User with same email on different tenants not possible
silveltman opened this issue · 1 comments
When a user is created in a specific tenant, it cannot be created with the same email on another tenant. For backend users (user editing via the payload admin panel) this is not a problem, but it is a problem for front-end users (customers that log into an ecommerce site).
As I see it we can fix this in a couple of ways:
- Allow for multiple users with the same email, while they have a different ID (seems vulnerable and don't think this is possible with payload)
- Have the tenancy plugin add the tenant slug before of after the email, so test@gmail becomes mytenant-test@gmail.com.
- Have the tenancy plugin create a sepereate auth collection for each tenant. I think this is the best option of the 3, so let me elaborate:
How I see option 3 would start by adding a config option to this plugin which allows us to choose which auth collection should be used to set the tenant and filter the docs in each collection. So:
plugins: [tenancy({ authCollection: "users" })],
Then we can create a seperate auth collection in payload for the frontend, which we call customers
in this case.
This plugin would then need to create a collection named mytenant-customers
and route the api request to the correct ones.
Pro: seems like easiest of the 3 to make
Con: Not in line with the nature of this plugin, which is filtering the same collection, not creating new ones
Would love to hear what you think!
This is definitely an interesting problem. Some thoughts:
- Option 1 wouldn't work. I tried and it seems that auth collection email field is not modifiable.
- Option 2 can be done probably, although the value in the database would then be incorrect and would be corrected using hooks. I think it's sub-optimal.
- Option 3 is problematic since collections cannot be added at runtime.
- I was thinking, that what if users are promoted to root tenant. Then they would be able to access any tenant with the same account. That might be problematic in large number of cases though where the user thinks they are registering to a single service.
- Best solution I think is to open issue in Payload's repository for improvement to the core to allow modification of email field. That way the email field can be set to non-unique. There needs to be custom validation in that case to disallow multiple account with the same email on same tenant. But that should be it.