By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Need help with "@auth" for iOS app in React Native

0

I have the following schema.graphql in an AWS Amplify react-native iOS project:

type NCareReceiver
  @model
  @aws_cognito_user_pools
  @auth(rules: [{ allow: groups, groupsField: "group", operations: [read, create, update, delete] }]) {
  id: ID!
  details: String
  group: NGroup @hasOne
}

type NGroup
  @model
  @aws_cognito_user_pools
  @auth(rules: [{ allow: owner, ownerField: "owner", operations: [read, create, update, delete] }, { allow: public, operations: [read] }]) {
  id: ID!
  name: String
  owner: [String]
}

My goal is to have rows in NCareReceiver to only be accessible by the owners listed in the matching NGroup entry.

For example, I can have an NGroup row as:

    id: 123
    name: 'My row'
    owner: ['my-guid']

My NCareReceiver would be:

    id: 456
    details: 'My details'
    group: points to row above

When I query using either AppSync or DataStore, I am able to get the appropriate rows in NGroup where my user is listed in "owner" field. However whenever I query "NCareReceiver" I never get any data back. No error, and no data.

What am I missing to have dynamic groups work correctly?

Thanks, AlexK

Topics
ServerlessFront-End Web & MobileApplication Integration
Tags
AWS AppSyncAWS Amplify
Language
English
AlexK
asked a month ago190 views
1 Answer
0

Your issue with the @auth directive in AWS Amplify for your React Native iOS app seems related to the setup of dynamic groups and their alignment with AWS Cognito User Pools. To solve :

  • Confirm your @auth rules in the GraphQL schema correctly reflect the intended access patterns. For NCareReceiver, ensure the group aligns with the correct user group in Cognito.
  • Verify your AWS Cognito settings, ensuring users are correctly assigned to groups and these groups correspond to what's defined in your NGroup and NCareReceiver types.
  • Check for any global authorization rules that might override your specific model-level rules.
profile picture
EXPERT
Sedat Salman
answered a month ago
profile picture
EXPERT
Giovanni Lauria
reviewed 24 days ago
  • AlexK
    a month ago

    Thanks for your answer. Do you mean that the group names in my NGroup table need to also be in Cognito?

    What I want to achieve is a list of dynamic groups that can have a list of users who have access to certain rows in the NCareReceiver table.

    I have gotten "owner" to work in a table where only the list of "owners" have access to the rows they added (and only the rows they added). What I want to achieve is abstracting the "owner" from the main table and putting it in a secondary (group) table so that I only need to update in one place (I plan to have many tables refer to the same group).

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content