fix #430

README.md

 
 You can parse this output to make form fields show up with a red border and their appropriate error message.
 
+### Multi Tenancy support
+
+You may use the "multiTenancy" middleware when you have a multi-tenant database. 
+If your tenants are identified by the "customer_id" column you can use the following handler:
+
+    'multiTenancy.handler' => function ($operation, $tableName) {
+        return ['customer_id' => 12];
+    },
+
+This construct adds a filter requiring "customer_id" to be "12" to every operation (except for "create").
+It also sets the column "customer_id" on "create" to "12" and removes the column from any other write operation.
+
 ## OpenAPI specification
 
 On the "/openapi" end-point the OpenAPI 3.0 (formerly called "Swagger") specification is served. 

src/Tqdev/PhpCrudApi/Api.php

 use Tqdev\PhpCrudApi\Middleware\CorsMiddleware;
 use Tqdev\PhpCrudApi\Middleware\FirewallMiddleware;
 use Tqdev\PhpCrudApi\Middleware\JwtAuthMiddleware;
+use Tqdev\PhpCrudApi\Middleware\MultiTenancyMiddleware;
 use Tqdev\PhpCrudApi\Middleware\Router\SimpleRouter;
 use Tqdev\PhpCrudApi\Middleware\SanitationMiddleware;
 use Tqdev\PhpCrudApi\Middleware\ValidationMiddleware;
                 case 'sanitation':
                     new SanitationMiddleware($router, $responder, $properties, $reflection);
                     break;
+                case 'multiTenancy':
+                    new MultiTenancyMiddleware($router, $responder, $properties, $reflection);
+                    break;
                 case 'authorization':
                     new AuthorizationMiddleware($router, $responder, $properties, $reflection);
                     break;

src/Tqdev/PhpCrudApi/Column/ReflectionService.php

         return $this->database->removeTable($tableName);
     }
 
-    public function removeColumn(String $tableName, String $columnName): bool
-    {
-        return $this->getTable($tableName)->removeColumn($columnName);
-    }
 }

src/Tqdev/PhpCrudApi/Database/GenericDB.php

 
 use Tqdev\PhpCrudApi\Column\Reflection\ReflectedTable;
 use Tqdev\PhpCrudApi\Middleware\Communication\VariableStore;
-use Tqdev\PhpCrudApi\Record\Condition\AndCondition;
 use Tqdev\PhpCrudApi\Record\Condition\ColumnCondition;
 use Tqdev\PhpCrudApi\Record\Condition\Condition;
 
         return $this->definition;
     }
 
-    private function addAuthorizationCondition(String $tableName, Condition $condition2): Condition
+    private function addMiddlewareConditions(String $tableName, Condition $condition): Condition
     {
         $condition1 = VariableStore::get("authorization.conditions.$tableName");
-        return $condition1 ? AndCondition::fromArray([$condition1, $condition2]) : $condition2;
+        if ($condition1) {
+            $condition = $condition->_and($condition1);
+        }
+        $condition2 = VariableStore::get("multiTenancy.conditions.$tableName");
+        if ($condition2) {
+            $condition = $condition->_and($condition2);
+        }
+        return $condition;
     }
 
