hoppergee
diff --git a/‎CHANGELOG.md‎
Lines changed: 15 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 45 additions & 15 deletions b/‎README.md‎
Lines changed: 45 additions & 15 deletions
diff --git a/‎lib/multi-tenant-support.rb‎
Lines changed: 40 additions & 9 deletions b/‎lib/multi-tenant-support.rb‎
Lines changed: 40 additions & 9 deletions
diff --git a/‎lib/multi_tenant_support/concern/controller_concern.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/multi_tenant_support/concern/controller_concern.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/multi_tenant_support/concern/model_concern.rb‎
Lines changed: 43 additions & 31 deletions b/‎lib/multi_tenant_support/concern/model_concern.rb‎
Lines changed: 43 additions & 31 deletions
diff --git a/‎lib/multi_tenant_support/current.rb‎
Lines changed: 16 additions & 1 deletion b/‎lib/multi_tenant_support/current.rb‎
Lines changed: 16 additions & 1 deletion
@@ -1,5 +1,20 @@
 ## [Unreleased]
 
+## [1.4.0] - 2021-10-13
+
+#### Add
+
+- `MultiTenantSupport.set_current_tenant`
+- `MultiTenantSupport.without_current_tenant`
+- `MultiTenantSupport.full_protected?`
+- `MultiTenantSupport.unprotected?`
+- `MultiTenantSupport.turn_off_protection`
+- `MultiTenantSupport.turn_on_full_protection`
+
+#### Remove
+
+- `MultiTenantSupport.disallow_read_across_tenant?`
+
 ## [1.3.1] - 2021-10-10
 
 - Make ViewHelper work in both controller and view
 
@@ -240,18 +240,49 @@ end
 ### Set current tenant global
 
 ```ruby
-MultiTenantSupport::Current.tenant_account = account
+MultiTenantSupport.set_tenant_account(account)
 ```
 
-### Disallow read across tenant by default
+### Temp set current tenant to nil
 
-This gem disallow read across tenant by default. You can check current state through:
+```ruby
+MultiTenantSupport.without_current_tenant do
+  # ...
+end
+```
+
+### 3 protection states
+
+1. `MultiTenantSupport.full_protected?`
+2. `MultiTenantSupport.allow_read_across_tenant?`
+3. `MultiTenantSupport.unprotected?`
+
+#### Full protection(default)
+
+The default state is full protection. This gem disallow modify record across tenant by default.
+
+If `MultiTenantSupport.current_tenant` exist, you can only modify those records under this tenant, otherwise, you will get some errors like:
+
+- `MultiTenantSupport::MissingTenantError`
+- `MultiTenantSupport::ImmutableTenantError`
+- `MultiTenantSupport::NilTenantError`
+- `MultiTenantSupport::InvalidTenantAccess`
+- `ActiveRecord::RecordNotFound`
+
+If `MultiTenantSupport.current_tenant` is missing, you cannot modify or create any tenanted records.
+
+If you switched to other state, you can switch back through:
 
 ```ruby
-MultiTenantSupport.disallow_read_across_tenant?
+MultiTenantSupport.turn_on_full_protection
+
+# Or
+MultiTenantSupport.turn_on_full_protection do
+  # ...
+end
 ```
 
-### Allow read across tenant for super admin
+#### Allow read across tenant for super admin
 
 You can turn on the permission to read records across tenant through: 
 
@@ -266,19 +297,18 @@ end
 
 You can put it in a before action in SuperAdmin's controllers
 
-### Disallow modify records tenant
+#### Turn off protection
 
-This gem disallow modify record across tenant no matter you are super admin or not.
+Sometimes, as a super admin, we need to execute certain maintenatn operations over all tenant records. You can do this through:
 
