Add an interface to manage tenants

Note we aren't allowing to delete a tenant because it would delete all
its data, so this action is a very dangerous one. We might need to add a
warning when creating a tenant, indicating the tenant cannot be
destroyed. We can also add an action to delete a tenant which forces the
admin to write the name of the tenant before deleting it and with a big
warning about the danger of this operation.

For now, we're letting administrators of the "main" (default) tenant to
create other tenants. However, we're only allowing to manage tenants
when the multitenancy configuration option is enabled. This way the
interface won't get in the way on single-tenant applications.

We've thought about creating a new role to manage tenants or a new URL
out of the admin area. We aren't doing so for simplicity purposes and
because we want to keep CONSUL working the same way it has for
single-tenant installations, but we might change it in the future.
There's also the fact that by default we create one user with a known
password, and if by default we create a new role and a new user to
handle tenants, the chances of people forgetting to change the password
of one of these users increases dramatically, particularly if they
aren't using multitenancy.

app/components/admin/menu_component.html.erb

@@ -110,6 +110,7 @@
     <a href="#" class="settings-link"><%= t("admin.menu.title_settings") %></a>
     <%= link_list(
       settings_link,
+      tenants_link,
       tags_link,
       geozones_link,
       images_link,

app/components/admin/menu_component.rb

@@ -1,5 +1,6 @@
 class Admin::MenuComponent < ApplicationComponent
   include LinkListHelper
+  delegate :can?, to: :helpers
 
   private
 
@@ -32,8 +33,8 @@ class Admin::MenuComponent < ApplicationComponent
     end
 
     def settings?
-      controllers_names = ["settings", "tags", "geozones", "images", "content_blocks",
+      controllers_names = ["settings", "tenants", "tags", "geozones", "images",
-                           "local_census_records", "imports"]
+                           "content_blocks", "local_census_records", "imports"]
       controllers_names.include?(controller_name) &&
         controller.class.module_parent != Admin::Poll::Questions::Answers
     end
@@ -300,6 +301,16 @@ class Admin::MenuComponent < ApplicationComponent
       ]
     end
 
+    def tenants_link
+      if can?(:read, Tenant)
+        [
+          t("admin.menu.multitenancy"),
+          admin_tenants_path,
+          controller_name == "tenants"
+        ]
+      end
+    end
+
     def tags_link
       [
         t("admin.menu.proposals_topics"),

app/components/admin/tenants/edit_component.html.erb

@@ -0,0 +1,3 @@
+<%= back_link_to admin_tenants_path %>
+<%= header %>
+<%= render Admin::Tenants::FormComponent.new(tenant) %>

app/components/admin/tenants/edit_component.rb

@@ -0,0 +1,12 @@
+class Admin::Tenants::EditComponent < ApplicationComponent
+  include Header
+  attr_reader :tenant
+
+  def initialize(tenant)
+    @tenant = tenant
+  end
+
+  def title
+    tenant.name
+  end
+end

app/components/admin/tenants/form_component.html.erb

@@ -0,0 +1,7 @@
+<%= form_for [:admin, tenant] do |f| %>
+  <%= render "shared/errors", resource: tenant %>
+
+  <%= f.text_field :name %>
+  <%= f.text_field :schema %>
+  <%= f.submit %>
+<% end %>

app/components/admin/tenants/form_component.rb

@@ -0,0 +1,7 @@
+class Admin::Tenants::FormComponent < ApplicationComponent
+  attr_reader :tenant
+
+  def initialize(tenant)
+    @tenant = tenant
+  end
+end

app/components/admin/tenants/index_component.html.erb

@@ -0,0 +1,27 @@
+<%= header do %>
+  <%= link_to t("admin.tenants.index.create"), new_admin_tenant_path %>
+<% end %>
+
+<table>
+  <thead>
+    <tr>
+      <th><%= attribute_name(:name) %></th>
+      <th><%= attribute_name(:schema) %></th>
+      <th><%= t("admin.shared.actions") %></th>
+    </tr>
+  </thead>
+
+  <tbody>
+    <% @tenants.each do |tenant| %>
+      <tr id="<%= dom_id(tenant) %>">
+        <td><%= tenant.name %></td>
+        <td><%= tenant.schema %></td>
+        <td>
+          <%= render Admin::TableActionsComponent.new(tenant, actions: [:edit]) do |actions| %>
+            <%= actions.action(:show, text: t("admin.shared.view"), path: root_url(host: tenant.host)) %>
+          <% end %>
+        </td>
+      </tr>
+    <% end %>
+  </tbody>
+</table>

app/components/admin/tenants/index_component.rb

@@ -0,0 +1,18 @@
+class Admin::Tenants::IndexComponent < ApplicationComponent
+  include Header
+  attr_reader :tenants
+
+  def initialize(tenants)
+    @tenants = tenants
+  end
+
+  def title
+    t("admin.menu.multitenancy")
+  end
+
+  private
+
+    def attribute_name(attribute)
+      Tenant.human_attribute_name(attribute)
+    end
+end

