Closed thapabishwa closed 1 week ago
Let's make sure we're under the correct impressions here @thapabishwa. The entire point of django-tenant-users
is to allow users to log in to any tenant via a centralized User model. I see you have the TenantAccessMiddleware
, so my question would be: For a user with this erroneous behavior, what does their UserModel.tenants.all()
come back with? The middleware that is part of this package allows the user to access any tenant they've been "added to."
If that's not what you want, then I suggest rolling your own middleware to control tenant access.
Hi all, I'm trying to build a multi-tenant DRF API and I've configured django-tenants. Now I'm attempting to use django-tenant-users as it offers
Global Authentication
andTenant-Specific Permissions
.I think I've somewhat configured django-tenant-users. But I have problems because all users can access all tenants(including the public schema).
My project is best described as follows:
Right now, a user created in a tenant is able to login to an unrelated tenant as well as the Public Tenant and view/edit their private data.
I've followed the setup instructions as mentioned in the docs.
I've already attempted remediations mentioned in https://github.com/Corvia/django-tenant-users/issues/593.
Like mentioned in #593, I'm also using
tenant.add_user
method to add new users to the newly created tenant.Any help would be appreciated.
PS: Issue https://github.com/Corvia/django-tenant-users/issues/588 was specifically helpful when I had circular dependency errors.
Expected Behavior
A user created in a tenant should not be able to login to an unrelated tenant as well as the Public Tenant and view/edit their private data.
Actual Behavior
A user created in a tenant is able to login to an unrelated tenant as well as the Public Tenant and view/edit their private data.