@aws-amplify/data-schema 0.18.1 → 0.18.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/Authorization.js +17 -17
- package/dist/cjs/Authorization.js.map +1 -1
- package/dist/cjs/SchemaProcessor.js +27 -6
- package/dist/cjs/SchemaProcessor.js.map +1 -1
- package/dist/cjs/runtime/internals/APIClient.js +6 -2
- package/dist/cjs/runtime/internals/APIClient.js.map +1 -1
- package/dist/esm/Authorization.d.ts +16 -16
- package/dist/esm/Authorization.mjs +17 -17
- package/dist/esm/Authorization.mjs.map +1 -1
- package/dist/esm/ModelType.d.ts +20 -5
- package/dist/esm/SchemaProcessor.mjs +27 -6
- package/dist/esm/SchemaProcessor.mjs.map +1 -1
- package/dist/esm/runtime/bridge-types.d.ts +1 -1
- package/dist/esm/runtime/client/index.d.ts +15 -12
- package/dist/esm/runtime/internals/APIClient.mjs +6 -2
- package/dist/esm/runtime/internals/APIClient.mjs.map +1 -1
- package/dist/meta/cjs.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/src/Authorization.ts +17 -17
- package/src/ModelType.ts +44 -14
- package/src/SchemaProcessor.ts +42 -4
- package/src/runtime/bridge-types.ts +1 -0
- package/src/runtime/client/index.ts +46 -14
- package/src/runtime/internals/APIClient.ts +11 -2
|
@@ -8,11 +8,11 @@ const __data = Symbol('data');
|
|
|
8
8
|
*
|
|
9
9
|
* This list should not be used if you need to restrict available providers
|
|
10
10
|
* according to an auth strategcy. E.g., `public` auth can only be facilitated
|
|
11
|
-
* by `apiKey` and `
|
|
11
|
+
* by `apiKey` and `identityPool` providers.
|
|
12
12
|
*/
|
|
13
13
|
exports.Providers = [
|
|
14
14
|
'apiKey',
|
|
15
|
-
'
|
|
15
|
+
'identityPool',
|
|
16
16
|
'userPools',
|
|
17
17
|
'oidc',
|
|
18
18
|
'function',
|
|
@@ -20,11 +20,11 @@ exports.Providers = [
|
|
|
20
20
|
/**
|
|
21
21
|
* The subset of auth providers that can facilitate `public` auth.
|
|
22
22
|
*/
|
|
23
|
-
exports.PublicProviders = ['apiKey', '
|
|
23
|
+
exports.PublicProviders = ['apiKey', 'identityPool'];
|
|
24
24
|
/**
|
|
25
25
|
* The subset of auth providers that can facilitate `private` auth.
|
|
26
26
|
*/
|
|
27
|
-
exports.PrivateProviders = ['userPools', 'oidc', '
|
|
27
|
+
exports.PrivateProviders = ['userPools', 'oidc', 'identityPool'];
|
|
28
28
|
/**
|
|
29
29
|
* The subset of auth providers that can facilitate `owner` auth.
|
|
30
30
|
*/
|
|
@@ -116,7 +116,7 @@ function authData(defaults, builderMethods) {
|
|
|
116
116
|
}
|
|
117
117
|
/**
|
|
118
118
|
* Defines an authorization rule for your data models and fields. First choose an authorization strategy (`public`,
|
|
119
|
-
* `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `
|
|
119
|
+
* `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `identitypool`, `userPools`, `oidc`, or `function`)
|
|
120
120
|
* and optionally use `.to(...)` to specify the operations that can be performed against your data models and fields.
|
|
121
121
|
*/
|
|
122
122
|
exports.allow = {
|
|
@@ -133,21 +133,21 @@ exports.allow = {
|
|
|
133
133
|
});
|
|
134
134
|
},
|
|
135
135
|
/**
|
|
136
|
-
* Authorize unauthenticated users by using
|
|
136
|
+
* Authorize unauthenticated users by using IDENTITYPOOL based authorization.
|
|
137
137
|
* @returns an authorization rule for unauthenticated users
|
|
138
138
|
*/
|
|
139
139
|
guest() {
|
|
140
140
|
return authData({
|
|
141
141
|
strategy: 'public',
|
|
142
|
-
provider: '
|
|
142
|
+
provider: 'identityPool',
|
|
143
143
|
}, {
|
|
144
144
|
to,
|
|
145
145
|
});
|
|
146
146
|
},
|
|
147
147
|
/**
|
|
148
|
-
* Authorize authenticated users. By default, `.