-If `MultiTenantSupport.current_tenant` exist, you can only modify those records under this tenant, otherwise, you will get some errors like:
-
-- `MultiTenantSupport::MissingTenantError`
-- `MultiTenantSupport::ImmutableTenantError`
-- `MultiTenantSupport::NilTenantError`
-- `MultiTenantSupport::InvalidTenantAccess`
-- `ActiveRecord::RecordNotFound`
+```ruby
+MultiTenantSupport.turn_off_protection
 
-If `MultiTenantSupport.current_tenant` is missing, you cannot modify or create any tenanted records.
+# Or
+MultiTenantSupport.turn_off_protection do
+  # ...
+end
+```
 
 ### Set current tenant acccount in controller by default
 
 
@@ -26,39 +26,70 @@ def current_tenant_id
     Current.tenant_account&.send(model.tenant_account_primary_key)
   end
 
+  def set_current_tenant(tenant)
+    Current.tenant_account = tenant
+    Current.protection_state = PROTECTED
+  end
+
   def under_tenant(tenant_account, &block)
     raise ArgumentError, "block is missing" if block.nil?
 
-    Current.set(tenant_account: tenant_account) do
+    Current.set(tenant_account: tenant_account, protection_state: PROTECTED) do
+      yield
+    end
+  end
+
+  def without_current_tenant(&block)
+    raise ArgumentError, "block is missing" if block.nil?
+
+    Current.set(tenant_account: nil) do
       yield
     end
   end
 
+  def full_protected?
+    current_tenant || Current.protection_state == PROTECTED
+  end
+
   def allow_read_across_tenant?
-    !disallow_read_across_tenant?
+    current_tenant.nil? && [PROTECTED_EXCEPT_READ, UNPROTECTED].include?(Current.protection_state)
   end
 
-  def disallow_read_across_tenant?
-    !Current.allow_read_across_tenant
+  def unprotected?
+    current_tenant.nil? && Current.protection_state == UNPROTECTED
   end
 
-  def disallow_read_across_tenant
+  def turn_off_protection
+    raise 'Cannot turn off protection, try wrap in without_current_tenant' if current_tenant
+
     if block_given?
-      Current.set(allow_read_across_tenant: false) do
+      Current.set(protection_state: UNPROTECTED) do
         yield
       end
     else
-      Current.allow_read_across_tenant = false
+      Current.protection_state = UNPROTECTED
     end
   end
 
   def allow_read_across_tenant
+    raise 'Cannot read across tenant, try wrap in without_current_tenant' if current_tenant
+
+    if block_given?
+      Current.set(protection_state: PROTECTED_EXCEPT_READ) do
+        yield
+      end
+    else
+      Current.protection_state = PROTECTED_EXCEPT_READ
+    end
+  end
+
+  def turn_on_full_protection
     if block_given?
-      Current.set(allow_read_across_tenant: true) do
+      Current.set(protection_state: PROTECTED) do
         yield
       end
     else
-      Current.allow_read_across_tenant = true
+      Current.protection_state = PROTECTED
     end
   end
 
 
@@ -12,7 +12,7 @@ module ControllerConcern
 
       def set_current_tenant_account
         tenant_account = find_current_tenant_account
-        MultiTenantSupport::Current.tenant_account = tenant_account
+        MultiTenantSupport.set_current_tenant(tenant_account)
         instance_variable_set("@#{MultiTenantSupport.current_tenant_account_method}", tenant_account)
       end
 
 
@@ -18,7 +18,7 @@ def belongs_to_tenant(name, **options)
 
       def set_default_scope_under_current_tenant(foreign_key)
         default_scope lambda {
-          if MultiTenantSupport.disallow_read_across_tenant? || MultiTenantSupport.current_tenant
+          if MultiTenantSupport.full_protected?
             scope_under_current_tenant
           else
             where(nil)
@@ -37,7 +37,7 @@ def set_default_scope_under_current_tenant(foreign_key)
 
