DeleteOne operations.
|
||||
privacy.OnMutationOperation(
|
||||
rule.FilterTenantRule(),
|
||||
ent.OpUpdateOne|ent.OpDeleteOne,
|
||||
|
||||
@@ -36,7 +36,7 @@ func Example_PrivacyTenant() {
|
||||
// Tenant(id=1, name=GitHub)
|
||||
// Tenant(id=2, name=GitLab)
|
||||
// User(id=1, name=a8m, foods=[])
|
||||
// User(id=2, name=nati, foods=[Sushi Burritos])
|
||||
// User(id=2, name=nati, foods=[])
|
||||
// Group(id=1, name=entgo.io)
|
||||
// Group(id=1, name=entgo)
|
||||
}
|
||||
@@ -48,31 +48,31 @@ func Do(ctx context.Context, client *ent.Client) error {
|
||||
return fmt.Errorf("expect operation to fail, but got %w", err)
|
||||
}
|
||||
// Deny tenant creation if the viewer is not admin.
|
||||
viewOnly := viewer.NewContext(ctx, viewer.UserViewer{Role: viewer.View})
|
||||
if _, err := client.Tenant.Create().Save(viewOnly); !errors.Is(err, privacy.Deny) {
|
||||
viewCtx := viewer.NewContext(ctx, viewer.UserViewer{Role: viewer.View})
|
||||
if _, err := client.Tenant.Create().Save(viewCtx); !errors.Is(err, privacy.Deny) {
|
||||
return fmt.Errorf("expect operation to fail, but got %w", err)
|
||||
}
|
||||
// Apply the same operation with "Admin" role.
|
||||
admin := viewer.NewContext(ctx, viewer.UserViewer{Role: viewer.Admin})
|
||||
hub, err := client.Tenant.Create().SetName("GitHub").Save(admin)
|
||||
// Apply the same operation with "Admin" role, expect it to pass.
|
||||
adminCtx := viewer.NewContext(ctx, viewer.UserViewer{Role: viewer.Admin})
|
||||
hub, err := client.Tenant.Create().SetName("GitHub").Save(adminCtx)
|
||||
if err != nil {
|
||||
return fmt.Errorf("expect operation to pass, but got %w", err)
|
||||
}
|
||||
fmt.Println(hub)
|
||||
lab, err := client.Tenant.Create().SetName("GitLab").Save(admin)
|
||||
lab, err := client.Tenant.Create().SetName("GitLab").Save(adminCtx)
|
||||
if err != nil {
|
||||
return fmt.Errorf("expect operation to pass, but got %w", err)
|
||||
}
|
||||
fmt.Println(lab)
|
||||
|
||||
// Create 2 users connected to the 2 tenants we created above (a8m->GitHub, nati->GitLab).
|
||||
a8m := client.User.Create().SetName("a8m").SetTenant(hub).SaveX(admin)
|
||||
nati := client.User.Create().SetName("nati").SetTenant(lab).SetFoods([]string{"Sushi", "Burritos"}).SaveX(admin)
|
||||
// Create 2 users connected to the 2 tenants we created above
|
||||
hubUser := client.User.Create().SetName("a8m").SetTenant(hub).SaveX(adminCtx)
|
||||
labUser := client.User.Create().SetName("nati").SetTenant(lab).SaveX(adminCtx)
|
||||
|
||||
hubView := viewer.NewContext(ctx, viewer.UserViewer{T: hub})
|
||||
out := client.User.Query().OnlyX(hubView)
|
||||
// Expect that "GitHub" tenant to read only its users (i.e. a8m).
|
||||
if out.ID != a8m.ID {
|
||||
if out.ID != hubUser.ID {
|
||||
return fmt.Errorf("expect result for user query, got %v", out)
|
||||
}
|
||||
fmt.Println(out)
|
||||
@@ -80,22 +80,22 @@ func Do(ctx context.Context, client *ent.Client) error {
|
||||
labView := viewer.NewContext(ctx, viewer.UserViewer{T: lab})
|
||||
out = client.User.Query().OnlyX(labView)
|
||||
// Expect that "GitLab" tenant to read only its users (i.e. nati).
|
||||
if out.ID != nati.ID {
|
||||
if out.ID != labUser.ID {
|
||||
return fmt.Errorf("expect result for user query, got %v", out)
|
||||
}
|
||||
fmt.Println(out)
|
||||
|
||||
// Expect operation to fail, because the DenyMismatchedTenants rule makes sure
|
||||
// the group and the users are connected to the same tenant.