|
|
149
|
-
* use `.authenticated("
|
|
150
|
-
* @param provider the authentication provider - supports "userPools", "
|
|
148
|
+
* Authorize authenticated users. By default, `.authenticated()` uses an Amazon Cognito user pool based authorization. You can additionally
|
|
149
|
+
* use `.authenticated("identityPool")` or `.authenticated("oidc")` to use identityPool or OIDC based authorization for authenticated users.
|
|
150
|
+
* @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
|
|
151
151
|
* @returns an authorization rule for authenticated users
|
|
152
152
|
*/
|
|
153
153
|
authenticated(provider) {
|
|
@@ -171,7 +171,7 @@ exports.allow = {
|
|
|
171
171
|
* To change the specific claim that should be used as the user identifier within the owner field, chain the
|
|
172
172
|
* `.identityClaim(...)` method.
|
|
173
173
|
*
|
|
174
|
-
* @param provider the authentication provider - supports "userPools", "
|
|
174
|
+
* @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
|
|
175
175
|
* @returns an authorization rule for authenticated users
|
|
176
176
|
*/
|
|
177
177
|
owner(provider) {
|
|
@@ -195,7 +195,7 @@ exports.allow = {
|
|
|
195
195
|
* `.identityClaim(...)` method.
|
|
196
196
|
*
|
|
197
197
|
* @param ownerField the field that contains the owner information
|
|
198
|
-
* @param provider the authentication provider - supports "userPools", "
|
|
198
|
+
* @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
|
|
199
199
|
* @returns an authorization rule for authenticated users
|
|
200
200
|
*/
|
|
201
201
|
ownerDefinedIn(ownerField, provider) {
|
|
@@ -223,7 +223,7 @@ exports.allow = {
|
|
|
223
223
|
* `.identityClaim(...)` method.
|
|
224
224
|
*
|
|
225
225
|
* @param ownersField the field that contains the owners information
|
|
226
|
-
* @param provider the authentication provider - supports "userPools", "
|
|
226
|
+
* @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
|
|
227
227
|
* @returns an authorization rule for authenticated users
|
|
228
228
|
*/
|
|
229
229
|
ownersDefinedIn(ownersField, provider) {
|
|
@@ -366,19 +366,19 @@ exports.allowForCustomOperations = {
|
|
|
366
366
|
}, {});
|
|
367
367
|
},
|
|
368
368
|
/**
|
|
369
|
-
* Authorize unauthenticated users by using
|
|
369
|
+
* Authorize unauthenticated users by using identityPool based authorization.
|
|
370
370
|
* @returns an authorization rule for unauthenticated users
|
|
371
371
|
*/
|
|
372
372
|
guest() {
|
|
373
373
|
return authData({
|
|
374
374
|
strategy: 'public',
|
|
375
|
-
provider: '
|
|
375
|
+
provider: 'identityPool',
|
|
376
376
|
}, {});
|
|
377
377
|
},
|
|
378
378
|
/**
|
|
379
379
|
* Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally
|
|
380
|
-
* use `.authenticated("
|
|
381
|
-
* @param provider the authentication provider - supports "userPools", "
|
|
380
|
+
* use `.authenticated("identityPool")` or `.authenticated("oidc")` to use Identity Pool or OIDC based authorization for authenticated users.