app/components/admin/tenants/new_component.html.erb

@@ -0,0 +1,3 @@
+<%= back_link_to admin_tenants_path %>
+<%= header %>
+<%= render Admin::Tenants::FormComponent.new(tenant) %>

app/components/admin/tenants/new_component.rb

@@ -0,0 +1,12 @@
+class Admin::Tenants::NewComponent < ApplicationComponent
+  include Header
+  attr_reader :tenant
+
+  def initialize(tenant)
+    @tenant = tenant
+  end
+
+  def title
+    t("admin.tenants.new.title")
+  end
+end

app/controllers/admin/tenants_controller.rb

@@ -0,0 +1,35 @@
+class Admin::TenantsController < Admin::BaseController
+  load_and_authorize_resource
+
+  def index
+    @tenants = @tenants.order(:name)
+  end
+
+  def new
+  end
+
+  def edit
+  end
+
+  def create
+    if @tenant.save
+      redirect_to admin_tenants_path, notice: t("admin.tenants.create.notice")
+    else
+      render :new
+    end
+  end
+
+  def update
+    if @tenant.update(tenant_params)
+      redirect_to admin_tenants_path, notice: t("admin.tenants.update.notice")
+    else
+      render :edit
+    end
+  end
+
+  private
+
+    def tenant_params
+      params.require(:tenant).permit(:name, :schema)
+    end
+end

app/models/abilities/administrator.rb

@@ -134,6 +134,10 @@ module Abilities
 
       can :manage, LocalCensusRecord
       can [:create, :read], LocalCensusRecords::Import
+
+      if Rails.application.config.multitenancy && Tenant.default?
+        can [:create, :read, :update], Tenant
+      end
     end
   end
 end

app/models/tenant.rb

@@ -40,12 +40,16 @@ class Tenant < ApplicationRecord
   end
 
   def self.current_host
-    if default?
+    host_for(current_schema)
+  end
+
+  def self.host_for(schema)
+    if schema == "public"
       default_host
     elsif default_host == "localhost"
-      "#{current_schema}.lvh.me"
+      "#{schema}.lvh.me"
     else
-      "#{current_schema}.#{default_host}"
+      "#{schema}.#{default_host}"
     end
   end
 
@@ -67,6 +71,10 @@ class Tenant < ApplicationRecord
     end
   end
 
+  def host
+    self.class.host_for(schema)
+  end
+
   private
 
     def create_schema

app/views/admin/tenants/edit.html.erb

@@ -0,0 +1 @@
+<%= render Admin::Tenants::EditComponent.new(@tenant) %>

app/views/admin/tenants/index.html.erb

@@ -0,0 +1 @@
+<%= render Admin::Tenants::IndexComponent.new(@tenants) %>

app/views/admin/tenants/new.html.erb

@@ -0,0 +1 @@
+<%= render Admin::Tenants::NewComponent.new(@tenant) %>

config/locales/en/activerecord.yml

@@ -124,6 +124,9 @@ en:
       images:
         one: "Image"
         other: "Images"
+      tenant:
+        one: "tenant"
+        other: "tenants"
       topic:
         one: "Topic"
         other: "Topics"
@@ -378,6 +381,8 @@ en:
         body: Body
       tag:
         name: "Type the name of the topic"
+      tenant:
+        schema: "Subdomain"
       topic:
         title: "Title"
         description: "Initial text"

config/locales/en/admin.yml

@@ -785,6 +785,7 @@ en:
       comments: "Comments"
       local_census_records: Manage local census
       machine_learning: "AI / Machine learning"
+      multitenancy: Multitenancy
     administrators:
       index:
         title: Administrators
@@ -1628,6 +1629,15 @@ en:
             notice: "Card updated successfully"
           destroy:
             notice: "Card removed successfully"
+    tenants:
+      create:
+        notice: Tenant created successfully
+      index:
+        create: Create tenant
+      new:
+        title: New tenant
+      update:
+        notice: Tenant updated successfully
     homepage:
       title: Homepage
       description: The active modules appear in the homepage in the same order as here.