     public function createSingle(ReflectedTable $table, array $columnValues) /*: ?String*/
         $selectColumns = $this->columns->getSelect($table, $columnNames);
         $tableName = $table->getName();
         $condition = new ColumnCondition($table->getPk(), 'eq', $id);
-        $condition = $this->addAuthorizationCondition($tableName, $condition);
+        $condition = $this->addMiddlewareConditions($tableName, $condition);
         $parameters = array();
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'SELECT ' . $selectColumns . ' FROM "' . $tableName . '" ' . $whereClause;
         $selectColumns = $this->columns->getSelect($table, $columnNames);
         $tableName = $table->getName();
         $condition = new ColumnCondition($table->getPk(), 'in', implode(',', $ids));
-        $condition = $this->addAuthorizationCondition($tableName, $condition);
+        $condition = $this->addMiddlewareConditions($tableName, $condition);
         $parameters = array();
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'SELECT ' . $selectColumns . ' FROM "' . $tableName . '" ' . $whereClause;
     public function selectCount(ReflectedTable $table, Condition $condition): int
     {
         $tableName = $table->getName();
-        $condition = $this->addAuthorizationCondition($tableName, $condition);
+        $condition = $this->addMiddlewareConditions($tableName, $condition);
         $parameters = array();
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'SELECT COUNT(*) FROM "' . $tableName . '"' . $whereClause;
     {
         $selectColumns = $this->columns->getSelect($table, $columnNames);
         $tableName = $table->getName();
-        $condition = $this->addAuthorizationCondition($tableName, $condition);
+        $condition = $this->addMiddlewareConditions($tableName, $condition);
         $parameters = array();
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'SELECT ' . $selectColumns . ' FROM "' . $tableName . '"' . $whereClause;
         }
         $selectColumns = $this->columns->getSelect($table, $columnNames);
         $tableName = $table->getName();
-        $condition = $this->addAuthorizationCondition($tableName, $condition);
+        $condition = $this->addMiddlewareConditions($tableName, $condition);
         $parameters = array();
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $orderBy = $this->columns->getOrderBy($table, $columnOrdering);
         $updateColumns = $this->columns->getUpdate($table, $columnValues);
         $tableName = $table->getName();
         $condition = new ColumnCondition($table->getPk(), 'eq', $id);
-        $condition = $this->addAuthorizationCondition($tableName, $condition);
+        $condition = $this->addMiddlewareConditions($tableName, $condition);
         $parameters = array_values($columnValues);
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'UPDATE "' . $tableName . '" SET ' . $updateColumns . $whereClause;
     {
         $tableName = $table->getName();
         $condition = new ColumnCondition($table->getPk(), 'eq', $id);
-        $condition = $this->addAuthorizationCondition($tableName, $condition);
+        $condition = $this->addMiddlewareConditions($tableName, $condition);
         $parameters = array();
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'DELETE FROM "' . $tableName . '" ' . $whereClause;
         $updateColumns = $this->columns->getIncrement($table, $columnValues);
         $tableName = $table->getName();
         $condition = new ColumnCondition($table->getPk(), 'eq', $id);
-        $condition = $this->addAuthorizationCondition($tableName, $condition);
+        $condition = $this->addMiddlewareConditions($tableName, $condition);
         $parameters = array_values($columnValues);
         $whereClause = $this->conditions->getWhereClause($condition, $parameters);
         $sql = 'UPDATE "' . $tableName . '" SET ' . $updateColumns . $whereClause;

src/Tqdev/PhpCrudApi/Middleware/AuthorizationMiddleware.php

             foreach ($table->columnNames() as $columnName) {
                 $allowed = call_user_func($columnHandler, $operation, $tableName, $columnName);
                 if (!$allowed) {
-                    $this->reflection->removeColumn($tableName, $columnName);
+                    $table->removeColumn($columnName);
                 }
             }
         }

tests/config/base.php

     'username' => 'php-crud-api',
     'password' => 'php-crud-api',
     'controllers' => 'records,columns,cache,openapi',
-    'middlewares' => 'cors,jwtAuth,basicAuth,authorization,validation,sanitation',
+    'middlewares' => 'cors,jwtAuth,basicAuth,authorization,validation,sanitation,multiTenancy',
     'jwtAuth.time' => '1538207605',
     'jwtAuth.secret' => 'axpIrCGNGqxzx2R9dtXLIPUSqPo778uhb8CA0F4Hx',
     'basicAuth.passwordFile' => __DIR__ . DIRECTORY_SEPARATOR . '.htpasswd',
     'validation.handler' => function ($operation, $tableName, $column, $value, $context) {
         return ($column['name'] == 'post_id' && !is_numeric($value)) ? 'must be numeric' : true;
     },
+    'multiTenancy.handler' => function ($operation, $tableName) {
+        return ($tableName == 'kunsthåndværk') ? ['user_id' => 1] : [];
+    },
     'debug' => true,
 ];

