Right now, on each of the controllers, we're simply retrieving the Business Unit and Organization ID from context. Shown in the example below.
userID, ok := r.Context().Value(middleware.ContextKeyUserID).(uuid.UUID)
buID, ok := r.Context().Value(middleware.ContextKeyBuID).(uuid.UUID)
orgID, ok := r.Context().Value(middleware.ContextKeyOrgID).(uuid.UUID)
Once these are grabbed we then pass these into services that query the database for the proper results. Of course, this is more of a controlled approach ,but the policy will do the same thing.
This will likely extend into us adding policies that control rbac to ensure the user can only see information based on their role within the application.
Implement multi-tenancy using a Ent Privacy Option .
Specifically we should look at the Ent Privacy Multi Tenancy example .
Right now, on each of the controllers, we're simply retrieving the Business Unit and Organization ID from context. Shown in the example below.
Once these are grabbed we then pass these into services that query the database for the proper results. Of course, this is more of a controlled approach ,but the policy will do the same thing.
This will likely extend into us adding policies that control rbac to ensure the user can only see information based on their role within the application.