Description
Describe the bug
Ash Postgres currently allows relating two resources from two different tenants when using attribute strategy and referencing the primary key of the other resource.
To Reproduce
Here is a commit that adds two tests that manage cross-tenant relationships.
The one that references the primary key is able to add a cross-tenant relationship, the other correctly fails (with a rather cryptic error message though, so I'm not sure if it's actually failing for the right reason).
Expected behavior
I would expect cross-tenant relationship not to be possible
Runtime
- Elixir version: 1.15.4
- Erlang version: 26.0.2
- OS: Debian Testing
- Ash Postgres version:
main
Additional context
The Ecto guide covers this usecase by adding composite foreign keys to disallow inserting cross-tenant associations.
This is what happens for relationships referencing non-primary key attributes, and it was happening also for primary key attributes before 0adec1d.
That commit was made to fix the error shown in #144, but I think that the fix shouldn't have been dropping the composite foreign key, but rather adding the extra [:id, :org_id] unique index in the migration generator (should this be added for all multitenant-attribute resources or just as soon as their primary key gets referenced for the first time?), as is also shown in the Ecto guide.
Of course the cross-tenant relationship is correctly filtered out when reading the resource so it can't be retrieved, but I think it would be better to disallow its creation completely at the database level given there's the possibility to do so.