Help with tenant-aware operations

[dkmanolov]

Hi,

Thank you for providing this awesome boilerplate! Can you please help me with some samples on how to apply some tenant awareness. For example how to get all users that are part of my current user tenant, because /users returns all existing users in all tenants? I'm new to Loopback and I don't know if it is correct to bind the tenant in the repository and filter there or there is some different approach.

[akshatdubeysf]

Hi @dkmanolov,

Yes, you can bind the user/tenant at the repository level to restrict the access of users, by implementing a new function in the repository that only gives the filtered results based on this user/tenant; You can use the AuthenticationBindings.CURRENT_USER binding to get the current user -

@inject.getter(AuthenticationBindings.CURRENT_USER)
protected readonly getCurrentUser: Getter<IAuthUserWithPermissions | undefined>

[dkmanolov]

Thank you @akshatdubeysf !

[sambathsrey]

could you provide more specific example? Example I have a table "blog" in that that do i need an identifier column "tenant_id" to allow repository to filter?

[akshatdubeysf]

Hi @sambathsrey ,

You can use base repository like this one to add created by and modified by fields to your model, then simply use these fields to filter the data in the repository.

[sambathsrey]

In case the models are created by super_admin(dashboard). Which tenant that model belong to?

[akshatdubeysf]

Ok so each user can be related to multiple tenants, but each userTenantId is related to only one tenant, and the userTenantId is the one that you are supposed to save in the createdBy or modifiedBy fields. As even a superAdmin would get a token for only one tenant at a time, his userTenantId would be related to only the tenant he logged in for.

[sambathsrey]

Ok. column createdBy or modifiedBy defines the userTenant. So if we know the userTenant belong to which tenant then we can know the models belong to the same tenant as userTenant. I got it. But how to perform query like blogRepository.find({where: .......}). I have concern about it, could you provide me a snippet of code how to perform filter?

[akshatdubeysf]

I have shared the repo that does this for userTenantId, you just to replicate that for tenantId

[akshatdubeysf]

for example -

  async create(entity: DataObject<T>, options?: Options): Promise<T> {
    let currentUser = await this.getCurrentUser();
    currentUser = currentUser ?? options?.currentUser;
    if (!currentUser) {
      throw new HttpErrors.Forbidden(AuthErrorKeys.InvalidCredentials);
    }
    entity.tenantId = user.tenantId;
   return super.create(entity, options);
  }

and then -

repo.find({
  where: {
    tenantId: 'someId'
  }
});

[sambathsrey]

so in the model should we define tenantId as a foreign key or just a normal column?

[akshatdubeysf]

If the tenants model and your tenant aware model are in the same db, then you can keep it as a foreign key otherwise no.