amplify-category-api icon indicating copy to clipboard operation
amplify-category-api copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

Sample Data Access Pattern - Simple strategy or VTL Mod necessary?

Open charlieforward9 opened this issue 1 year ago • 15 comments

Amplify CLI Version

12.10.1

Question

originally posted in Amplify Discord help channel

Most of my data models conform to this auth strategy

# Access to everything
{ allow: groups, groups: ["RootAdmin"] } 
# Authenticated users can see what they own
{ allow: owner, ownerField: "owners", operations: [create, update, read] } 
# Custom access to sample data when not authenticated
{ allow: custom, provider: function, operations: [read] }

I need Authenticated users to see the sample data. All the sample data has owners: "ALL" attached. The custom Lambda authorizer checks for this for unauthenticated users. However, with userPool authentication, I cannot run that through the custom lambda. Instead I have to modify the VTL resolver. (I think?)

With this strategy, I would need to modify ALL of my auth resolvers to allow access to sample private data by initializing the authFilter array with {contains: "ALL"}, in order to search owners for "ALL" when using userPools auth strategy.

What is the best way to modify all of my (45) auth VTL files? Or, is there a better approach?

charlieforward9 avatar Apr 04 '24 15:04 charlieforward9