Skip to content

Commit a0182df

Browse files
authored
fix: Multiple custom operation group auth definition of custom type (revisited) (#575)
1 parent 551be72 commit a0182df

File tree

6 files changed

+85
-11
lines changed

6 files changed

+85
-11
lines changed

.changeset/silly-toes-stare.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
'@aws-amplify/data-schema': patch
3+
---
4+
5+
fix duplicate authorizations for custom types used in multiple custom operations

packages/data-schema/__tests__/CustomOperations.test.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1841,7 +1841,7 @@ describe('custom operations + custom type auth inheritance', () => {
18411841
expect(result).toMatchSnapshot();
18421842
expect(result).toEqual(
18431843
expect.stringContaining(
1844-
'type QueryReturn @aws_api_key @aws_cognito_user_pools @aws_cognito_user_pools(cognito_groups: ["admin", "superAdmin"]) @aws_iam',
1844+
'type QueryReturn @aws_api_key @aws_cognito_user_pools @aws_iam @aws_cognito_user_pools(cognito_groups: ["admin", "superAdmin"])',
18451845
),
18461846
);
18471847
});

packages/data-schema/__tests__/ModelType.test.ts

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -231,6 +231,57 @@ describe('model auth rules', () => {
231231
expect(graphql).toMatchSnapshot();
232232
});
233233

234+
it(`can deduplicate authorization prevent errors from auth defined by multiple custom operations`, () => {
235+
const schema = a.schema({
236+
CustomType: a.customType({
237+
id: a.string().required(),
238+
name: a.string().required(),
239+
}),
240+
getSomething: a
241+
.query()
242+
.arguments({
243+
arg1: a.string().required(),
244+
})
245+
.returns(a.ref("CustomType").required().array().required())
246+
.handler(a.handler.function('exampleFunc'))
247+
.authorization((allow) => [
248+
allow.group("Admin"),
249+
allow.publicApiKey(),
250+
allow.authenticated(),
251+
allow.guest(),
252+
allow.authenticated('identityPool')
253+
]),
254+
getSomething2: a
255+
.query()
256+
.arguments({
257+
arg1: a.string().required(),
258+
})
259+
.returns(a.ref("CustomType").required().array().required())
260+
.handler(a.handler.function('exampleFunc'))
261+
.authorization((allow) => [
262+
allow.groups(["Admin", 'User']),
263+
allow.publicApiKey(),
264+
]),
265+
getSomething3: a
266+
.query()
267+
.arguments({
268+
arg1: a.string().required(),
269+
})
270+
.returns(a.ref("CustomType").required().array().required())
271+
.handler(a.handler.function('exampleFunc'))
272+
.authorization((allow) => [allow.groups(["Admin", "User"])])
273+
});
274+
275+
const graphql = schema.transform().schema;
276+
expect(graphql).toMatchSnapshot();
277+
278+
expect(graphql).toEqual(
279+
expect.stringContaining(
280+
'type CustomType @aws_api_key @aws_cognito_user_pools @aws_iam @aws_cognito_user_pools(cognito_groups: ["Admin", "User"])',
281+
),
282+
);
283+
});
284+
234285
it(`can create a "multiple owners" rule on an implied (auto-created) field`, () => {
235286
const schema = a.schema({
236287
widget: a

packages/data-schema/__tests__/__snapshots__/CustomOperations.test.ts.snap

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -970,7 +970,7 @@ type Query {
970970
`;
971971

972972
exports[`custom operations + custom type auth inheritance op returns top-level custom type with all supported auth modes 1`] = `
973-
"type QueryReturn @aws_api_key @aws_cognito_user_pools @aws_cognito_user_pools(cognito_groups: ["admin", "superAdmin"]) @aws_iam
973+
"type QueryReturn @aws_api_key @aws_cognito_user_pools @aws_iam @aws_cognito_user_pools(cognito_groups: ["admin", "superAdmin"])
974974
{
975975
fieldA: String
976976
fieldB: Int

packages/data-schema/__tests__/__snapshots__/ModelType.test.ts.snap

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -136,6 +136,25 @@ exports[`model auth rules can create a static Admins group rule 1`] = `
136136
}"
137137
`;
138138

139+
exports[`model auth rules can deduplicate authorization prevent errors from auth defined by multiple custom operations 1`] = `
140+
"type CustomType @aws_api_key @aws_cognito_user_pools @aws_iam @aws_cognito_user_pools(cognito_groups: ["Admin", "User"])
141+
{
142+
id: String!
143+
name: String!
144+
}
145+
146+
type Query {
147+
getSomething(arg1: String!): [CustomType!]! @function(name: "exampleFunc") @auth(rules: [{allow: groups, groups: ["Admin"]},
148+
{allow: public, provider: apiKey},
149+
{allow: private},
150+
{allow: public, provider: iam},
151+
{allow: private, provider: iam}])
152+
getSomething2(arg1: String!): [CustomType!]! @function(name: "exampleFunc") @auth(rules: [{allow: groups, groups: ["Admin", "User"]},
153+
{allow: public, provider: apiKey}])
154+
getSomething3(arg1: String!): [CustomType!]! @function(name: "exampleFunc") @auth(rules: [{allow: groups, groups: ["Admin", "User"]}])
155+
}"
156+
`;
157+
139158
exports[`model auth rules can define a custom authorization rule 1`] = `
140159
"type Widget @model @auth(rules: [{allow: custom}])
141160
{

packages/data-schema/src/SchemaProcessor.ts

Lines changed: 8 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -913,17 +913,16 @@ function mapToNativeAppSyncAuthDirectives(
913913
} else {
914914
rules.add(provider);
915915
}
916-
917-
groupProvider.forEach((groups, provider) => {
918-
rules.add(
919-
`${provider}(cognito_groups: [${Array.from(groups)
920-
.map((group) => `"${group}"`)
921-
.join(', ')}])`,
922-
);
923-
// example: (cognito_groups: ["Bloggers", "Readers"])
924-
})
925916
}
926917

918+
groupProvider.forEach((groups, provider) => {
919+
rules.add(
920+
`${provider}(cognito_groups: [${Array.from(groups)
921+
.map((group) => `"${group}"`)
922+
.join(', ')}])`,
923+
);
924+
// example: (cognito_groups: ["Bloggers", "Readers"])
925+
})
927926

928927
const authString = [...rules].join(' ');
929928

0 commit comments

Comments
 (0)