Activerecord::Firewall

This gem adds a patch to ActiveRecord that attempts to stop IDOR problems in multi-tenant applications by adding a new AR attribute type generated by the method firewalled_belongs_to.

Usage

This plugin adds a method firewalled_belongs_to to all ActiveRecord models with the same usage as belongs_to. firewalled_belongs_to expects that if you call firewalled_belongs_to :shop in the Product model, you will define Current.shop. This will add a check each time a Product object is loaded from the database to ensure that the associated Shop object has the ID of the current shop.

Contributing

Contribution directions go here.

License

The gem is available as open source under the terms of the MIT License.