search

bernardopires / django-tenant-schemas

Tenant support for Django using PostgreSQL schemas.
https://django-tenant-schemas.readthedocs.org/en/latest/
MIT License
1.46k stars 424 forks source link

Preventing Access to Public Schema's Data #642

Closed mameen7 closed 4 years ago

mameen7 commented 4 years ago

I'm Using django_tenant_schemas in a project and i realized that the architecture in django tenant schemas involve giving all tenants access to public schema's data, which i don't want in my project. So my question here is, how can i prevent my tenants from accessing public schema's data.?

Mazuh commented 4 years ago

up! Wanting to know that too.

NotANormalNerd commented 4 years ago

That is really up to you. Structure your project accordingly and make permission checks in Django by yourself. That is nothing that this project has to handle. This is basic permission and ownership checking stuff. django-tenant-schema offers some help in that regard by separating some data out in separate schemas, but you are still responsible by yourself to separate data access by customer.

How can you prevent that?

from django.db import connection
Polls.objects.get(customer=connection.tenant)

for example. Otherwise move the data into the tenant schema.

mameen7 commented 4 years ago

Thank you for responding. But what i mean is inside the admin panel, all tenants have access to the models that are for the public schema, and i'm trying to prevent that. Please can you help!

Mazuh commented 4 years ago

@Algebra7, that's what I'm searching too, of ways to better integrate this with django-admin.

I found a vague idea of what must be done here: https://github.com/bernardopires/django-tenant-schemas/issues/554

@NotANormalNerd, if you have more ideas about this, share, pls.

Mazuh commented 4 years ago

@Algebra7, this may help, along with @NotANormalNerd suggestion: https://docs.djangoproject.com/en/3.0/ref/contrib/admin/#django.contrib.admin.ModelAdmin.get_queryset

i.e., use the get_queryset method to increase the filter used in your admin page based on django.db.connection.tenant instance

Mazuh commented 4 years ago

Also, if you're using the multitenancy by schema, you'll need to create different apps, at least 2, that is one for the public data (placed in shared_apps) and other for the tenants data (placed in tenant_apps). Then the django admin site of each tenant will already have the queries limited by that schema based on the models of that django app placed in tenant_apps.