Hi, I am working on supporting Multi Tenancy in Apache ISIS I have tried both 1) ApplicationTenancyEvaluator and 2) HasAtPath interfaces to control what the logged in user can see or execute.
I have been able to make them work to an acceptable state but I face issue when I come across collections that are part of the entity I am evaluating. My Domain model has Patient / Practitioner entity both these entity can be associated with Different Practices at the same time. Example : PractitionerA belongs to PracticeA and PracticeB both, logged in User has “Role” to Access PracticeA. Issue with ApplicationTenancyEvaluator : since Practitioner and Practice have many to many relation even if the role has access to only one practice I’ll end up displaying PracticeB on wicket viewer which I want to prevent, Is it possible ? Issue with HasAtPath : I am creating Path programmatically with pattern as : ORG/org/PRACTICE/<practiceName>/ pattern which models a tree, then I can control user access to more than one Patient data if user at path is /ORG/org Or restrict access to one practice /ORG/org/PRACTICE/practiceA If the Patient Entity is associated with more than one practice My logic will Break as I would not know what should be the context for the for ORG/org/PRACTICE/<WhatShouldBeHere?> Does anyone have a better solution to tackle tenancy for a Collection within an entity? Regards Nikhil