|
|
381
|
+
* @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
|
|
382
382
|
* @returns an authorization rule for authenticated users
|
|
383
383
|
*/
|
|
384
384
|
authenticated(provider) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Authorization.js","sources":["../../src/Authorization.ts"],"sourcesContent":["\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.accessSchemaData = exports.accessData = exports.allowForCustomOperations = exports.allow = exports.ResourceOperations = exports.Operations = exports.Strategies = exports.CustomProviders = exports.GroupProviders = exports.OwnerProviders = exports.PrivateProviders = exports.PublicProviders = exports.Providers = void 0;\nconst __data = Symbol('data');\n/**\n * All possible providers.\n *\n * This list should not be used if you need to restrict available providers\n * according to an auth strategcy. E.g., `public` auth can only be facilitated\n * by `apiKey` and `iam` providers.\n */\nexports.Providers = [\n 'apiKey',\n 'iam',\n 'userPools',\n 'oidc',\n 'function',\n];\n/**\n * The subset of auth providers that can facilitate `public` auth.\n */\nexports.PublicProviders = ['apiKey', 'iam'];\n/**\n * The subset of auth providers that can facilitate `private` auth.\n */\nexports.PrivateProviders = ['userPools', 'oidc', 'iam'];\n/**\n * The subset of auth providers that can facilitate `owner` auth.\n */\nexports.OwnerProviders = ['userPools', 'oidc'];\n/**\n * The subset of auth providers that can facilitate `group` auth.\n */\nexports.GroupProviders = ['userPools', 'oidc'];\n/**\n * The subset of auth providers that can facilitate `custom` auth.\n */\nexports.CustomProviders = ['function'];\nexports.Strategies = [\n 'public',\n 'private',\n 'owner',\n 'groups',\n 'custom',\n];\n/**\n * The operations that can be performed against an API.\n */\nexports.Operations = [\n 'create',\n 'update',\n 'delete',\n 'read',\n 'get',\n 'list',\n 'sync',\n 'listen',\n 'search',\n];\n/**\n * The operations that can be performed against an API by a Lambda function.\n */\nexports.ResourceOperations = ['query', 'mutate', 'listen'];\n/**\n * Creates a shallow copy of an object with an individual field pruned away.\n *\n * @param original The original object to prune.\n * @param without The field to prune.\n * @returns The pruned object.\n */\nfunction omit(original, without) {\n const pruned = { ...original };\n delete pruned[without];\n return pruned;\n}\nfunction to(operations) {\n this[__data].operations = operations;\n return omit(this, 'to');\n}\n/**\n * Specifies a property of the identity JWT to use in place of `sub::username`\n * as the value to match against the owner field for authorization.\n *\n * @param this Authorization object to operate against.\n * @param property A property of identity JWT.\n * @returns A copy of the Authorization object with the claim attached.\n */\nfunction identityClaim(property) {\n this[__data].identityClaim = property;\n return omit(this, 'identityClaim');\n}\nfunction withClaimIn(property) {\n this[__data].groupClaim = property;\n return omit(this, 'withClaimIn');\n}\nfunction validateProvider(needle, haystack) {\n if (needle && !haystack.includes(needle)) {\n throw new Error(`Invalid provider (${needle}) given!`);\n }\n}\nfunction authData(defaults, builderMethods) {\n return {\n [__data]: {\n strategy: 'public',\n provider: undefined,\n operations: undefined,\n groupOrOwnerField: undefined,\n multiOwner: false,\n identityClaim: undefined,\n groups: undefined,\n ...defaults,\n },\n ...builderMethods,\n };\n}\n/**\n * Defines an authorization rule for your data models and fields. First choose an authorization strategy (`public`,\n * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `iam`, `userPools`, `oidc`, or `function`)\n * and optionally use `.to(...)` to specify the operations that can be performed against your data models and fields.\n */\nexports.allow = {\n /**\n * Authorize unauthenticated users by using API key based authorization.\n * @returns an authorization rule for unauthenticated users\n */\n publicApiKey() {\n return authData({\n strategy: 'public',\n provider: 'apiKey',\n }, {\n to,\n });\n },\n /**\n * Authorize unauthenticated users by using IAM based authorization.\n * @returns an authorization rule for unauthenticated users\n */\n guest() {\n return authData({\n strategy: 'public',\n provider: 'iam',\n }, {\n to,\n });\n },\n /**\n * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.authenticated(\"iam\")` or `.authenticated(\"oidc\")` to use IAM or OIDC based authorization for authenticated users.\n * @param provider the authentication provider - supports \"userPools\", \"iam\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n */\n authenticated(provider) {\n validateProvider(provider, exports.PrivateProviders);\n return authData({\n strategy: 'private',\n provider,\n }, {\n to,\n });\n },\n /**\n * Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new `owner: a.string()`\n * field will be added to the model to store which user \"owns\" the item. Upon item creation, the \"owner field\" is\n * auto-populated with the authenticated user's information. If you want to specify which field should be used as\n * the owner field, you can use the `ownerDefinedIn` builder function instead.