add check to create tenant only at root

apioo · Feb 18, 2024 · 7292e81 · 7292e81
1 parent 6cf8b4c
commit 7292e81
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 4 deletions.
diff --git a/src/Backend/Action/Tenant/Remove.php b/src/Backend/Action/Tenant/Remove.php
@@ -26,6 +26,7 @@
 use Fusio\Engine\RequestInterface;
 use Fusio\Impl\Service;
 use PSX\Http\Environment\HttpResponse;
+use PSX\Http\Exception\BadRequestException;
 
 /**
  * Remove
@@ -45,7 +46,12 @@ public function __construct(Service\Tenant $tenantService)
 
     public function handle(RequestInterface $request, ParametersInterface $configuration, ContextInterface $context): mixed
     {
-        $this->tenantService->remove($request->get('tenant_id'));
+        $tenantId = $request->get('tenant_id');
+        if (empty($tenantId)) {
+            throw new BadRequestException('Missing tenant id');
+        }
+
+        $this->tenantService->remove($tenantId, $context);
 
         return new HttpResponse(200, [], [
             'success' => true,

diff --git a/src/Backend/Action/Tenant/Setup.php b/src/Backend/Action/Tenant/Setup.php
@@ -26,6 +26,7 @@
 use Fusio\Engine\RequestInterface;
 use Fusio\Impl\Service;
 use PSX\Http\Environment\HttpResponse;
+use PSX\Http\Exception\BadRequestException;
 
 /**
  * Setup
@@ -45,7 +46,12 @@ public function __construct(Service\Tenant $tenantService)
 
     public function handle(RequestInterface $request, ParametersInterface $configuration, ContextInterface $context): mixed
     {
-        $this->tenantService->setup($request->get('tenant_id'));
+        $tenantId = $request->get('tenant_id');
+        if (empty($tenantId)) {
+            throw new BadRequestException('Missing tenant id');
+        }
+
+        $this->tenantService->setup($tenantId, $context);
 
         return new HttpResponse(200, [], [
             'success' => true,

diff --git a/src/Service/Tenant.php b/src/Service/Tenant.php
@@ -21,6 +21,7 @@
 namespace Fusio\Impl\Service;
 
 use Doctrine\DBAL\Connection;
+use Fusio\Engine\ContextInterface;
 use Fusio\Impl\Installation\NewInstallation;
 use PSX\Http\Exception\BadRequestException;
 
@@ -62,8 +63,12 @@ public function __construct(Connection $connection)
         $this->connection = $connection;
     }
 
-    public function setup(string $tenantId): void
+    public function setup(string $tenantId, ContextInterface $context): void
     {
+        if (!empty($context->getTenantId())) {
+            throw new BadRequestException('Tenant operations are only allowed at the root tenant');
+        }
+
         $count = (int) $this->connection->fetchOne('SELECT COUNT(*) AS cnt FROM fusio_config WHERE tenant_id = :tenant_id', [
             'tenant_id' => $tenantId,
         ]);
@@ -97,8 +102,12 @@ public function setup(string $tenantId): void
         }
     }
 
-    public function remove(string $tenantId): void
+    public function remove(string $tenantId, ContextInterface $context): void
     {
+        if (!empty($context->getTenantId())) {
+            throw new BadRequestException('Tenant operations are only allowed at the root tenant');
+        }
+
         foreach (self::TENANT_TABLES as $tableName) {
             if ($tableName === 'fusio_operation') {
                 $result = $this->connection->fetchAllAssociative('SELECT id FROM fusio_operation WHERE tenant_id = :tenant_id', ['tenant_id' => $tenantId]);