tests/fixtures/blog_mysql.sql

 CREATE TABLE `kunsthåndværk` (
   `id` varchar(36) NOT NULL,
   `Umlauts ä_ö_ü-COUNT` int(11) NOT NULL,
+  `user_id` int(11) NOT NULL,
   `invisible` varchar(36),
   PRIMARY KEY (`id`),
-  CONSTRAINT `kunsthåndværk_Umlauts ä_ö_ü-COUNT_fkey` UNIQUE (`Umlauts ä_ö_ü-COUNT`)
+  CONSTRAINT `kunsthåndværk_Umlauts ä_ö_ü-COUNT_fkey` UNIQUE (`Umlauts ä_ö_ü-COUNT`),
+  CONSTRAINT `kunsthåndværk_user_id_fkey` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
 
-INSERT INTO `kunsthåndværk` (`id`, `Umlauts ä_ö_ü-COUNT`, `invisible`) VALUES
-('e42c77c6-06a4-4502-816c-d112c7142e6d', 1, NULL);
+INSERT INTO `kunsthåndværk` (`id`, `Umlauts ä_ö_ü-COUNT`, `user_id`, `invisible`) VALUES
+('e42c77c6-06a4-4502-816c-d112c7142e6d', 1, 1, NULL),
+('e31ecfe6-591f-4660-9fbd-1a232083037f', 2, 2, NULL);
 
 DROP TABLE IF EXISTS `invisibles`;
 CREATE TABLE `invisibles` (

tests/fixtures/blog_pgsql.sql

 CREATE TABLE "kunsthåndværk" (
   id character varying(36) NOT NULL,
   "Umlauts ä_ö_ü-COUNT" integer NOT NULL,
+  user_id integer NOT NULL,
   invisible character varying(36)
 );
 
 -- Data for Name: kunsthåndværk; Type: TABLE DATA; Schema: public; Owner: postgres
 --
 
-INSERT INTO "kunsthåndværk" ("id", "Umlauts ä_ö_ü-COUNT", "invisible") VALUES
-('e42c77c6-06a4-4502-816c-d112c7142e6d', 1, NULL);
+INSERT INTO "kunsthåndværk" ("id", "Umlauts ä_ö_ü-COUNT", "user_id", "invisible") VALUES
+('e42c77c6-06a4-4502-816c-d112c7142e6d', 1, 1, NULL),
+('e31ecfe6-591f-4660-9fbd-1a232083037f', 2, 2, NULL);
 
 --
 -- Data for Name: invisibles; Type: TABLE DATA; Schema: public; Owner: postgres
 CREATE INDEX "kunsthåndværk_Umlauts ä_ö_ü-COUNT_idx" ON "kunsthåndværk" USING btree ("Umlauts ä_ö_ü-COUNT");
 
 
+--
+-- Name: kunsthåndværk_user_id_idx; Type: INDEX; Schema: public; Owner: postgres; Tablespace:
+--
+
+CREATE INDEX "kunsthåndværk_user_id_idx" ON "kunsthåndværk" USING btree (user_id);
+
+
 --
 -- Name: comments_post_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: postgres
 --
 ALTER TABLE ONLY "kunsthåndværk"
     ADD CONSTRAINT "kunsthåndværk_Umlauts ä_ö_ü-COUNT_uc" UNIQUE ("Umlauts ä_ö_ü-COUNT");
 
+--
+-- Name: kunsthåndværk_user_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: postgres
+--
+
+ALTER TABLE ONLY "kunsthåndværk"
+    ADD CONSTRAINT "kunsthåndværk_user_id_fkey" FOREIGN KEY (user_id) REFERENCES users(id);
+
 