\n *\n * By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.owner(\"oidc\")` to use OIDC based authentication to designate the owner.\n *\n * To change the specific claim that should be used as the user identifier within the owner field, chain the\n * `.identityClaim(...)` method.\n *\n * @param provider the authentication provider - supports \"userPools\", \"iam\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n */\n owner(provider) {\n validateProvider(provider, exports.OwnerProviders);\n return authData({\n strategy: 'owner',\n provider,\n groupOrOwnerField: 'owner',\n }, {\n to,\n identityClaim,\n });\n },\n /**\n * Authorize access on a per-user (owner) basis with specifying which field should be used as the owner field.\n *\n * By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.ownerDefinedIn(\"owner\", \"oidc\")` to use OIDC based authentication to designate the owner.\n *\n * To change the specific claim that should be used as the user identifier within the owner field, chain the\n * `.identityClaim(...)` method.\n *\n * @param ownerField the field that contains the owner information\n * @param provider the authentication provider - supports \"userPools\", \"iam\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n */\n ownerDefinedIn(ownerField, provider) {\n validateProvider(provider, exports.OwnerProviders);\n return authData({\n strategy: 'owner',\n provider,\n groupOrOwnerField: ownerField,\n }, {\n to,\n identityClaim,\n });\n },\n /**\n * Authorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new `owners: a.string().array()`\n * field will be added to the model to store which users \"own\" the item. Upon item creation, the \"owners field\" is\n * auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the `owners` array.\n *\n * You can specify which field should be used as the owners field by passing the `ownersField` parameter.\n *\n * By default, `.ownersDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.ownersDefinedIn(\"owners\", \"oidc\")` to use OIDC based authentication to designate the owner.\n *\n * To change the specific claim that should be used as the user identifier within the owners field, chain the\n * `.identityClaim(...)` method.\n *\n * @param ownersField the field that contains the owners information\n * @param provider the authentication provider - supports \"userPools\", \"iam\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n */\n ownersDefinedIn(ownersField, provider) {\n validateProvider(provider, exports.OwnerProviders);\n return authData({\n strategy: 'owner',\n provider,\n groupOrOwnerField: ownersField,\n multiOwner: true,\n }, {\n to,\n identityClaim,\n });\n },\n /**\n * Authorize a specific user group. Provide the name of the specific user group to have access.\n *\n * By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n *\n * To change the specific claim that should be used as the user group identifier, chain the\n * `.withClaimIn(...)` method.\n * @param group the name of the group to authorize\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n group(group, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups: [group],\n }, {\n to,\n withClaimIn,\n });\n },\n /**\n * Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n *\n * By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n *\n * To change the specific claim that should be used as the user group identifier, chain the\n * `.withClaimIn(...)` method.\n * @param groups the names of the group to authorize defined as an array\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n groups(groups, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups,\n }, {\n to,\n withClaimIn,\n });\n },\n /**\n * Authorize if a user is part of a group defined in a data model field.\n *\n * By default, `.groupDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groupDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n *\n * To change the specific claim that should be used as the user group identifier within the groups field, chain the\n * `.withClaimIn(...)` method.\n * @param groupsField the field that should store the authorized user group information\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n groupDefinedIn(groupsField, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groupOrOwnerField: groupsField,\n }, {\n to,\n withClaimIn,\n });\n },\n /**\n * Authorize if a user is part of a one of the groups defined in a data model field.\n *\n * By default, `.groupsDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groupsDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n *\n * To change the specific claim that should be used as the user group identifier within the groups field, chain the\n * `.withClaimIn(...)` method.