This gem adds a patch to ActiveRecord that attempts to stop IDOR
problems in multi-tenant applications by adding a new AR attribute
type generated by the method firewalled_belongs_to
.
This plugin adds a method firewalled_belongs_to
to all ActiveRecord
models with the same usage as belongs_to
. firewalled_belongs_to
expects
that if you call firewalled_belongs_to :shop
in the Product
model, you will define Current.shop
. This will add a check each time a Product
object is loaded from the database to ensure that the associated Shop
object
has the ID of the current shop.
Contribution directions go here.
The gem is available as open source under the terms of the MIT License.