 --
 -- PostgreSQL database dump complete

tests/fixtures/blog_sqlsrv.sql

 CREATE TABLE [kunsthåndværk](
 	[id] [nvarchar](36),
 	[Umlauts ä_ö_ü-COUNT] [int] NOT NULL,
+	[user_id] [int] NOT NULL,
 	[invisible] [nvarchar](36),
 	CONSTRAINT [PK_kunsthåndværk]
 	PRIMARY KEY CLUSTERED([id] ASC)
 INSERT [barcodes] ([product_id], [hex], [bin]) VALUES (1, N'00ff01', 0x00ff01)
 GO
 
-INSERT [kunsthåndværk] ([id], [Umlauts ä_ö_ü-COUNT], [invisible]) VALUES ('e42c77c6-06a4-4502-816c-d112c7142e6d', 1, NULL)
+INSERT [kunsthåndværk] ([id], [Umlauts ä_ö_ü-COUNT], [user_id], [invisible]) VALUES ('e42c77c6-06a4-4502-816c-d112c7142e6d', 1, 1, NULL)
+GO
+INSERT [kunsthåndværk] ([id], [Umlauts ä_ö_ü-COUNT], [user_id], [invisible]) VALUES ('e31ecfe6-591f-4660-9fbd-1a232083037f', 2, 2, NULL)
 GO
 
 INSERT [invisibles] ([id]) VALUES ('e42c77c6-06a4-4502-816c-d112c7142e6d')
 
 ALTER TABLE [kunsthåndværk]  WITH CHECK ADD 	CONSTRAINT [UC_kunsthåndværk_Umlauts ä_ö_ü-COUNT] UNIQUE([Umlauts ä_ö_ü-COUNT])
 GO
+
+ALTER TABLE [kunsthåndværk]  WITH CHECK ADD 	CONSTRAINT [FK_kunsthåndværk_users] FOREIGN KEY([user_id])
+REFERENCES [users] ([id])
+GO
+ALTER TABLE [kunsthåndværk] CHECK	CONSTRAINT [FK_kunsthåndværk_users]
+GO

tests/functional/001_records/063_list_kunsthåndværk.log

 ===
 200
 Content-Type: application/json
-Content-Length: 86
+Content-Length: 98
 
-{"records":[{"id":"e42c77c6-06a4-4502-816c-d112c7142e6d","Umlauts ä_ö_ü-COUNT":1}]}
+{"records":[{"id":"e42c77c6-06a4-4502-816c-d112c7142e6d","Umlauts ä_ö_ü-COUNT":1,"user_id":1}]}

tests/functional/001_records/064_add_kunsthåndværk.log

 POST /records/kunsthåndværk
 
-{"id":"34451583-a747-4417-bdf0-bec7a5eacffa","Umlauts ä_ö_ü-COUNT":2}
+{"id":"34451583-a747-4417-bdf0-bec7a5eacffa","Umlauts ä_ö_ü-COUNT":3}
 ===
 200
 Content-Type: application/json

tests/functional/003_columns/001_get_database.log

 ===
 200
 Content-Type: application/json
-Content-Length: 2224
+Content-Length: 2273
 
