Multi-Tenancy for Laravel and Laravel-Doctrine

This library provides the necessary infra-structure for a complex multi-tenant application. Multi-tenancy allows an application to be silo'd into protected areas by some form of tenant identifier. This could be by sub-domain, URL parameter or some other scheme.

Terminology

Tenant

Identifies the currently loaded account that the user belongs to. There are two components:

• Tenant Owner: tenant_owner_id
• Tenant Creator: tenant_creator_id

The tenant owner is the root account that actual "owns" the tenant-aware data.

The tenant creator is the instance that is adding or manipulating data that belongs to the tenant owner.

The tenant owner and creator may be the same entity.

The Tenant is its own object, registered in the container as: auth.tenant.

Tenant Participant

A tenant participant identifies the entity that is actually providing the tenancy reference. This must be defined for this library to work and there can only be a single entity.

Typically this will be an Account class or User or (from laravel-doctrine/acl), an organization.

The tenant participant may be a polymorphic entity e.g.: one that uses single table inheritance.

Tenant Participant Mapping

Provides an alias to the tenant participant for easier referencing.

Note: this is not a container alias but used internally for tagging routes. e.g.: the participant class is \App\Entity\SomeType\TheActualInstanceClass and in the routes we want to restrict to this type. Instead of using the whole class name, it can be aliased to "short_name".

Tenant Aware

An entity that implements the TenantAware contract (interface). This allows the data to be portioned by the tenant owner / creator.

A tenant aware entity requires:

• get/set TenantOwnerId
• get/set TenantCreatorId
• importTenancyFrom

Tenant Aware Repository

A specific repository that will enforce the tenant requirements ensuring that any fetch request will be correctly bound with the tenant owner and creator, depending on the security scheme that has been implemented on the tenant owners data.

A tenant aware repository usually wraps the standard entities repository class. This may be the standard Doctrine EntityRepository.

Security Model

Defines how data is shared within a tenant owners account. In many situations this will be just the tenant owner and creator only, however this library allows a hierarchy and a user to have multiple tenants associated with them. In this instance the security level will determine what information is available to the user depending on their current creator instance.

The provided security models are:

• shared - all data within the tenant owner is shared to all tenant creators
• user - the user can access all data they are allowed access to within the tenant owner
• closed - only the current creator within the owner is permitted
• inherit - defer to the parent to get the security model.

Additional models can be implemented. The default configuration is closed, with no sharing.

Domain Aware Tenant Participant

A domain aware tenant participant adds support for a domain name to the interface. This allows the tenant information to be resolved from the current host name passed into the application. This is used with the TenantSiteResolver middleware.

Domain Aware Tenant Participant Repository

The repository for the domain aware tenant participants. It is separate to the tenant participant allowing separate instances to be used. Domain aware is used with the TenantSiteResolver middleware.

Requirements

• PHP 5.5+
• laravel 5.2+
• laravel-doctrine/orm
• somnambulist/laravel-doctrine-behaviours

Installation

Install using composer, or checkout / pull the files from github.com.

• composer install somnambulist/laravel-doctrine-tenancy