Skip to content

Commit 26281d1

Browse files
authored
fix: Multiple custom operation group auth definition of custom type (#572)
1 parent 22b8253 commit 26281d1

File tree

4 files changed

+72
-5
lines changed

4 files changed

+72
-5
lines changed

.changeset/six-cats-make.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
'@aws-amplify/data-schema': patch
3+
---
4+
5+
Fix custom type authorization rule bug

packages/data-schema/__tests__/ModelType.test.ts

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -198,6 +198,39 @@ describe('model auth rules', () => {
198198
expect(graphql).toMatchSnapshot();
199199
});
200200

201+
it(`can merge group authorization to allow groups to be defined by multiple custom operations`, () => {
202+
const schema = a.schema({
203+
CustomType: a.customType({
204+
id: a.string().required(),
205+
name: a.string().required(),
206+
}),
207+
exampleAdminAndUserQuery: a
208+
.query()
209+
.arguments({
210+
arg1: a.string().required(),
211+
})
212+
.returns(a.ref("CustomType").required().array().required())
213+
.handler(a.handler.function('exampleFunc'))
214+
.authorization((allow) => [allow.groups(["Admin", "User"])]),
215+
exampleAdminOnlyQuery: a
216+
.query()
217+
.arguments({
218+
arg1: a.string().required(),
219+
})
220+
.returns(a.ref("CustomType").required().array().required())
221+
.handler(a.handler.function('exampleFunc'))
222+
.authorization((allow) => [allow.groups(["Admin"])]),
223+
ExampleModel: a.model({
224+
name: a.ref("CustomType").required().array().required().authorization((allow) => [allow.groups(["Admin3", "User3"])]),
225+
description: a.string().authorization((allow) => [allow.groups(["Admin3"])]),
226+
})
227+
.authorization((allow) => [allow.groups(["Admin2", "User2"])])
228+
});
229+
230+
const graphql = schema.transform().schema;
231+
expect(graphql).toMatchSnapshot();
232+
});
233+
201234
it(`can create a "multiple owners" rule on an implied (auto-created) field`, () => {
202235
const schema = a.schema({
203236
widget: a

packages/data-schema/__tests__/__snapshots__/ModelType.test.ts.snap

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -516,6 +516,25 @@ exports[`model auth rules can define public auth with no provider 1`] = `
516516
}"
517517
`;
518518

519+
exports[`model auth rules can merge group authorization to allow groups to be defined by multiple custom operations 1`] = `
520+
"type ExampleModel @model @auth(rules: [{allow: groups, groups: ["Admin2", "User2"]}])
521+
{
522+
name: [CustomType!]! @auth(rules: [{allow: groups, groups: ["Admin3", "User3"]}])
523+
description: String @auth(rules: [{allow: groups, groups: ["Admin3"]}])
524+
}
525+
526+
type CustomType @aws_cognito_user_pools(cognito_groups: ["Admin", "User"])
527+
{
528+
id: String!
529+
name: String!
530+
}
531+
532+
type Query {
533+
exampleAdminAndUserQuery(arg1: String!): [CustomType!]! @function(name: "exampleFunc") @auth(rules: [{allow: groups, groups: ["Admin", "User"]}])
534+
exampleAdminOnlyQuery(arg1: String!): [CustomType!]! @function(name: "exampleFunc") @auth(rules: [{allow: groups, groups: ["Admin"]}])
535+
}"
536+
`;
537+
519538
exports[`model auth rules can specify an owner identityClaim 1`] = `
520539
"type widget @model @auth(rules: [{allow: owner, ownerField: "owner", identityClaim: "user_id"}])
521540
{

packages/data-schema/src/SchemaProcessor.ts

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -896,6 +896,8 @@ function mapToNativeAppSyncAuthDirectives(
896896
) {
897897
const rules = new Set<string>();
898898

899+
const groupProvider: Map<string, Set<string>> = new Map();
900+
899901
for (const entry of authorization) {
900902
const rule = accessData(entry);
901903

@@ -904,17 +906,25 @@ function mapToNativeAppSyncAuthDirectives(
904906
const provider = getAppSyncAuthDirectiveFromRule(rule);
905907

906908
if (rule.groups) {
907-
// example: (cognito_groups: ["Bloggers", "Readers"])
909+
if(!groupProvider.has(provider)) {
910+
groupProvider.set(provider, new Set());
911+
};
912+
rule.groups.forEach((group) => groupProvider.get(provider)?.add(group));
913+
} else {
914+
rules.add(provider);
915+
}
916+
917+
groupProvider.forEach((groups, provider) => {
908918
rules.add(
909-
`${provider}(cognito_groups: [${rule.groups
919+
`${provider}(cognito_groups: [${Array.from(groups)
910920
.map((group) => `"${group}"`)
911921
.join(', ')}])`,
912922
);
913-
} else {
914-
rules.add(provider);
915-
}
923+
// example: (cognito_groups: ["Bloggers", "Readers"])
924+
})
916925
}
917926

927+
918928
const authString = [...rules].join(' ');
919929

920930
return { authString };

0 commit comments

Comments
 (0)