I have a multi-tenant database, where each table in my database has a "tenant_id" column. I'd like to expose an OData service over this database using RESTier, where each request to my service will include a JWT that contains a claim indicating which tenant's data is being accessed. How can I filter records returned to only those for the incoming tenant?
From reading the docs on http://odata.github.io/RESTier, it looks like this the "Entity Set Filters" feature is intended to solve this exact scenario scenario. So assuming I can extract the tenant_id from the incoming JWT to establish the current claims principal, I should be able to do something like this:
private IQueryable<customer> OnFilterCustomers(IQueryable<customer> customers)
{
var principal = ClaimsPrincipal.Current;
var tenantId = principal.Claims.FirstOrDefault(c => c.Type == "tenantid").Value;
return customers.Where(c => c.tenant_id == tenantId);
}
Is this the most appropriate place to perform this work? Are there any examples of performing row-level filters based on the authorization request header?
I'd also like to hide the tenant_id column from my EDM - is there a mechanism for doing that?
