0

I am using discriminator-based multi-tenancy in Grails 4, upgrading from Grails 2 where I used the hibernate-filter plugin. In Grails 2, I could disable the hibernate-filter in a Grails filter for admin roles - thereby not needing "if (admin)"-checks throughout my application. Can I somehow disable multi-tenancy in Grails 4 and keep it DRY?

Based on Jeffs comment, I rephrase my question for future references:

Can multitenancy be fully disabled for the entire request any time the request can be authenticated to come from a client that has an admin role?

wwwclaes
  • 1,152
  • 8
  • 12
  • 1
    Are you wanting multitenancy to be fully disabled for the entire request any time the request can be authenticated to come from a client that has an `admin` role? – Jeff Scott Brown Sep 23 '21 at 16:30
  • Exactly. You phrased it better than me :-) It would save me a lot of code if you know of any potential solution. – wwwclaes Sep 24 '21 at 05:15
  • Is your multitenancy code using `@CurrentTenant`, `Tenants.withCurrent`, a combination, or something else? – Jeff Scott Brown Sep 24 '21 at 18:15
  • I'm in the middle of the update, but right now I'm not using neither. I'm only using @WithoutTenant and Tenants.withoutId (in the philosophy of hibernate-filter-plugin). It "seems to work" and certainly applies tenancy in some degree, but I just now googled that it should be applied with mentioned current-methods everywhere? A bit confused at the moment, as to why it's working without those and the implications for admin to include these selectively. I'll give it a try next week, and then probably get back to you. Thanks! – wwwclaes Sep 24 '21 at 18:40
  • "A bit confused at the moment, as to why it's working without those and the implications for admin to include these selectively." - I too am confused. It isn't clear to me why or how that could work. I believe you that it is working, but that surprises me. – Jeff Scott Brown Sep 24 '21 at 18:49
  • I'm certain now that it works without any trace of @CurrentTenant or Tenants.withCurrent. Are you sure that it is not the convention (which I think would be useful)? Digging through files such as TenantDelegatingGormOperations & MultiTenantEventListener I get the feeling it might be. Back to the original question: Maybe I can somehow set MultiTenancyMode to NONE for the remainder of the request? Though I have a hard time figuring out how to get to it, if this gets to complicated, maybe I should handle it myself purely in application code. – wwwclaes Sep 27 '21 at 09:22
  • 1
    "Are you sure that it is not the convention..." - It may be that I am misunderstanding the description above but it is unclear to me how your system could be working. If it starts to look like a bug please file an issue at https://github.com/grails/grails-data-mapping/issues with a sample app and we can investigate. Best of luck! – Jeff Scott Brown Sep 27 '21 at 13:31
  • Thanks for your patience and aid, this became a discussion and SO is not an ideal forum for that. I will let the question linger for a while if I come up with a good solution, otherwise I may delete it later. Good luck with everything! – wwwclaes Sep 27 '21 at 19:05

1 Answers1

0

I think I finally found a solution to this. Debugging Grails I found this in AbstractHibernateDatastore.java:

Serializable currentId = Tenants.currentId(this);
if(ConnectionSource.DEFAULT.equals(currentId)) {
  disableMultiTenancyFilter();
}

Which gave me the idea to simply return ConnectionSource.DEFAULT instead of the tenant id from my tenant resolver, when I want to disable multitenancy (in my case when the current user is an admin).

A simple and straightforward solution, which works for Grails 4.0.12. I'll see if I can get it officially documented, since my admin use-case shouldn't be uncommon for multitenant applications.

wwwclaes
  • 1,152
  • 8
  • 12