amplify-backend icon indicating copy to clipboard operation
amplify-backend copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

Enable `allow.ownerDefinedIn` to reference parent models' fields

Open concavegit opened this issue 7 months ago • 1 comments

Environment information

System:
  OS: macOS 15.3.2
  CPU: (8) arm64 Apple M2
  Memory: 912.20 MB / 24.00 GB
  Shell: /bin/zsh
Binaries:
  Node: 23.10.0 - /opt/homebrew/bin/node
  Yarn: undefined - undefined
  npm: 10.9.2 - /opt/homebrew/bin/npm
  pnpm: undefined - undefined
NPM Packages:
  @aws-amplify/auth-construct: 1.7.0
  @aws-amplify/backend: 1.15.0
  @aws-amplify/backend-ai: Not Found
  @aws-amplify/backend-auth: 1.6.0
  @aws-amplify/backend-cli: 1.5.0
  @aws-amplify/backend-data: 1.5.0
  @aws-amplify/backend-deployer: 1.1.20
  @aws-amplify/backend-function: 1.13.0
  @aws-amplify/backend-output-schemas: 1.5.0
  @aws-amplify/backend-output-storage: 1.2.0
  @aws-amplify/backend-secret: 1.3.0
  @aws-amplify/backend-storage: 1.3.0
  @aws-amplify/cli-core: 1.4.1
  @aws-amplify/client-config: 1.6.0
  @aws-amplify/data-construct: 1.16.1
  @aws-amplify/data-schema: 1.16.1
  @aws-amplify/deployed-backend-client: 1.5.2
  @aws-amplify/form-generator: 1.0.5
  @aws-amplify/model-generator: 1.1.0
  @aws-amplify/platform-core: 1.7.0
  @aws-amplify/plugin-types: 1.8.1
  @aws-amplify/sandbox: 1.2.12
  @aws-amplify/schema-generator: 1.2.8
  aws-amplify: 6.14.2
  aws-cdk: 2.1010.0
  aws-cdk-lib: 2.190.0
  typescript: 5.8.3
No AWS environment variables
No CDK environment variables

Describe the feature

Amplify data authentication should allow owners to be defined in a parent model, like

const userModel = a.model({
    userName: a.string(),
    friends: a.id().array()
    images: a.hasMany("imageModel", "imageOwnerId")
})

const imageModel = a.model({
    imageOwnerId: a.id(),
    imageOwner: a.belongsTo("userModel", "images")
})
// Use "imageOwner.friends" to access the friends list in the parent model
.authorization((allow) => [allow.ownerDefinedIn("imageOwner.friends").to(["read"]))]

Use case

I am making a social platform where users can share images with their friends. I want to be able to make my imageModel readable by the user's friends. The easiest way I see to do this right now is to have the users' list of friends in both my userModel and imageModel so that I can use allow.ownersDefinedIn("imageFriendsField").to(["read"]), but that requires replicating the list of friends for every image owned by a user.

A better experience would be to support syntax like allow.ownersDefinedin("imageOwnerField.ownerFriendField") which would resolve the friends list by checking the ownerFriendField in the parent userModel referenced by imageOwnerField.

I would use a custom lambda authorizer but custom lambda authorizers aren't supported in Swift

concavegit avatar Apr 23 '25 02:04 concavegit

Hey @concavegit, Thanks for raising this. We have marked this as a feature request for the team to evaluate further.

AnilMaktala avatar Apr 23 '25 17:04 AnilMaktala