         override_unscoped = Module.new {
           define_method :unscoped do |&block|
-            if MultiTenantSupport.disallow_read_across_tenant? || MultiTenantSupport.current_tenant
+            if MultiTenantSupport.full_protected?
               block ? relation.scope_under_current_tenant.scoping { block.call } : relation.scope_under_current_tenant
             else
               super(&block)
@@ -48,13 +48,13 @@ def set_default_scope_under_current_tenant(foreign_key)
 
         override_insert_all = Module.new {
           define_method :insert_all do |attributes, **arguments|
-            raise MissingTenantError unless MultiTenantSupport.current_tenant
+            raise MissingTenantError unless MultiTenantSupport.unprotected? || MultiTenantSupport.current_tenant
 
             super(attributes, **arguments)
           end
 
           define_method :insert_all! do |attributes, **arguments|
-            raise MissingTenantError unless MultiTenantSupport.current_tenant
+            raise MissingTenantError unless MultiTenantSupport.unprotected? || MultiTenantSupport.current_tenant
 
             super(attributes, **arguments)
           end
@@ -63,50 +63,49 @@ def set_default_scope_under_current_tenant(foreign_key)
 
         override_upsert_all = Module.new {
           define_method :upsert_all do |attributes, **arguments|
-            warn "[WARNING] You are using upsert_all(or upsert) which may update records across tenants"
+            warn "[WARNING] You are using upsert_all(or upsert) which may update records across tenants" unless MultiTenantSupport.unprotected?
 
             super(attributes, **arguments)
           end
         }
         extend override_upsert_all
 
         after_initialize do |object|
-          if MultiTenantSupport.disallow_read_across_tenant? || object.new_record?
-            raise MissingTenantError unless MultiTenantSupport.current_tenant
-            raise InvalidTenantAccess if object.send(foreign_key) != MultiTenantSupport.current_tenant_id
-          end
+          next if object.new_record? && MultiTenantSupport.unprotected?
+          next if object.persisted? && MultiTenantSupport.allow_read_across_tenant?
+
+          raise MissingTenantError unless MultiTenantSupport.current_tenant
+          raise InvalidTenantAccess if object.send(foreign_key) != MultiTenantSupport.current_tenant_id
         end
 
         before_save do |object|
+          next if MultiTenantSupport.unprotected?
+
           raise MissingTenantError unless MultiTenantSupport.current_tenant
           raise NilTenantError if object.send(foreign_key).nil?
           raise InvalidTenantAccess if object.send(foreign_key) != MultiTenantSupport.current_tenant_id
         end
 
         override_update_columns_module = Module.new {
           define_method :update_columns do |attributes|
-            raise MissingTenantError unless MultiTenantSupport.current_tenant
-            raise NilTenantError if send(foreign_key).nil?
-            raise InvalidTenantAccess if send(foreign_key) != MultiTenantSupport.current_tenant_id
+            unless MultiTenantSupport.unprotected?
+              raise MissingTenantError unless MultiTenantSupport.current_tenant
+              raise NilTenantError if send(foreign_key).nil?
+              raise InvalidTenantAccess if send(foreign_key) != MultiTenantSupport.current_tenant_id
+            end
 
             super(attributes)
           end
-
-          define_method :update_column do |name, value|
-            raise MissingTenantError unless MultiTenantSupport.current_tenant
-            raise NilTenantError if send(foreign_key).nil?
-            raise InvalidTenantAccess if send(foreign_key) != MultiTenantSupport.current_tenant_id
-
-            super(name, value)
-          end
         }
 
         include override_update_columns_module
 
         override_delete = Module.new {
           define_method :delete do
-            raise MissingTenantError unless MultiTenantSupport.current_tenant
-            raise InvalidTenantAccess if send(foreign_key) != MultiTenantSupport.current_tenant_id
+            unless MultiTenantSupport.unprotected?
+              raise MissingTenantError unless MultiTenantSupport.current_tenant
+              raise InvalidTenantAccess if send(foreign_key) != MultiTenantSupport.current_tenant_id
+            end
 
