🏒
Organizations & Multitenancy
We have provided a basic structure for organizations, which are basically groups of people. Often user want to create some kind of organization (eg. a company), and then invite their teammates into it. This is a step towards multi-tenancy, with an organization representing a tenant.
If you were introducing a payment system, it would likely be associated with the org (we will implement this in v1.3.0.

Database structure

A look at how the data is organized

Org routes

The following routes are provided:
1
live "/org/new", NewOrgLive
2
live "/org/:org_slug", OrgDashboardLive
3
live "/org/:org_slug/edit", EditOrgLive
4
live "/org/:org_slug/team", OrgTeamLive, :index
5
live "/org/:org_slug/team/invite", OrgTeamLive, :invite
6
live "/org/:org_slug/team/memberships/:id/edit", OrgTeamLive, :edit_membership
Copied!
This provides some basic functionality to get you started:
  • Any user can CRUD an org
  • Basic roles (admin & member)
  • Members can create invitations for new members
  • Invitations turn into memberships upon acceptance
  • Admins can delete memberships

Org plugs

We have some plugs to help with assigning org related data

assign_org_data

This will assign to the conn:
Assigns
When
Description
@orgs
Always
A list of orgs the current_user is in
@current_membership
Only if :org_slug is in the route
The current user's membership with the current org (using the provided slug).
@current_org
Only if :org_slug is in the route
The current org (using the provided slug)

require_org_member

This makes sure the current_user is a member of the current org (determined by the URL param :org_slug). The path must have :org_slug in it.

require_org_admin

Same as require_org_member above but the user must have a role of admin on their membership for the org.

Org on_mount hooks

You can run on_mount hooks in your live_session calls. For example:
1
live_session :require_confirmed_user,
2
on_mount: [
3
{PetalProWeb.UserOnMountHooks, :require_confirmed_user},
4
{PetalProWeb.OrgOnMountHooks, :assign_org_data}
5
] do
6
live "/org/new", NewOrgLive
7
# page_builder:live:protected
8
end
Copied!
We have hooks matching the plugs above:

Multi-tenancy

Currently you can only see your current org if you are in a route scoped to that org (/:org_slug/page), with the org slug representing the tenant (org).
There are several options when it comes to identifying the current org (listed below). Please let us know if you want more options supported. We have a feedback form here.

1. Params (supported)

Load the org from a body or query param (how it's currently done).
1
/org/my-org/path_x
2
/org/my-org/path_y
3
/org/my-org/path_z/:some_param
Copied!

2. Session (not yet supported)

Set the current org as a cookie and fetch it in the plug from the cookie. Then you don't have to scope the route:
1
/path_x
2
/path_y
3
/path_z/:some_param
Copied!
You will need to create a plug that sets the current org - you could use set_locale_plug.ex as inspiration.

3. Subdomain (not yet supported)

Set the tenant slug as a subdomain. Similar to "params" but means you don't have to scope all of your routes.
1
my-org.yourdomain.com/path_x
2
my-org.yourdomain.com/path_y
3
my-org.yourdomain.com/path_z/:some_param
Copied!
You would need to create a plug to do this.

How to prevent data leakage - true multi-tenancy

Currently, all your orgs (tenants) data is in one database. It is up to you to scope all of your Ecto queries to ensure the data shown on the page belongs to the right org.
A potentially safer option is to make a new Postgres Schema per tenant with the help of Triplex. In which case your queries will be like this:
1
Repo.all(User, prefix: Triplex.to_prefix("my_tenant"))
2
Repo.get!(User, 123, prefix: Triplex.to_prefix("my_tenant"))
Copied!
Triplex provides some plugs to help set the org:
1
- `Triplex.ParamPlug` - loads the tenant from a body or query param
2
- `Triplex.SessionPlug` - loads the tenant from a session param
3
- `Triplex.SubdomainPlug` - loads the tenant from the url subdomain
4
- `Triplex.EnsurePlug` - ensures the current tenant is loaded and halts if not
Copied!
If you are unsure about multi-tenancy, this blog post explains the different approaches well.

Removing organizations

You will have to extract orgs out of your code. This will take approximately 15 minutes. If you have time, consider letting us know at [email protected] if you do this so we can get an idea of how many people are doing it (if it's a lot, then we will consider making it easier to delete).

Steps to delete

Delete the migrations:
Delete files and folders related to orgs:
Remove references in user.exand log.ex:
From here, you can just do a global search for "org" and delete what's left.
  • Accounts.preload_org_data/2.
  • Router org routes.
  • Router.assign_org_data/2 plug.
  • Reference in Logs.build/2.
  • Org related logs in log.ex - @action_options
  • UserNotifier.deliver_org_invitation/3
  • Delete org_seeder.ex
  • References in seeds.exs
  • References in email_testing_controller.ex
  • References in email.ex
  • Email template: org_invitation.html.heex
  • Test folder:
    • org_team_live_test.exs
    • orgs_fixtures.ex
    • dashboard_live_test.exs