|
||||
_, err = client.Group.Create().SetName("entgo.io").SetTenant(hub).AddUsers(nati).Save(admin)
|
||||
_, err = client.Group.Create().SetName("entgo.io").SetTenant(hub).AddUsers(labUser).Save(adminCtx)
|
||||
if !errors.Is(err, privacy.Deny) {
|
||||
return fmt.Errorf("expect operation to fail, since user (nati) is not connected to the same tenant")
|
||||
}
|
||||
_, err = client.Group.Create().SetName("entgo.io").SetTenant(hub).AddUsers(nati, a8m).Save(admin)
|
||||
_, err = client.Group.Create().SetName("entgo.io").SetTenant(hub).AddUsers(labUser, hubUser).Save(adminCtx)
|
||||
if !errors.Is(err, privacy.Deny) {
|
||||
return fmt.Errorf("expect operation to fail, since some users (nati) are not connected to the same tenant")
|
||||
}
|
||||
entgo, err := client.Group.Create().SetName("entgo.io").SetTenant(hub).AddUsers(a8m).Save(admin)
|
||||
entgo, err := client.Group.Create().SetName("entgo.io").SetTenant(hub).AddUsers(hubUser).Save(adminCtx)
|
||||
if err != nil {
|
||||
return fmt.Errorf("expect operation to pass, but got %w", err)
|
||||
}
|
||||
@@ -105,7 +105,7 @@ func Do(ctx context.Context, client *ent.Client) error {
|
||||
// that tenants can update and delete only their groups.
|
||||
err = entgo.Update().SetName("fail.go").Exec(labView)
|
||||
if !ent.IsNotFound(err) {
|
||||
return fmt.Errorf("expect operation to fail, since the group (entgo) is managed by a different tenant (hub)")
|
||||
return fmt.Errorf("expect operation to fail, since the group (entgo) is managed by a different tenant (hub), but got %w", err)
|
||||
}
|
||||
entgo, err = entgo.Update().SetName("entgo").Save(hubView)
|
||||
if err != nil {
|
||||
|
||||
@@ -39,9 +39,11 @@ func AllowIfAdmin() privacy.QueryMutationRule {
|
||||
})
|
||||
}
|
||||
|
||||
// FilterTenantRule is a query rule that filters out entities that are not in the tenant.
|
||||
// FilterTenantRule is a query/mutation rule that filters out entities that are not in the tenant.
|
||||
func FilterTenantRule() privacy.QueryMutationRule {
|
||||
type TeamsFilter interface {
|
||||
// TenantsFilter is an interface to wrap WhereHasTenantWith()
|
||||
// predicate that is used by both `Group` and `User` schemas.
|
||||
type TenantsFilter interface {
|
||||
WhereHasTenantWith(...predicate.Tenant)
|
||||
}
|
||||
return privacy.FilterFunc(func(ctx context.Context, f privacy.Filter) error {
|
||||
@@ -49,22 +51,21 @@ func FilterTenantRule() privacy.QueryMutationRule {
|
||||
if view.Tenant() == "" {
|
||||
return privacy.Denyf("missing tenant information in viewer")
|
||||
}
|
||||
tf, ok := f.(TeamsFilter)
|
||||
tf, ok := f.(TenantsFilter)
|
||||
if !ok {
|
||||
return privacy.Denyf("unexpected filter type %T", f)
|
||||
}
|
||||
// Make sure that a tenant is able to read only entities that
|
||||
// has an edge to it.
|
||||
// Make sure that a tenant reads only entities that has an edge to it.
|
||||
tf.WhereHasTenantWith(tenant.Name(view.Tenant()))
|
||||
// Skip to the next privacy rule (equivalent to return nil).
|
||||
return privacy.Skip
|
||||
})
|
||||
}
|
||||
|
||||
// DenyMismatchedTenants is a rule that returns a deny decision if the operations
|
||||
// tries to add users to groups that are not in the same tenant.
|
||||
// DenyMismatchedTenants is a rule that runs only on create operations and returns a deny
|
||||
// decision if the operation tries to add users to groups that are not in the same tenant.
|
||||
func DenyMismatchedTenants() privacy.MutationRule {
|
||||
rule := privacy.GroupMutationRuleFunc(func(ctx context.Context, m *ent.GroupMutation) error {
|
||||
return privacy.GroupMutationRuleFunc(func(ctx context.Context, m *ent.GroupMutation) error {
|
||||
tid, exists := m.TenantID()
|
||||
if !exists {
|
||||
return privacy.Denyf("missing tenant information in mutation")
|
||||
@@ -76,16 +77,14 @@ func DenyMismatchedTenants() privacy.MutationRule {
|
||||
}
|
||||
// Query the tenant-id of all users. Expect to have exact 1 result,
|
||||
// and it matches the tenant-id of the group above.
|
||||
uid, err := m.Client().User.Query().Where(user.IDIn(users...)).QueryTenant().OnlyID(ctx)
|
||||
id, err := m.Client().User.Query().Where(user.IDIn(users...)).QueryTenant().OnlyID(ctx)
|
||||
if err != nil {
|
||||
return privacy.Denyf("querying the tenant-id %v", err)
|
||||
}
|
||||
if uid != tid {
|
||||
return privacy.Denyf("mismatch tenant-ids for group/users %d != %d", tid, uid)
|
||||
if id != tid {
|
||||
return privacy.Denyf("mismatch tenant-ids for group/users %d != %d", tid, id)
|
||||
}
|
||||
// Skip to the next privacy rule (equivalent to return nil).
|
||||
return privacy.Skip
|
||||
})
|
||||
// Evaluate the mutation rule only on group creation.
|
||||
return privacy.OnMutationOperation(rule, ent.OpCreate)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user