Data Isolation

How TheCompanyApp ensures complete separation of company data.

Isolation Strategy

Core Principle: Every entity is scoped by companyID: UUID.

Enforcement: All data queries filtered by company identifier.

Company Scoping

Entity Schema

Every company-scoped entity includes:

companyID: UUID - Unique identifier for the company
Optional: companyName: String - Denormalized for display

Example (InventoryItem entity):

<entity name="InventoryItem">
    <attribute name="companyID" attributeType="UUID" usesScalarValueType="NO"/>
    <attribute name="itemCode" attributeType="String"/>
    <attribute name="itemName" attributeType="String"/>
    <!-- ... other attributes ... -->
</entity>

Fetch Requests

All fetches must include companyID predicate:

Correct:

func fetchOrders(for company: Companies) -> [Orders] {
    let request: NSFetchRequest<Orders> = Orders.fetchRequest()
    request.predicate = NSPredicate(format: "companyID == %@", company.companyID as CVarArg)
    
    return (try? viewContext.fetch(request)) ?? []
}

Wrong (no scoping):

// DANGEROUS: Returns orders from ALL companies
func fetchAllOrders() -> [Orders] {
    let request: NSFetchRequest<Orders> = Orders.fetchRequest()
    return (try? viewContext.fetch(request)) ?? []
}

Never fetch across companies unless explicitly intended (e.g., admin view in future).

SwiftUI Integration

@FetchRequest with Dynamic Predicate:

struct OrdersListView: View {
    @ObservedObject var company: Companies
    
    @FetchRequest var orders: FetchedResults<Orders>
    
    init(company: Companies) {
        self.company = company
        
        // Dynamic predicate based on company
        _orders = FetchRequest(
            entity: Orders.entity(),
            sortDescriptors: [NSSortDescriptor(keyPath: \Orders.createdAt, ascending: false)],
            predicate: NSPredicate(format: "companyID == %@", company.companyID as CVarArg)
        )
    }
    
    var body: some View {
        List(orders) { order in
            OrderRow(order: order)
        }
    }
}

Result: View only displays orders for selected company.

Cross-Company Protection

Scenario: User Has Multiple Companies

User: Alice Companies:

Company A (companyID: abc-123)
Company B (companyID: def-456)

Data:

50 orders in Company A
30 orders in Company B

View Company A:

let companyA = selectedCompany // companyID = abc-123
let orders = fetchOrders(for: companyA)
// Returns only 50 orders (Company A)

View Company B:

let companyB = selectedCompany // companyID = def-456
let orders = fetchOrders(for: companyB)
// Returns only 30 orders (Company B)

No Cross-Contamination: Company A data never appears in Company B views.

Shared Company Isolation

Scenario: Alice owns Company A, shares with Bob.

Alice's Perspective (Owner)

Fetch:

let orders = fetchOrders(for: companyA)
// Returns all orders for companyID = companyA.companyID
// Includes orders created by Alice AND Bob

Result: Alice sees all company data (owner privilege + participant edits).

Bob's Perspective (Participant)

Fetch:

let orders = fetchOrders(for: companyA)
// Returns all orders for companyID = companyA.companyID
// Same as Alice (shared access)

Result: Bob sees identical data to Alice.

Isolation: Bob cannot see Alice's other companies (Company B, Company C, etc.).

User-Specific Data: UserPass

Exception: UserPass is isolated by user, not shared.

Alice's UserPass:

userName = "[email protected]"
userPassword = "AlicePassword"
companyID = companyA.companyID
// Stored in Alice's Private Database

Bob's UserPass:

userName = "[email protected]"
userPassword = "BobPassword"
companyID = companyA.companyID // Same company!
// Stored in Bob's Private Database

Isolation Mechanism: Stored in Private Database, which is user-scoped by iCloud.

