amplify-category-api icon indicating copy to clipboard operation
amplify-category-api copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

support configuring data access for specific operations

Open josefaidt opened this issue 1 year ago • 2 comments

Environment information

System:
  OS: macOS 14.6.1
  CPU: (10) arm64 Apple M1 Pro
  Memory: 225.25 MB / 32.00 GB
  Shell: /opt/homebrew/bin/fish
Binaries:
  Node: 20.16.0 - ~/.local/state/fnm_multishells/28867_1724346485912/bin/node
  Yarn: undefined - undefined
  npm: 10.8.1 - ~/.local/state/fnm_multishells/28867_1724346485912/bin/npm
  pnpm: 9.7.0 - ~/.local/state/fnm_multishells/28867_1724346485912/bin/pnpm
NPM Packages:
  @aws-amplify/auth-construct: Not Found
  @aws-amplify/backend: 1.1.1
  @aws-amplify/backend-auth: Not Found
  @aws-amplify/backend-cli: 1.2.4
  @aws-amplify/backend-data: Not Found
  @aws-amplify/backend-deployer: Not Found
  @aws-amplify/backend-function: Not Found
  @aws-amplify/backend-output-schemas: Not Found
  @aws-amplify/backend-output-storage: Not Found
  @aws-amplify/backend-secret: Not Found
  @aws-amplify/backend-storage: Not Found
  @aws-amplify/cli-core: Not Found
  @aws-amplify/client-config: Not Found
  @aws-amplify/deployed-backend-client: Not Found
  @aws-amplify/form-generator: Not Found
  @aws-amplify/model-generator: Not Found
  @aws-amplify/platform-core: Not Found
  @aws-amplify/plugin-types: Not Found
  @aws-amplify/sandbox: Not Found
  @aws-amplify/schema-generator: Not Found
  aws-amplify: 6.5.2
  aws-cdk: 2.154.0
  aws-cdk-lib: 2.154.0
  typescript: 5.5.4
AWS environment variables:
  AWS_PROFILE = josef
  AWS_REGION = us-east-1
  AWS_STS_REGIONAL_ENDPOINTS = regional
  AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
  AWS_SDK_LOAD_CONFIG = 1
No CDK environment variables

Description

I have a post confirmation auth trigger that I would like to use to create a UserProfile model when a user signs up.

const schema = a
  .schema({
    UserProfile: a
      .model({
        displayName: a.string(),
      })
      .authorization((allow) => [allow.owner().to(["read"])]),
  })
  .authorization((allow) => [
    allow.resource(postConfirmation).to(["query", "mutate", "listen"]),
  ])

Today I can configure access to "query", "mutate", or "listen", but in this case I would like to configure the function to only be allowed to execute the createUserProfile mutation

const schema = a.schema({
  UserProfile: a
    .model({
      displayName: a.string(),
    })
    .authorization((allow) => [
      allow.owner().to(["read"]),
      allow.resource(postConfirmation).to(["create"]),
    ]),
})

josefaidt avatar Aug 23 '24 15:08 josefaidt