Dresdn
commented
3 months ago The idea behind it was to fall back to Django's authentication session if not authenticated, but if authenticated, prevent automatically having access to TenantA and TenantB, if not using a permission middleware.
There are cases for everything, and this was one example as an optional middleware to showcase how it can be done since a few folks asked.
jgentil
Could you help me understand the decision around why unauthenticated users can always access a tenant, but authenticated users have to have specific permission to? I don't quite understand that at all. I would expect this middleware to reject all unauthenticated users to protect the tenant?