Fetch:

// Alice's device
let userPass = fetchUserPass(for: companyA.companyID, userName: "[email protected]")
// Returns Alice's UserPass only (from Alice's Private Database)

// Bob's device
let userPass = fetchUserPass(for: companyA.companyID, userName: "[email protected]")
// Returns Bob's UserPass only (from Bob's Private Database)

Isolation at CloudKit Level

Private Database

Scope: User-level

Data: User's owned companies + UserPass for all companies.

Access: Only the user (across their devices).

Example:

Alice's Private Database contains:
- Company A (owned)
- Company B (owned)
- UserPass for Company A
- UserPass for Company C (shared by Charlie, but Alice's credentials)

Shared Database

Scope: Share-level (per CKShare)

Data: Companies shared to user + all shared company data.

Access: Owner + participants of the specific share.

Example:

Alice's Shared Database contains:
- Company C (shared by Charlie)
- Company C's inventory, orders, etc.
- NO access to Company D (shared to someone else, not Alice)

Zone-Level Isolation: Each CKShare creates a separate zone. User can only read zones they're invited to.

Testing Isolation

Unit Test Example:

func testDataIsolation() {
    let context = PersistenceController.preview.container.viewContext
    
    // Create two companies
    let companyA = Companies(context: context)
    companyA.companyID = UUID()
    companyA.name = "Company A"
    
    let companyB = Companies(context: context)
    companyB.companyID = UUID()
    companyB.name = "Company B"
    
    // Create orders for each
    let orderA = Orders(context: context)
    orderA.companyID = companyA.companyID
    orderA.orderID = "A1"
    
    let orderB = Orders(context: context)
    orderB.companyID = companyB.companyID
    orderB.orderID = "B1"
    
    try! context.save()
    
    // Fetch orders for Company A
    let ordersA = fetchOrders(for: companyA)
    XCTAssertEqual(ordersA.count, 1)
    XCTAssertEqual(ordersA.first?.orderID, "A1")
    
    // Fetch orders for Company B
    let ordersB = fetchOrders(for: companyB)
    XCTAssertEqual(ordersB.count, 1)
    XCTAssertEqual(ordersB.first?.orderID, "B1")
}

Expected Result: Each company sees only its own data.

Preventing Accidental Leakage

Code Review Checklist

All entity fetches include companyID predicate?
No global fetch requests without filtering?
SwiftUI @FetchRequest initialized with predicate?
Object creation sets companyID before save?

Static Analysis

Consider:

SwiftLint custom rule to detect fetch requests without predicates
Code review automation

Runtime Assertion

extension NSManagedObjectContext {
    func safeFetch<T: NSManagedObject>(_ request: NSFetchRequest<T>) throws -> [T] {
        // Ensure companyID predicate exists
        guard let predicate = request.predicate,
              predicate.predicateFormat.contains("companyID") else {
            fatalError("Fetch request missing companyID predicate: \(request)")
        }
        
        return try fetch(request)
    }
}

Use in development to catch errors.

PreviousCredential Storage NextPermissions and Roles

Last updated 1 hour ago

Good morning

hashtagIsolation Strategy

hashtagCompany Scoping

hashtagEntity Schema

hashtagFetch Requests

hashtagSwiftUI Integration

hashtagCross-Company Protection

hashtagScenario: User Has Multiple Companies

hashtagShared Company Isolation

hashtagAlice's Perspective (Owner)

hashtagBob's Perspective (Participant)

hashtagUser-Specific Data: UserPass

hashtagIsolation at CloudKit Level

hashtagPrivate Database

hashtagShared Database

hashtagTesting Isolation

hashtagPreventing Accidental Leakage

hashtagCode Review Checklist

hashtagStatic Analysis

hashtagRuntime Assertion

Isolation Strategy

Company Scoping

Entity Schema

Fetch Requests

SwiftUI Integration

Cross-Company Protection

Scenario: User Has Multiple Companies

Shared Company Isolation

Alice's Perspective (Owner)

Bob's Perspective (Participant)

User-Specific Data: UserPass

Isolation at CloudKit Level

Private Database

Shared Database

Testing Isolation

Preventing Accidental Leakage

Code Review Checklist

Static Analysis

Runtime Assertion