Multi tenant backend - how to use update and destroy?

Question

Multi tenant backend - how to use update and destroy?

somecallmemike opened this issue 7 years ago · 1 comments

I am developing a system with multiple tenants, and one requirement is to only allow users to see and edit resources related to their company. For index() and show() this was simple enough using the Model.query() function and using their company_id as a parameter in the where function. But I am curious how I would go about refining the queries in the update() and destroy() functions? They appear to only take the id of the resource, so how would I go about restricting the use of these calls?

Answer 1 · 2017-07-11T20:23:30.000Z

Anyone there? Bueller?