Turns out this is a tricky problem.
What I’d like to do is have tenancy at the table level with a
tenant_id. That’s easy enough, just add the column and an index, and you’re done!
But the real problem is enforcing that right. If you ever forget to scope a query to the correct tenant you’re going to accidentally leak customer data and that simply cannot happen.
Then there’s also the case of wanting certain tables not to be scoped by a tenant.
Is there any way to do this with Ecto to protect all forms of reads and writes? One that ensures any query gets modified to scope the tenant in without having to add it to every query you run.
I know there’s https://hexdocs.pm/ecto/Ecto.Repo.html#c:prepare_query/3 but from the looks of this it might not be bullet proof because how would you account for scoping the tenant in joins or preloads?
I know postgres has schemas and there’s also using separate databases for each tenant but neither of these are strategies I want to use.
Rails solves this with acts_as_tenant but I haven’t found anything comparable in Elixir.