Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Multi-Tenant] Filter OP resources by tenantId in Admin API calls #2929

Closed
Tracked by #2893
njlie opened this issue Aug 30, 2024 · 1 comment
Closed
Tracked by #2893

[Multi-Tenant] Filter OP resources by tenantId in Admin API calls #2929

njlie opened this issue Aug 30, 2024 · 1 comment
Assignees
@BlairCurrey
Labels
pkg: backend Changes in the backend package.

Comments

@njlie
Copy link
Contributor

njlie commented Aug 30, 2024
edited by BlairCurrey
Loading

The Rafiki Admin API should use the Kratos session token to retrieve and add a tenantId to the context. Resolvers should use this context to:

  • Only retrieve Open Payments resources that belong to that tenant (unless that tenant is also the instance operator).
  • It should prevent requests where provides a valid id is provided for an Open Payments resource, but that resource does not belong to that tenant. Return a Not Found response in this case.
  • When creating a new resource that requires a tenantId as database field, it should either:
    • Verify that the provided tenantId in the input matches the one added to the context, or is from an operator
    • Provided that tenantId from the context.
      • Maybe we could even remove tenantId as an input from all graphql inputs, and just include it in service requests by pulling it from the context at all times.

This logic should be applied to resolvers for:

  • Quotes
  • Incoming/Outgoing Payments
  • Wallet Addresses
@github-project-automation github-project-automation bot moved this to Backlog in Rafiki Aug 30, 2024
@njlie njlie mentioned this issue Aug 30, 2024
Open
38 tasks
@BlairCurrey BlairCurrey self-assigned this Oct 3, 2024
@BlairCurrey BlairCurrey moved this from Backlog to In Progress in Rafiki Oct 8, 2024
@njlie njlie mentioned this issue Oct 11, 2024
Closed
1 task
@BlairCurrey BlairCurrey mentioned this issue Oct 14, 2024
Draft
@njlie njlie added the pkg: backend Changes in the backend package. label Oct 18, 2024
@njlie njlie changed the title Filter OP resources by tenantId in Admin API calls [Multi-Tenant] Filter OP resources by tenantId in Admin API calls Nov 19, 2024
@njlie
Copy link
Contributor Author

njlie commented Nov 21, 2024

Superseded by #3119, #3118, #3117.

@njlie njlie closed this as not planned Won't fix, can't repro, duplicate, stale Nov 21, 2024
@github-project-automation github-project-automation bot moved this from Backlog to Done in Rafiki Nov 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BlairCurrey BlairCurrey

Labels
pkg: backend Changes in the backend package.
Projects
Rafiki
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BlairCurrey @njlie