1

I am building an app that uses a multi tenant architecture as follows

User architecture

  • tenant_name: Name of the user
  • tenant_id: ObjectID

Multi tenant DB

mongoose schema

  • widget: Data for widget
  • Area: location for widget
  • Tenant_identifier: ObjectID from user architecture

API

I have implemented the login using webtokens and i am able to identify the logged in user etc. What is the best implementation of the API such that it returns only the records in multi tenant DB based on the tenant_id.

Can i write an access layer that filters the data in the API server or should i pass the objectID in the findBy routine of mongoose. I am looking for some design patterns for implementation.

I am using DaftMonks Generator as a starting point https://github.com/DaftMonk/generator-angular-fullstack

Thanks

Jérôme Teisseire
  • 1,518
  • 1
  • 16
  • 26
Uma Maheshwaraa
  • 563
  • 2
  • 9
  • 17

1 Answers1

0

You should add the ObjectId to the queries and not filter the data after you retrieved it from the database.

Using the ObjectId as extra query condition (which is implicitly AND'ed with any other conditions that you query for) will not only limit the amount of data that the database will have to return, but with proper indexes in place it will also be pretty fast.

robertklep
  • 198,204
  • 35
  • 394
  • 381