suus-io / rls_rails Goto Github PK
View Code? Open in Web Editor NEWRow Level Security for Ruby on Rails
License: MIT License
rls_rails's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
dsojevic yasirazgar ezesundayeze mohammedyasir jkraemer dandush03 snawar92 recitalsoftware tillawy vishvish jordanstephens slipwise downhomerls_rails's Issues
NameError: uninitialized constant CreateRlsFunctions
Getting this error when running the generated migration,
NameError: uninitialized constant CreateRlsFunctions
Issue is in generator where file name of the migration is not as same migration class name.
`rspec` tests fail because policies are not applied to the test database unless the `structure.sql` file is being used
I have found that it is required to add the line:
config.active_record.schema_format = :sql
to the config/application.rb file in order to be able to pass my rspec tests because the test database was getting the schema.rb file contents for testing which does not contain the policies that are required to enforce RLS.
Should I add a note to the readme and open a PR?
NoMethodError: undefined method `tenant_class=' for nil:NilClass
NoMethodError: undefined method `tenant_class=' for nil:NilClass
/samp/config/initializers/rls_rails.rb:2
Looks like issue in initialiser generated by generator
Should be
RLS.configure do |config|
config.tenant_class = Tenant
config.tenant_fk = :tenant_id
config.policy_dir = 'db/policies'
end
instead of
RLS.configure do |config|
config.rls_rails.tenant_class = Tenant
config.rls_rails.tenant_fk = :tenant_id
config.rls_rails.policy_dir = 'db/policies'
end
not sure though.
rename method recreate.rake#execute
The method execute defined in recreate.rake seems to conflicting with rails database statement's execute method.
rls_status not getting set properly
RLS.set_tenant Tenant.find(33)
=> {:user_id=>"", :tenant_id=>"33", :disabled=>"true"}
2.6.6 :026 > RLS.disabled?
=> false
Correct behaviour
RLS.set_tenant Tenant.find(33)
=> {:user_id=>"", :tenant_id=>"33", :disabled=>"false"}
2.6.6 :026 > RLS.disabled?
=> false
Help with Setup
Hello, I've read all the docs about RLS and I still can't get it to work. I feel there's something I'm missing so any help would be great! If we can get it to work we start using it on a large-scale application.
Issue
Basically when I set the current tenant and run User.all I expect only the Users for the current tenant to be returned but I'm getting all users for all tenants. Can you see why it won't return only one User?
admin_1 = Admin.create(name: 'Admin 1')
admin_2 = Admin.create(name: 'Admin 2')
user_1 = User.create(name: 'user 1', admin: admin_1)
user_2 = User.create(name: 'user 2', admin: admin_2)
RLS.set_tenant Admin.first
RLS.enable!
User.all.pluck(:name)
(2.5ms) SELECT "users"."name" FROM "users"
=> ["user 1", "user 2"]
# As you can see it returns both names. I'm expecting it to return ["user 1"]
Setup
I've created a new rails app so I can test how this works.
I have 2 models, an Admin and a User. Admin has many users and Admin is the tenant model.
My setup is this:
# /initalizers
RLS.configure do |config|
config.tenant_class = Admin
config.tenant_fk = :admin_id
config.policy_dir = 'db/policies'
end
# /db/users/usersv01.rb
RLS.policies_for :users do
using_tenant
end
I've run the create_rls_functions.rb migration and the below one
# migration
class CreatePolicies < ActiveRecord::Migration[6.1]
def change
create_policy(:users, version: 1)
enable_rls(:users, force: false)
end
end
It's created a user table that looks like this. I can see the policy below:
row_level_security_development=# \d users
Table "public.users"
Column | Type | Collation | Nullable | Default
------------+--------------------------------+-----------+----------+-----------------------------------
id | bigint | | not null | nextval('users_id_seq'::regclass)
admin_id | bigint | | not null |
name | character varying | | |
created_at | timestamp(6) without time zone | | not null |
updated_at | timestamp(6) without time zone | | not null |
Indexes:
"users_pkey" PRIMARY KEY, btree (id)
"index_users_on_admin_id" btree (admin_id)
Foreign-key constraints:
"fk_rails_1694bfe639" FOREIGN KEY (admin_id) REFERENCES admins(id)
Referenced by:
TABLE "books" CONSTRAINT "fk_rails_bc582ddd02" FOREIGN KEY (user_id) REFERENCES users(id)
Policies (forced row security enabled):
POLICY "all_when_disabled_rls"
USING (rls_disabled())
POLICY "match_tenant"
USING ((current_tenant_id() = admin_id))
```
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.