Amplify-cli: model transforms: support allow:authenticated in auth transform

Created on 28 Aug 2018  路  7Comments  路  Source: aws-amplify/amplify-cli

Do you want to request a feature or report a bug?

FEATURE

What is the current behavior?

I cannot have a type that applies per mutation/query permissions to all authenticated users. If I specify any rules, they have to be owner or group-based.

What is the expected behavior?

I want to be able to write a schema where the owner can create/update/delete and any authenticated user can read. Example is a protected blog. Something like:

type Post @model
    @auth(rules: [
        { allow: owner },
        { allow: authenticated, queries: [ "get", "list" ], mutations: [] }
    ])
{
  // Fields here
}

Additional environment details

  • OS version: Mac OSX
  • Output of amplify --version: 0.1.13
  • Did this work in previous versions?: N
feature-request graphql-transformer
Source
picture adrianhall
👍10

Most helpful comment

Is there any workaround for now? I'm facing the same issue, I have a Product model, I would like to give read access to all users, but only write access to Admin group.

picture jimmyn on 22 Feb 2019
👍2

All 7 comments

Can we get a "graphql-transform" label plz?

mikeparisstuff picture mikeparisstuff on 28 Aug 2018

@mikeparisstuff Done.

kaustavghosh06 picture kaustavghosh06 on 28 Aug 2018

This is a relatively straight-forward task. An "authenticated" rule would mean prefixing all generated query resolvers with a null check for $ctx.identity. If it is null, throw $util.unauthorized() else allow execution. In mutations this may require injecting a true == false in the conditional expression because the older version (2017) resolvers always run the operation so we could not fail before.

mikeparisstuff picture mikeparisstuff on 29 Aug 2018
👍2

Is there any workaround for now? I'm facing the same issue, I have a Product model, I would like to give read access to all users, but only write access to Admin group.

jimmyn picture jimmyn on 22 Feb 2019
👍2

Hello, any updates around this issue @mikeparisstuff? @adrianhall? Just started working with amplify, but am now running into this block with unauthorized access

wontwon picture wontwon on 24 Feb 2019
👍1

@mikeparisstuff Can you share any updates on this?

aej11a picture aej11a on 2 Sep 2019

Hey guys, we launched multi-auth support for the GraphQL transform which allows public access via API Keys and IAM. Please find more info out here - https://aws-amplify.github.io/docs/cli-toolchain/graphql#public-authorization

kaustavghosh06 picture kaustavghosh06 on 20 Sep 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mwarger picture mwarger  路  3Comments
ReidWeb picture ReidWeb  路  3Comments
MageMasher picture MageMasher  路  3Comments
darrentarrant picture darrentarrant  路  3Comments
davo301 picture davo301  路  3Comments