I am trying to build an app to only allow users from a specific domain to log in. So only ****@foo.com could log in to this site.
My problem is that I am working on building a multi-tenant app and I guess my DB skills aren’t strong enough to create that separation on the DB site so when “Foo.com” logs in they only access what they are allowed to see.
Please help! I am learning as I go so be nice.
Hi @mark1
Have you gone through this section of the docs?
https://anvil.works/docs/users/permissions#user-permissions
This tutorial is also really good.
You may have to write some code to extract the domain programmatically and store it in the users row as part of the sign up process. Hope this helps
hey @ [rickhurlbatt],
Thanks for the reply. This tutorial was great. I understand now, but I am having trouble with the code to extract the domain. I was using something pretty rudimentary and it isn’t working of course. Was basically trying to see if I could call the user and pull the domain name from the current user and pull back the specific row with the name of their domain. Does that make sense?
current_user = anvil.users.get_user()
domain = current_user[current_user.index('@') + 1 : ]
Any pointers?
Thanks for that, but I am still having an issue.
Maybe I am being unclear or dense. But let’s say I had a form that updated a singled row in a table for a particular domain. How would I check to make sure that the user is able to access that row real-time by their domain name and then grant them access to that row? What am I doing wrong?
second question: Is there a way to automatically grant people access to a linked row? I didn’t see this in the documentation.
You’re not being dense. I was being too short. There’s a lot of relevant, unstated context here. I’ll try to fix some of that. Apologies in advance for the length.
Second question first: Anvil doesn’t have traditional multi-user SQL database “GRANT” statements. So “grant … access” has no built-in meaning, and there are no built-in functions to call to accomplish that. If you searched for “grant”, and didn’t find much that was useful, that’s probably why.
Anvil has its own, simpler, security model. See Building Secure Apps and Data Security.
For example, if the Client receives a row, and that row has a link to to some other row, then the Client can follow that link. (Whether you want them to be able to, or not, is a separate issue.) That row may contain its own links, so this can go on until you run out of links.
On the flip side, you get to design and build the architecture and behaviors you want to see, on top of Anvil’s. That includes any additional, app-specific security (access-control) behaviors, such as domain-name checks, and the recordkeeping you’ll need to support those behaviors.
In one approach, you add, to each row, a list of the domains that are allowed to access it. This would be an additional column in that table. The flip side is, you might have to update this column a lot.
In another approach, each domain gets its own table. This might be appropriate if each row is specific to a single domain.
In yet another, each domain gets a list of tables, whose rows it can access.
There’s no one-size-fits-all answer, no single “how do I do it” that’s good for every case. This really is something you should design yourself, to fit your specific context.