/** * beforeSave callback * * Prevent saving if the context is not global * * @param \Cake\Event\Event $event The beforeSave event that was fired. * @param \Cake\ORM\Entity $entity The entity that was saved. * @return void */ public function beforeSave(Event $event, Entity $entity, $options) { if (MTApp::getContext() == 'tenant') { //save new operation $field = $this->config('foreign_key_field'); if ($entity->isNew()) { // Model is no required to have a foreign_key_field to tenant, // But if one exists we will update it // no overwrite, if foreign_keyfield has an assigned value, do nothing if ($entity->{$field} === null) { $entity->{$field} = MTApp::tenant()->id; } } } return true; }
/** * beforeDelete callback * * Prevent delete if the record is global * Prevent delete if the record belongs to another tenant * * @param \Cake\Event\Event $event The beforeDelete event that was fired. * @param \Cake\ORM\Entity $entity The entity that was saved. * @return void */ public function beforeDelete(Event $event, Entity $entity, $options) { if (MTApp::getContext() == 'tenant') { $field = $this->config('foreign_key_field'); //tenant cannot delete global records if he is not the onwer of the global tenant if ($entity->{$field} == $this->config('global_value') && MTapp::tenant()->id != $this->config('global_value')) { return false; } //paranoid check of ownership if ($entity->{$field} != MTApp::tenant()->id) { //current tenant is NOT owner throw new DataScopeViolationException('Tenant->id:' . MTApp::tenant()->id . ' does not own ' . $this->_table->alias() . '->id:' . $entity->id); } } return true; }
/** * beforeDelete callback * * Prevent delete if the context is not global * * @param \Cake\Event\Event $event The beforeDelete event that was fired. * @param \Cake\ORM\Entity $entity The entity that was saved. * @return void */ public function beforeDelete(Event $event, Entity $entity, $options) { if (MTApp::getContext() == 'tenant') { $field = $this->config('foreign_key_field'); //paranoid check of ownership if ($entity->{$field} != MTApp::tenant()->id) { //current tenant is NOT owner throw new DataScopeViolationException('Tenant->id:' . MTApp::tenant()->id . ' does not own ' . $this->_table->alias() . '->id:' . $entity->id); } } else { throw new DataScopeViolationException('Tenant Scoped accessed globally'); } return true; }
<?php /** * MultiTenant Plugin * Copyright (c) PRONIQUE Software (http://pronique.com) * * Licensed under The MIT License * For full copyright and license information, please see the LICENSE.txt * Redistributions of files must retain the above copyright notice. * * @copyright Copyright (c) PRONIQUE Software (http://pronique.com) * @link http://github.com/pronique/multitenant MultiTenant Plugin Project * @since 0.5.1 * @license http://www.opensource.org/licenses/mit-license.php MIT License */ namespace MultiTenant\Config; use MultiTenant\Core\MTApp; use Cake\Configure\Engine\PhpConfig; use Cake\Core\Configure; MTApp::config(Configure::consume('MultiTenant'));
/** * beforeDelete callback * * Prevent delete in the tenant context * * @param \Cake\Event\Event $event The beforeDelete event that was fired. * @param \Cake\ORM\Entity $entity The entity that was saved. * @return void */ public function beforeDelete(Event $event, Entity $entity, $options) { if (MTApp::getContext() == 'tenant') { return false; } return true; }