suus-io / rls_rails Goto Github PK
View Code? Open in Web Editor NEWRow Level Security for Ruby on Rails
License: MIT License
Row Level Security for Ruby on Rails
License: MIT License
Getting this error when running the generated migration,
NameError: uninitialized constant CreateRlsFunctions
Issue is in generator where file name of the migration is not as same migration class name.
I have found that it is required to add the line:
config.active_record.schema_format = :sql
to the config/application.rb
file in order to be able to pass my rspec
tests because the test database was getting the schema.rb
file contents for testing which does not contain the policies that are required to enforce RLS.
Should I add a note to the readme and open a PR?
NoMethodError: undefined method `tenant_class=' for nil:NilClass
/samp/config/initializers/rls_rails.rb:2
Looks like issue in initialiser generated by generator
Should be
RLS.configure do |config|
config.tenant_class = Tenant
config.tenant_fk = :tenant_id
config.policy_dir = 'db/policies'
end
instead of
RLS.configure do |config|
config.rls_rails.tenant_class = Tenant
config.rls_rails.tenant_fk = :tenant_id
config.rls_rails.policy_dir = 'db/policies'
end
not sure though.
The method execute defined in recreate.rake seems to conflicting with rails database statement's execute method.
RLS.set_tenant Tenant.find(33)
=> {:user_id=>"", :tenant_id=>"33", :disabled=>"true"}
2.6.6 :026 > RLS.disabled?
=> false
Correct behaviour
RLS.set_tenant Tenant.find(33)
=> {:user_id=>"", :tenant_id=>"33", :disabled=>"false"}
2.6.6 :026 > RLS.disabled?
=> false
Hello, I've read all the docs about RLS and I still can't get it to work. I feel there's something I'm missing so any help would be great! If we can get it to work we start using it on a large-scale application.
Basically when I set the current tenant and run User.all
I expect only the Users for the current tenant to be returned but I'm getting all users for all tenants. Can you see why it won't return only one User?
admin_1 = Admin.create(name: 'Admin 1')
admin_2 = Admin.create(name: 'Admin 2')
user_1 = User.create(name: 'user 1', admin: admin_1)
user_2 = User.create(name: 'user 2', admin: admin_2)
RLS.set_tenant Admin.first
RLS.enable!
User.all.pluck(:name)
(2.5ms) SELECT "users"."name" FROM "users"
=> ["user 1", "user 2"]
# As you can see it returns both names. I'm expecting it to return ["user 1"]
I've created a new rails app so I can test how this works.
I have 2 models, an Admin
and a User
. Admin has many users and Admin is the tenant model.
My setup is this:
# /initalizers
RLS.configure do |config|
config.tenant_class = Admin
config.tenant_fk = :admin_id
config.policy_dir = 'db/policies'
end
# /db/users/usersv01.rb
RLS.policies_for :users do
using_tenant
end
I've run the create_rls_functions.rb
migration and the below one
# migration
class CreatePolicies < ActiveRecord::Migration[6.1]
def change
create_policy(:users, version: 1)
enable_rls(:users, force: false)
end
end
It's created a user table that looks like this. I can see the policy below:
row_level_security_development=# \d users
Table "public.users"
Column | Type | Collation | Nullable | Default
------------+--------------------------------+-----------+----------+-----------------------------------
id | bigint | | not null | nextval('users_id_seq'::regclass)
admin_id | bigint | | not null |
name | character varying | | |
created_at | timestamp(6) without time zone | | not null |
updated_at | timestamp(6) without time zone | | not null |
Indexes:
"users_pkey" PRIMARY KEY, btree (id)
"index_users_on_admin_id" btree (admin_id)
Foreign-key constraints:
"fk_rails_1694bfe639" FOREIGN KEY (admin_id) REFERENCES admins(id)
Referenced by:
TABLE "books" CONSTRAINT "fk_rails_bc582ddd02" FOREIGN KEY (user_id) REFERENCES users(id)
Policies (forced row security enabled):
POLICY "all_when_disabled_rls"
USING (rls_disabled())
POLICY "match_tenant"
USING ((current_tenant_id() = admin_id))
```
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.