config/locales/es/activerecord.yml

@@ -124,6 +124,9 @@ es:
       images:
         one: "Imagen"
         other: "Imágenes"
+      tenant:
+        one: "entidad"
+        other: "entidades"
       topic:
         one: "Tema"
         other: "Temas"
@@ -378,6 +381,8 @@ es:
         body: Contenido
       tag:
         name: "Escribe el nombre del tema"
+      tenant:
+        schema: "Subdominio"
       topic:
         title: "Título"
         description: "Texto inicial"

config/locales/es/admin.yml

@@ -784,6 +784,7 @@ es:
       comments: "Comentarios"
       local_census_records: Gestionar censo local
       machine_learning: "IA / Machine learning"
+      multitenancy: Multientidad
     administrators:
       index:
         title: Administradores
@@ -1627,6 +1628,15 @@ es:
             notice: "Tarjeta actualizada con éxito"
           destroy:
             notice: "Tarjeta eliminada con éxito"
+    tenants:
+      create:
+        notice: Entidad creada correctamente
+      index:
+        create: Crear entidad
+      new:
+        title: Nueva entidad
+      update:
+        notice: Entidad actualizada correctamente
     homepage:
       title: Homepage
       description: Los módulos activos aparecerán en la homepage en el mismo orden que aquí.

config/routes/admin.rb

@@ -277,6 +277,8 @@ namespace :admin do
     post :execute, on: :collection
     delete :cancel, on: :collection
   end
+
+  resources :tenants, except: [:show, :destroy]
 end
 
 resolve "Milestone" do |milestone|

spec/models/abilities/administrator_spec.rb

@@ -164,4 +164,37 @@ describe Abilities::Administrator do
   it { should be_able_to(:destroy, SDG::Manager) }
 
   it { should be_able_to(:manage, Widget::Card) }
+
+  describe "tenants" do
+    context "with multitenancy disabled" do
+      before { allow(Rails.application.config).to receive(:multitenancy).and_return(false) }
+
+      it { should_not be_able_to :create, Tenant }
+      it { should_not be_able_to :read, Tenant }
+      it { should_not be_able_to :update, Tenant }
+      it { should_not be_able_to :destroy, Tenant }
+    end
+
+    context "with multitenancy enabled" do
+      before { allow(Rails.application.config).to receive(:multitenancy).and_return(true) }
+
+      it { should be_able_to :create, Tenant }
+      it { should be_able_to :read, Tenant }
+      it { should be_able_to :update, Tenant }
+      it { should_not be_able_to :destroy, Tenant }
+
+      it "does not allow administrators from other tenants to manage tenants " do
+        create(:tenant, schema: "subsidiary")
+
+        Tenant.switch("subsidiary") do
+          admin = create(:administrator).user
+
+          expect(admin).not_to be_able_to :create, Tenant
+          expect(admin).not_to be_able_to :read, Tenant
+          expect(admin).not_to be_able_to :update, Tenant
+          expect(admin).not_to be_able_to :destroy, Tenant
+        end
+      end
+    end
+  end
 end

spec/models/tenant_spec.rb

@@ -133,6 +133,26 @@ describe Tenant do
     end
   end
 
+  describe ".host_for" do
+    before do
+      allow(Tenant).to receive(:default_url_options).and_return({ host: "consul.dev" })
+    end
+
+    it "returns the default host for the default schema" do
+      expect(Tenant.host_for("public")).to eq "consul.dev"
+    end
+
+    it "returns the host with a subdomain on other schemas" do
+      expect(Tenant.host_for("uranus")).to eq "uranus.consul.dev"
+    end
+
+    it "uses lvh.me for subdomains when the host is localhost" do
+      allow(Tenant).to receive(:default_url_options).and_return({ host: "localhost" })
+
+      expect(Tenant.host_for("uranus")).to eq "uranus.lvh.me"
+    end
+  end
+
   describe ".run_on_each" do
     it "runs the code on all tenants, including the default one" do
       create(:tenant, schema: "andromeda")

spec/system/admin/tenants_spec.rb

@@ -0,0 +1,45 @@
+require "rails_helper"
+
+describe "Tenants", :admin do
+  before { allow(Tenant).to receive(:default_host).and_return("localhost") }
+
+  scenario "Create" do
+    visit admin_root_path
+
+    within("#side_menu") do
+      click_link "Settings"
+      click_link "Multitenancy"
+    end
+
+    click_link "Create tenant"
+    fill_in "Subdomain", with: "earth"
+    fill_in "Name", with: "Earthlings"
+    click_button "Create tenant"
+
+    expect(page).to have_content "Tenant created successfully"
+
+    within("tr", text: "earth") { click_link "View" }
+
+    expect(current_host).to eq "http://earth.lvh.me"
+    expect(page).to have_current_path root_path
+    expect(page).to have_link "Sign in"
+  end
+
+  scenario "Update" do
+    create(:tenant, schema: "moon")
+
+    visit admin_tenants_path
+    within("tr", text: "moon") { click_link "Edit" }
+
+    fill_in "Subdomain", with: "the-moon"
+    click_button "Update tenant"
+
+    expect(page).to have_content "Tenant updated successfully"
+
+    within("tr", text: "the-moon") { click_link "View" }
+
+    expect(current_host).to eq "http://the-moon.lvh.me"
+    expect(page).to have_current_path root_path
+    expect(page).to have_link "Sign in"
+  end
+end