\n * @param groupsField the field that should store the list of authorized user groups\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n groupsDefinedIn(groupsField, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groupOrOwnerField: groupsField,\n multiOwner: true,\n }, {\n to,\n withClaimIn,\n });\n },\n custom(provider) {\n return authData({\n strategy: 'custom',\n provider,\n }, {\n to,\n });\n },\n resource(fn) {\n return resourceAuthData(fn, {\n to: resourceTo,\n });\n },\n};\n/**\n * This is a copy of the {@link allow} defined above, with modifications for custom operations.\n *\n * Removed builder methods:\n *\n * * `owner`\n * * `ownerDefinedIn`\n * * `ownersDefinedIn`\n * * `groupDefinedIn`\n * * `groupsDefinedIn`\n * * `resource`\n * * `.to()` builder method from each available rule builder\n */\nexports.allowForCustomOperations = {\n /**\n * Authorize unauthenticated users by using API key based authorization.\n * @returns an authorization rule for unauthenticated users\n */\n publicApiKey() {\n return authData({\n strategy: 'public',\n provider: 'apiKey',\n }, {});\n },\n /**\n * Authorize unauthenticated users by using IAM based authorization.\n * @returns an authorization rule for unauthenticated users\n */\n guest() {\n return authData({\n strategy: 'public',\n provider: 'iam',\n }, {});\n },\n /**\n * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.authenticated(\"iam\")` or `.authenticated(\"oidc\")` to use IAM or OIDC based authorization for authenticated users.\n * @param provider the authentication provider - supports \"userPools\", \"iam\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n */\n authenticated(provider) {\n validateProvider(provider, exports.PrivateProviders);\n return authData({\n strategy: 'private',\n provider,\n }, {});\n },\n /**\n * Authorize a specific user group. Provide the name of the specific user group to have access.\n *\n * By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n *\n * @param group the name of the group to authorize\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n group(group, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups: [group],\n }, {});\n },\n /**\n * Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n *\n * By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n *\n * @param groups the names of the group to authorize defined as an array\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n groups(groups, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups,\n }, {});\n },\n custom(provider) {\n return authData({\n strategy: 'custom',\n provider,\n }, {});\n },\n};\nfunction resourceTo(operations) {\n this[__data].operations = operations;\n return omit(this, 'to');\n}\nfunction resourceAuthData(resource, builderMethods) {\n return {\n [__data]: {\n strategy: 'resource',\n resource,\n },\n ...builderMethods,\n };\n}\nconst accessData = (authorization) => authorization[__data];\nexports.accessData = accessData;\n// TODO: delete when we make resource auth available at each level in the schema (model, field)\nconst accessSchemaData = (authorization) => authorization[__data];\nexports.accessSchemaData = accessSchemaData;\n"],"names":[],"mappings":";;AACA,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC9D,OAAO,CAAC,gBAAgB,GAAG,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,wBAAwB,GAAG,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,kBAAkB,GAAG,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,eAAe,GAAG,OAAO,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,GAAG,OAAO,CAAC,gBAAgB,GAAG,OAAO,CAAC,eAAe,GAAG,OAAO,CAAC,SAAS,GAAG,KAAK,CAAC,CAAC;AACtU,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,CAAC,SAAS,GAAG;AACpB,IAAI,QAAQ;AACZ,IAAI,KAAK;AACT,IAAI,WAAW;AACf,IAAI,MAAM;AACV,IAAI,UAAU;AACd,CAAC,CAAC;AACF;AACA;AACA;AACA,OAAO,CAAC,eAAe,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;AAC5C;AACA;AACA;AACA,OAAO,CAAC,gBAAgB,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;AACxD;AACA;AACA;AACA,OAAO,CAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;AAC/C;AACA;AACA;AACA,OAAO,CAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;AAC/C;AACA;AACA;AACA,OAAO,CAAC,eAAe,GAAG,CAAC,UAAU,CAAC,CAAC;AACvC,OAAO,CAAC,UAAU,GAAG;AACrB,IAAI,QAAQ;AACZ,IAAI,SAAS;AACb,IAAI,OAAO;AACX,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,CAAC,CAAC;AACF;AACA;AACA;AACA,OAAO,CAAC,UAAU,GAAG;AACrB,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,MAAM;AACV,IAAI,KAAK;AACT,IAAI,MAAM;AACV,IAAI,MAAM;AACV,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,CAAC,CAAC;AACF;AACA;AACA;AACA,OAAO,CAAC,kBAAkB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;AAC3D;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE;AACjC,IAAI,MAAM,MAAM,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;AACnC,IAAI,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;AAC3B,IAAI,OAAO,MAAM,CAAC;AAClB,CAAC;AACD,SAAS,EAAE,CAAC,UAAU,EAAE;AACxB,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC5B,CAAC;AACD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,aAAa,CAAC,QAAQ,EAAE;AACjC