Question: How to implement permissions for a multi tenant application?

[KIC]

This is a great tool and takes away the burden of creating tons of reports for individual clients but just letting them make their own reports. However, there is also my point. How am I supposed to manage the fact that one client should only see his data? Is there some hook where I could change the query?

Another way would be to provide the queries and disallow the edit, but then there one would need a way to inject the current user as immutable variable. If there is currently no way to inject the user as fixed variable and since it is open source, where would you add (allow) such a feature to be added?

[chrisclark]

The app isn't really designed for multi-tenancy and there isn't a simple way to do this. For example, you would have to filter querylogs, connections, etc.

If you were only trying to display the results to particular users, that is (in theory) supported via the EXPLORER_GET_USER_QUERY_VIEWS settings, which you can set to a dictionary like:

{
userid1: [queryid1, queryid2],
userid2: [queryid2, queryid3]
}

It's a bit clunky in that you would likely have to modify the code each time you needed a permission change. You can see more how it is implemented here:

https://github.com/explorerhq/sql-explorer/blob/master/explorer/utils.py#L165

Let me know if that helps...

[KIC]

I think I would really need to intercept the query itself before it gets executed, maybe I would hook into get_final_sql?

sql-explorer/explorer/models.py

Line 96 in 910cb71

def final_sql(self):

but there I cant get the request context, can I?