Is there a way to enforce that all queries include a where clause on "tenantId"?
My question is exactly the same as this user:
https://github.com/drizzle-team/drizzle-orm/discussions/1539
I'm writing a single-database, multi-tenant app and would like to make sure every query contains a filter on tenantId so I don't accidentally show data from one tenant to another. Doesn't need to do anything fancy like rewrite the query, just check if it's there and throw an exception if it isn't. Ideally would be able to check that the correct tenantId is specified so would be great if the check could be changed on a request per request basis. Have commented on another discussion about hooks which feel like they could be a good way to achieve this, but thought I'd ask it as a separate question in case there already is a way to do this?Anyone in Discord knows the current solution for this or know if the team is working on this?
GitHub
Is there a way to enforce that all queries include a where clause o...
I'm writing a single-database, multi-tenant app and would like to make sure every query contains a filter on tenantId so I don't accidentally show data from one tenant to another. Doesn'...
2 Replies
okay wow, someone actually got it working: https://gist.github.com/ikupenov/10bc89d92d92eaba8cc5569013e04069
Gist
Intercepting Drizzle db calls
Intercepting Drizzle db calls. GitHub Gist: instantly share code, notes, and snippets.
ah but I see there is already an official-beta release coming: https://github.com/drizzle-team/drizzle-orm/discussions/2450#discussioncomment-10491262
maybe i'll wait for that
GitHub
[FEATURE]: Support PostgreSQL's Row Level Security (RLS) · drizzle-...
Describe want to want Supabase is really nicely using Row Level Secruity for granular authorization rules. 🔗 Here's the link to their docs: https://supabase.com/docs/guides/auth/row-level-secur...