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,aAAa,GAAG,QAAQ,CAAC;AAC1C,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;AACvC,CAAC;AACD,SAAS,WAAW,CAAC,QAAQ,EAAE;AAC/B,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC;AACvC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;AACrC,CAAC;AACD,SAAS,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC5C,IAAI,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;AAC9C,QAAQ,MAAM,IAAI,KAAK,CAAC,CAAC,kBAAkB,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC/D,KAAK;AACL,CAAC;AACD,SAAS,QAAQ,CAAC,QAAQ,EAAE,cAAc,EAAE;AAC5C,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,UAAU,EAAE,SAAS;AACjC,YAAY,iBAAiB,EAAE,SAAS;AACxC,YAAY,UAAU,EAAE,KAAK;AAC7B,YAAY,aAAa,EAAE,SAAS;AACpC,YAAY,MAAM,EAAE,SAAS;AAC7B,YAAY,GAAG,QAAQ;AACvB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK,CAAC;AACN,CAAC;AACD;AACA;AACA;AACA;AACA;AACA,OAAO,CAAC,KAAK,GAAG;AAChB;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,KAAK;AAC3B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAC7D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,QAAQ,EAAE;AACpB,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;AAC3D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,OAAO;AACtC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,UAAU,EAAE,QAAQ,EAAE;AACzC,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;AAC3D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,UAAU;AACzC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;AAC3D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC1C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,QAAQ,CAAC,EAAE,EAAE;AACjB,QAAQ,OAAO,gBAAgB,CAAC,EAAE,EAAE;AACpC,YAAY,EAAE,EAAE,UAAU;AAC1B,SAAS,CAAC,CAAC;AACX,KAAK;AACL,CAAC,CAAC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,CAAC,wBAAwB,GAAG;AACnC;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,KAAK;AAC3B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAC7D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL,CAAC,CAAC;AACF,SAAS,UAAU,CAAC,UAAU,EAAE;AAChC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC5B,CAAC;AACD,SAAS,gBAAgB,CAAC,QAAQ,EAAE,cAAc,EAAE;AACpD,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,UAAU;AAChC,YAAY,QAAQ;AACpB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK,CAAC;AACN,CAAC;AACD,MAAM,UAAU,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC;AAC5D,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC;AAChC;AACA,MAAM,gBAAgB,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC;AAClE,OAAO,CAAC,gBAAgB,GAAG,gBAAgB;;"}
|
|
1
|
+
{"version":3,"file":"Authorization.js","sources":["../../src/Authorization.ts"],"sourcesContent":["\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.accessSchemaData = exports.accessData = exports.allowForCustomOperations = exports.allow = exports.ResourceOperations = exports.Operations = exports.Strategies = exports.CustomProviders = exports.GroupProviders = exports.OwnerProviders = exports.PrivateProviders = exports.PublicProviders = exports.Providers = void 0;\nconst __data = Symbol('data');\n/**\n * All possible providers.\n *\n * This list should not be used if you need to restrict available providers\n * according to an auth strategcy. E.g., `public` auth can only be facilitated\n * by `apiKey` and `identityPool` providers.\n */\nexports.Providers = [\n 'apiKey',\n 'identityPool',\n 'userPools',\n 'oidc',\n 'function',\n];\n/**\n * The subset of auth providers that can facilitate `public` auth.\n */\nexports.PublicProviders = ['apiKey', 'identityPool'];\n/**\n * The subset of auth providers that can facilitate `private` auth.\n */\nexports.PrivateProviders = ['userPools', 'oidc', 'identityPool'];\n/**\n * The subset of auth providers that can facilitate `owner` auth.\n */\nexports.OwnerProviders = ['userPools', 'oidc'];\n/**\n * The subset of auth providers that can facilitate `group` auth.\n */\nexports.GroupProviders = ['userPools', 'oidc'];\n/**\n * The subset of auth providers that can facilitate `custom` auth.\n */\nexports.CustomProviders = ['function'];\nexports.Strategies = [\n 'public',\n 'private',\n 'owner',\n 'groups',\n 'custom',\n];\n/**\n * The operations that can be performed against an API.\n */\nexports.Operations = [\n 'create',\n 'update',\n 'delete',\n 'read',\n 'get',\n 'list',\n 'sync',\n 'listen',\n 'search',\n];\n/**\n * The operations that can be performed against an API by a Lambda function.\n */\nexports.ResourceOperations = ['query', 'mutate', 'listen'];\n/**\n * Creates a shallow copy of an object with an individual field pruned away.\n *\n * @param original The original object to prune.\n * @param without The field to prune.\n * @returns The pruned object.\n */\nfunction omit(original, without) {\n const pruned = { ...original };\n delete pruned[without];\n return pruned;\n}\nfunction to(operations) {\n this[__data].operations = operations;\n return omit(this, 'to');\n}\n/**\n * Specifies a property of the identity JWT to use in place of `sub::username`\n * as the value to match against the owner field for authorization.