Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Amplify @auth rule require multiple group membership

0

Is it possible to have auth rules requiring authenticated users to belong to multiple groups? For example "allow users who are in 'Tenant N' AND who are 'Editors'".

Our models are currently similar to this:

type MyModel
  @model
  @auth(rules: [
    { allow: owner },
    { allow: groups, groupsField: "tenantID" },
  ])
{
  id: ID!
  tenantID: String!
}

So using static group auth doesn't work for us:

type MyModel
  @model
  @auth(rules: [
    { allow: groups, groups: ["DynamicTenantId", "Editor"] }
  ])
{
  id: ID!
  tenantID: String!
}

Because tenantID is a dynamic value, we need to use dynamic group auth instead:

type MyModel
  @model
  @auth(rules: [
    { allow: owner },
    { allow: groups, groupsField: "tenantID" },
    { allow: groups, group: "Editor" },
  ])
{
  id: ID!
  tenantID: String!
}

But this doesn't work because it's an "OR", saying "allow anyone in the tenant OR anyone with the 'Editor' group".

Updating our models to use single dynamic group auth field doesn't work either:

type MyModel
  @model
  @auth(rules: [
    { allow: owner },
    { allow: groups, groupsField: "allowGroups" },
  ])
{
  id: ID!
  allowGroups: [String] # ['DynamicTenantId', 'Editor']
}

Because this an "OR" too, saying "allow anyone in the tenant OR anyone with the 'Editor' group".

Are there any other options, aside from a custom authenticator, to require multiple group membership?

Temas
Web y móvil front-end
Etiquetas
AWS Amplify
Idioma
English
flashbackzoo
preguntada hace 2 años69 visualizaciones
No hay respuestas

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante