Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Need help with "@auth" for iOS app in React Native

0

I have the following schema.graphql in an AWS Amplify react-native iOS project:

type NCareReceiver
  @model
  @aws_cognito_user_pools
  @auth(rules: [{ allow: groups, groupsField: "group", operations: [read, create, update, delete] }]) {
  id: ID!
  details: String
  group: NGroup @hasOne
}

type NGroup
  @model
  @aws_cognito_user_pools
  @auth(rules: [{ allow: owner, ownerField: "owner", operations: [read, create, update, delete] }, { allow: public, operations: [read] }]) {
  id: ID!
  name: String
  owner: [String]
}

My goal is to have rows in NCareReceiver to only be accessible by the owners listed in the matching NGroup entry.

For example, I can have an NGroup row as:

    id: 123
    name: 'My row'
    owner: ['my-guid']

My NCareReceiver would be:

    id: 456
    details: 'My details'
    group: points to row above

When I query using either AppSync or DataStore, I am able to get the appropriate rows in NGroup where my user is listed in "owner" field. However whenever I query "NCareReceiver" I never get any data back. No error, and no data.

What am I missing to have dynamic groups work correctly?

Thanks, AlexK

Temas
Sin servidorWeb y móvil front-endIntegración de aplicaciones
Etiquetas
AWS AppSyncAWS Amplify
Idioma
English
AlexK
preguntada hace 2 meses200 visualizaciones
1 Respuesta
0

Your issue with the @auth directive in AWS Amplify for your React Native iOS app seems related to the setup of dynamic groups and their alignment with AWS Cognito User Pools. To solve :

  • Confirm your @auth rules in the GraphQL schema correctly reflect the intended access patterns. For NCareReceiver, ensure the group aligns with the correct user group in Cognito.
  • Verify your AWS Cognito settings, ensuring users are correctly assigned to groups and these groups correspond to what's defined in your NGroup and NCareReceiver types.
  • Check for any global authorization rules that might override your specific model-level rules.
profile picture
EXPERTO
Sedat Salman
respondido hace 2 meses
profile picture
EXPERTO
Giovanni Lauria
revisado hace un mes
  • AlexK
    hace 2 meses

    Thanks for your answer. Do you mean that the group names in my NGroup table need to also be in Cognito?

    What I want to achieve is a list of dynamic groups that can have a list of users who have access to certain rows in the NCareReceiver table.

    I have gotten "owner" to work in a table where only the list of "owners" have access to the rows they added (and only the rows they added). What I want to achieve is abstracting the "owner" from the main table and putting it in a secondary (group) table so that I only need to update in one place (I plan to have many tables refer to the same group).

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante