Single level Multi Tenant
The AuthP library contains a IAuthTenantAdminService service that contains various admin features for managing multi-tenant systems. This document describes the single level multi-tenant admin services and give you some examples of how they might be used in an application.
The Example3 application provides an example single level multi-tenant application containing code to manage invoices. You can clone the https://github.com/JonPSmith/AuthPermissions.AspNetCore/ and run this application to see how it works.
NOTE: You must log in as '[email protected]' or '[email protected]' to access all the admin features, and other users (e.g. [email protected]) to work within a single multi-tenant set of data.
Here is a list of the various methods used to, with examples from Example3 application in the repo. These use methods in the IAuthTenantAdminService service. NOTE: The IAuthTenantAdminService contains comments on each method.
Say a new company wants to use your application, then you would create a new Tenant, which would provide a DataKey for filtering your application's data. To create a single level tenant you use the tenant admin AddSingleTenantAsync method (see code below). The tenant name must be unique. If it isn't the method returns an error in its status.
var status = await _authTenantAdmin.AddSingleTenantAsync(input.TenantName);A successful call to the AddSingleTenantAsync method will also call the CreateNewTenantAsync method in the your implementation of the ITenantChangeService interface (see Example3' ITenantChangeService implementation). This allows your own application data to create a local tenant entity with the tenant name, which can be useful if you want to show the tenant name in your app.
If you want to use tenant Roles (see this section in the docs which explains tenant Roles), then you have to provide the extra parameter tenantRoleNames to the AddSingleTenantAsync method, e.g.
var status = await _authTenantAdmin.AddSingleTenantAsync(input.TenantName, input.TenantRolesName);To make this work you need to use the tenant Admin method called GetRoleNamesForTenantsAsync, which provide the tenant Roles.
You can see this in Example3's TenantController with action method called Create.
You can delete a AuthP's Tenant (but only if no AuthP users are linked to this tenant) using the DeleteTenantAsync(int tenantId) method. This returns a IStatusGeneric<ITenantChangeService> result. If the status is valid (i.e. no errors), then it provides the instance of the ITenantChangeService you registered or updating to application data.
NOTE: If there are AuthP users are linked to this tenant the status returned will contain a list of errors containing the name of the AuthP user that is linked to this tenant.
Typically you would delete all the application data linked to this tenant your implementation of the HandleTenantDeleteAsync method (see Example3' ITenantChangeService implementation). That is the safest way, but if you DON'T want to delete the linked application data you could change your implementation of the HandleTenantDeleteAsync method to list the change in your ITenantChangeService implementation and show that to the admin user.
_NOTE: Deleting a tenant means the linked application data is inaccessible because the Tenant DataKey has gone. BUT any all ready logged in users linked to the deleted Tenant will still have the DataKey claim and those users can still access the linked application data.
AuthP's IAuthUsersAdminService contains code to edit an AuthP user, which includes adding / changing / removing a tenant to a user. The screenshot below come from Example3' AuthUsersController and shows a dropdown box for selecting the AuthP tenant for a user.
NOTE: If AuthP user hasn't got a Tenant class linked to it, then that user can't access any of the multi-tenant data.
There are three method for obtaining AuthP Tenants data:
-
QueryTenants(), which returns aIQueryable<Tenant>result. This allows you to list all the possible tenants. -
GetTenantViaIdAsync(int tenantId), which returns anIStatusGeneric<Tenant>result. If the status is valid, then it returns theTenantwith the giventenantId. This is useful for getting information to show prior to an update or delete. - The
IAuthUsersAdminServiceservice has aGetAllTenantNamesAsync()method which returns aList<string>result. This is useful for create dropdown lists as shown in the screenshot above.
There are two parts of a tenant that you can change:
For this you use the UpdateTenantNameAsync(int tenantId, string newTenantName) method, which returns a status. Calling the UpdateTenantNameAsync method will also call the HandleUpdateNameAsync method in the your implementation of the ITenantChangeService interface (see Example3' ITenantChangeService implementation). This allows your own application data to update any a local tenant entity with the tenant name change.
For this you use the UpdateTenantRolesAsync(int tenantId, List<string> newTenantRoleNames) method, which also returns a status. This replaces all the tenant Roles in the tenant, but it doesn't call your ITenantChangeService, as the change is only in the AuthP's database.
NOTE: You can find the current tenant Roles in a tenant via the GetRoleNamesForTenantsAsync method in the IAuthTenantAdminService service.
If you are using the UpdateTenantRolesAsync you will find the tenant admin method called GetRoleNamesForTenantsAsync, as this will provide you with the tenant Roles that can be added to a tenant.