-{"name":"php-crud-api","tables":[{"name":"barcodes","columns":[{"name":"id","type":"integer","pk":true},{"name":"product_id","type":"integer","fk":"products"},{"name":"hex","type":"varchar","length":255},{"name":"bin","type":"blob"}]},{"name":"categories","columns":[{"name":"id","type":"integer","pk":true},{"name":"name","type":"varchar","length":255},{"name":"icon","type":"blob","nullable":true}]},{"name":"comments","columns":[{"name":"id","type":"integer","pk":true},{"name":"post_id","type":"integer","fk":"posts"},{"name":"message","type":"varchar","length":255}]},{"name":"countries","columns":[{"name":"id","type":"integer","pk":true},{"name":"name","type":"varchar","length":255},{"name":"shape","type":"geometry"}]},{"name":"events","columns":[{"name":"id","type":"integer","pk":true},{"name":"name","type":"varchar","length":255},{"name":"datetime","type":"timestamp"},{"name":"visitors","type":"integer"}]},{"name":"kunsthåndværk","columns":[{"name":"id","type":"varchar","length":36,"pk":true},{"name":"Umlauts ä_ö_ü-COUNT","type":"integer"}]},{"name":"nopk","columns":[{"name":"id","type":"varchar","length":36}]},{"name":"post_tags","columns":[{"name":"id","type":"integer","pk":true},{"name":"post_id","type":"integer","fk":"posts"},{"name":"tag_id","type":"integer","fk":"tags"}]},{"name":"posts","columns":[{"name":"id","type":"integer","pk":true},{"name":"user_id","type":"integer","fk":"users"},{"name":"category_id","type":"integer","fk":"categories"},{"name":"content","type":"varchar","length":255}]},{"name":"products","columns":[{"name":"id","type":"integer","pk":true},{"name":"name","type":"varchar","length":255},{"name":"price","type":"decimal","precision":10,"scale":2},{"name":"properties","type":"clob"},{"name":"created_at","type":"timestamp"},{"name":"deleted_at","type":"timestamp","nullable":true}]},{"name":"tags","columns":[{"name":"id","type":"integer","pk":true},{"name":"name","type":"varchar","length":255},{"name":"is_important","type":"boolean"}]},{"name":"users","columns":[{"name":"id","type":"integer","pk":true},{"name":"username","type":"varchar","length":255},{"name":"password","type":"varchar","length":255},{"name":"location","type":"geometry","nullable":true}]}]}
+{"name":"php-crud-api","tables":[{"name":"barcodes","columns":[{"name":"id","type":"integer","pk":true},{"name":"product_id","type":"integer","fk":"products"},{"name":"hex","type":"varchar","length":255},{"name":"bin","type":"blob"}]},{"name":"categories","columns":[{"name":"id","type":"integer","pk":true},{"name":"name","type":"varchar","length":255},{"name":"icon","type":"blob","nullable":true}]},{"name":"comments","columns":[{"name":"id","type":"integer","pk":true},{"name":"post_id","type":"integer","fk":"posts"},{"name":"message","type":"varchar","length":255}]},{"name":"countries","columns":[{"name":"id","type":"integer","pk":true},{"name":"name","type":"varchar","length":255},{"name":"shape","type":"geometry"}]},{"name":"events","columns":[{"name":"id","type":"integer","pk":true},{"name":"name","type":"varchar","length":255},{"name":"datetime","type":"timestamp"},{"name":"visitors","type":"integer"}]},{"name":"kunsthåndværk","columns":[{"name":"id","type":"varchar","length":36,"pk":true},{"name":"Umlauts ä_ö_ü-COUNT","type":"integer"},{"name":"user_id","type":"integer","fk":"users"}]},{"name":"nopk","columns":[{"name":"id","type":"varchar","length":36}]},{"name":"post_tags","columns":[{"name":"id","type":"integer","pk":true},{"name":"post_id","type":"integer","fk":"posts"},{"name":"tag_id","type":"integer","fk":"tags"}]},{"name":"posts","columns":[{"name":"id","type":"integer","pk":true},{"name":"user_id","type":"integer","fk":"users"},{"name":"category_id","type":"integer","fk":"categories"},{"name":"content","type":"varchar","length":255}]},{"name":"products","columns":[{"name":"id","type":"integer","pk":true},{"name":"name","type":"varchar","length":255},{"name":"price","type":"decimal","precision":10,"scale":2},{"name":"properties","type":"clob"},{"name":"created_at","type":"timestamp"},{"name":"deleted_at","type":"timestamp","nullable":true}]},{"name":"tags","columns":[{"name":"id","type":"integer","pk":true},{"name":"name","type":"varchar","length":255},{"name":"is_important","type":"boolean"}]},{"name":"users","columns":[{"name":"id","type":"integer","pk":true},{"name":"username","type":"varchar","length":255},{"name":"password","type":"varchar","length":255},{"name":"location","type":"geometry","nullable":true}]}]}