             super()
           end
@@ -115,26 +114,33 @@ def set_default_scope_under_current_tenant(foreign_key)
 
         override_delete_by = Module.new {
           define_method :delete_by do |*args|
-            raise MissingTenantError unless MultiTenantSupport.current_tenant
+            unless MultiTenantSupport.unprotected?
+              raise MissingTenantError unless MultiTenantSupport.current_tenant
+            end
 
             super(*args)
           end
         }
         extend override_delete_by
 
         before_destroy do |object|
-          raise MissingTenantError unless MultiTenantSupport.current_tenant
-          raise InvalidTenantAccess if object.send(foreign_key) != MultiTenantSupport.current_tenant_id
+          unless MultiTenantSupport.unprotected?
+            raise MissingTenantError unless MultiTenantSupport.current_tenant
+            raise InvalidTenantAccess if object.send(foreign_key) != MultiTenantSupport.current_tenant_id
+          end
         end
       end
 
       def set_tenant_account_readonly(tenant_name, foreign_key)
         readonly_tenant_module = Module.new {
 
           define_method "#{tenant_name}=" do |tenant|
+            return super(tenant_account) if MultiTenantSupport.unprotected?
+
             raise NilTenantError if tenant.nil?
             raise MissingTenantError unless MultiTenantSupport.current_tenant
 
+
             if new_record? && tenant == MultiTenantSupport.current_tenant
               super tenant
             else
@@ -143,6 +149,8 @@ def set_tenant_account_readonly(tenant_name, foreign_key)
           end
 
           define_method "#{foreign_key}=" do |key|
+            return super(tenant_account) if MultiTenantSupport.unprotected?
+
             raise NilTenantError if key.nil?
             raise MissingTenantError unless MultiTenantSupport.current_tenant
 
@@ -170,9 +178,11 @@ def set_tenant_account_readonly(tenant_name, foreign_key)
 
   override_delete_all = Module.new {
     define_method :delete_all do
-      current_tenant_exist = MultiTenantSupport.current_tenant
-      is_global_model = !MultiTenantSupport.model.tenanted_models.include?(klass.name)
-      raise MultiTenantSupport::MissingTenantError unless current_tenant_exist || is_global_model
+      unless MultiTenantSupport.unprotected?
+        current_tenant_exist = MultiTenantSupport.current_tenant
+        is_global_model = !MultiTenantSupport.model.tenanted_models.include?(klass.name)
+        raise MultiTenantSupport::MissingTenantError unless current_tenant_exist || is_global_model
+      end
 
       super()
     end
@@ -181,9 +191,11 @@ def set_tenant_account_readonly(tenant_name, foreign_key)
 
   override_update_all = Module.new {
     define_method :update_all do |updates|
-      current_tenant_exist = MultiTenantSupport.current_tenant
-      is_global_model = !MultiTenantSupport.model.tenanted_models.include?(klass.name)
-      raise MultiTenantSupport::MissingTenantError unless current_tenant_exist || is_global_model
+      unless MultiTenantSupport.unprotected?
+        current_tenant_exist = MultiTenantSupport.current_tenant
+        is_global_model = !MultiTenantSupport.model.tenanted_models.include?(klass.name)
+        raise MultiTenantSupport::MissingTenantError unless current_tenant_exist || is_global_model
+      end
 
       super(updates)
     end
 
@@ -1,8 +1,23 @@
 require 'active_support'
 
 module MultiTenantSupport
+
+  # Scoped and proteced
+  PROTECTED = 1
+
+  # Scoped and protected except read across tenant
+  PROTECTED_EXCEPT_READ = 2
+
+  # Scoped but unprotected
+  UNPROTECTED = 3
+
+  # This class is for internal usage only
   class Current < ActiveSupport::CurrentAttributes
     attribute :tenant_account,
-              :allow_read_across_tenant
+              :protection_state
+
+    def protection_state
+      attributes[:protection_state] ||= PROTECTED
+    end
   end
 end