Sails: How to support multi tenant application?

If I'm reading this correctly its usually common to just use a userId column in your schema and rely on the authenticated user's ID to select data. I'd recommend throwing this up on Stackoverflow too.

Haven't heard the word before but its pretty standard: http://en.wikipedia.org/wiki/Multitenancy

I did a few things for this. I separate everything by Company (equivalent to tenant probably). So I have a companyId on every table.

Then I have a policy that checks if a person is logged in and if they are it sets the companyId on the req.options.where object as such

req.options.where = _.assign({companyId : req.session.user.company.id}, req.options.where);

This ensures all blueprint find actions will include their companyId, restricting access to just their company records. I then modified sails baked in blueprints actions to that all findOne actions all have this restriction. I have effectivaly limited a users access to only their own company.

I then roll two more policies that effectively pull companyId out of any update action, so I make sure they can't modify the companyId of any record and another policy that will insert companyId on any create record.

My blue print actions are here if you want to check them out, still a work in progress
https://github.com/randallmeeker/SailsBluePrintActions

@randallmeeker, sounds like a good start.

@kesavkolla this kind of discussion is more appropriate for our Google Group or our IRC channel (irc://irc.freenode.org/sailsjs). We try to keep this forum strictly for bug reports and feature requests to help manage the load on our maintainers. Thanks!

I have submitted a Pull Request to Waterline: https://github.com/balderdashy/waterline/pull/787

I will be also submitting a Pull Request to Sails to update Blueprints to support Multi-Tenancy.