Developer drops Spatie team mode for multi-tenancy due to silent data corruption risk
A developer building a Multi-Tenant Starter project initially adopted Spatie's built-in team mode from the laravel-permission package to scope user roles per tenant. The approach requires a team_id column as part of a composite primary key in the model_has_roles table, meaning every role assignment must have a non-null team_id. Because users in the project can be assigned application roles before joining any team, the required default value of 1 caused role assignments to silently attach to whichever team holds ID 1, without throwing any error. This silent data corruption — where a user gains permissions in a team they never joined — was deemed more dangerous than an outright failure. The developer ultimately abandoned Spatie's team mode entirely rather than patch around the constraint or restructure the primary key.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in