-
Notifications
You must be signed in to change notification settings - Fork 48
Home
Tim Donohue edited this page Apr 27, 2017
·
28 revisions
The Apartment gem segments the application into one or more Apartment tenants.
Account is a global model, i.e., one that isn't scoped to an Apartment tenant. An Account has one or more Apartment tenants.
Site is a singleton that we use to effectively namespace, e.g., application_name values. A Site maps 1-to-1 onto an Apartment tenant. A Site belongs to an Account.
User has one or more Roles. Users are defined within Apartment tenant scope.
Some Roles are scoped to Sites; some aren't. There is a many-to-many relationship between Roles and Users. We currently have two Roles defined: Site admins and superadmins.
Abilities use Roles to make authorization decisions on Resources (terminology from the rolify gem).
- Set up some localhost IPs (one per tenant) in /etc/hosts, e.g.:
127.0.2.1 foo 127.0.3.1 bar- On OSX 10.11.6, it was also necessary to disable low level packet filtering to allow connections to the additional local IPs, as documented here:
sudo pfctl -d
- On OSX 10.11.6, it was also necessary to disable low level packet filtering to allow connections to the additional local IPs, as documented here:
- Flip the
multitenancy.enabledsetting in config/settings.yml totrue(but don't commit this later) - When starting Hyku, be sure to bind the rails server to 0.0.0.0 so that all of your tenants respond to HTTP requests:
rails s -b 0.0.0.0 - To manage your tenants, you'll want to have at least one SuperAdmin user. So, grant one of your users "superadmin" rights. (Note: The square brackets around the email address are
required)
rake superadmin:grant[user@email.org]