\n *\n * @param this Authorization object to operate against.\n * @param property A property of identity JWT.\n * @returns A copy of the Authorization object with the claim attached.\n */\nfunction identityClaim(property) {\n this[__data].identityClaim = property;\n return omit(this, 'identityClaim');\n}\nfunction withClaimIn(property) {\n this[__data].groupClaim = property;\n return omit(this, 'withClaimIn');\n}\nfunction validateProvider(needle, haystack) {\n if (needle && !haystack.includes(needle)) {\n throw new Error(`Invalid provider (${needle}) given!`);\n }\n}\nfunction authData(defaults, builderMethods) {\n return {\n [__data]: {\n strategy: 'public',\n provider: undefined,\n operations: undefined,\n groupOrOwnerField: undefined,\n multiOwner: false,\n identityClaim: undefined,\n groups: undefined,\n ...defaults,\n },\n ...builderMethods,\n };\n}\n/**\n * Defines an authorization rule for your data models and fields. First choose an authorization strategy (`public`,\n * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `identitypool`, `userPools`, `oidc`, or `function`)\n * and optionally use `.to(...)` to specify the operations that can be performed against your data models and fields.\n */\nexports.allow = {\n /**\n * Authorize unauthenticated users by using API key based authorization.\n * @returns an authorization rule for unauthenticated users\n */\n publicApiKey() {\n return authData({\n strategy: 'public',\n provider: 'apiKey',\n }, {\n to,\n });\n },\n /**\n * Authorize unauthenticated users by using IDENTITYPOOL based authorization.\n * @returns an authorization rule for unauthenticated users\n */\n guest() {\n return authData({\n strategy: 'public',\n provider: 'identityPool',\n }, {\n to,\n });\n },\n /**\n * Authorize authenticated users. By default, `.authenticated()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.authenticated(\"identityPool\")` or `.authenticated(\"oidc\")` to use identityPool or OIDC based authorization for authenticated users.\n * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n */\n authenticated(provider) {\n validateProvider(provider, exports.PrivateProviders);\n return authData({\n strategy: 'private',\n provider,\n }, {\n to,\n });\n },\n /**\n * Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new `owner: a.string()`\n * field will be added to the model to store which user \"owns\" the item. Upon item creation, the \"owner field\" is\n * auto-populated with the authenticated user's information. If you want to specify which field should be used as\n * the owner field, you can use the `ownerDefinedIn` builder function instead.\n *\n * By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.owner(\"oidc\")` to use OIDC based authentication to designate the owner.\n *\n * To change the specific claim that should be used as the user identifier within the owner field, chain the\n * `.identityClaim(...)` method.\n *\n * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n */\n owner(provider) {\n validateProvider(provider, exports.OwnerProviders);\n return authData({\n strategy: 'owner',\n provider,\n groupOrOwnerField: 'owner',\n }, {\n to,\n identityClaim,\n });\n },\n /**\n * Authorize access on a per-user (owner) basis with specifying which field should be used as the owner field.\n *\n * By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.ownerDefinedIn(\"owner\", \"oidc\")` to use OIDC based authentication to designate the owner.\n *\n * To change the specific claim that should be used as the user identifier within the owner field, chain the\n * `.identityClaim(...)` method.\n *\n * @param ownerField the field that contains the owner information\n * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n */\n ownerDefinedIn(ownerField, provider) {\n validateProvider(provider, exports.OwnerProviders);\n return authData({\n strategy: 'owner',\n provider,\n groupOrOwnerField: ownerField,\n }, {\n to,\n identityClaim,\n });\n },\n /**\n * Authorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new `owners: a.string().array()`\n * field will be added to the model to store which users \"own\" the item. Upon item creation, the \"owners field\" is\n * auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the `owners` array.\n *\n * You can specify which field should be used as the owners field by passing the `ownersField` parameter.\n *\n * By default, `.ownersDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.ownersDefinedIn(\"owners\", \"oidc\")` to use OIDC based authentication to designate the owner.\n *\n * To change the specific claim that should be used as the user identifier within the owners field, chain the\n * `.identityClaim(...)` method.\n *\n * @param ownersField the field that contains the owners information\n * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n */\n ownersDefinedIn(ownersField, provider) {\n validateProvider(provider, exports.OwnerProviders);\n return authData({\n strategy: 'owner',\n provider,\n groupOrOwnerField: ownersField,\n multiOwner: true,\n }, {\n to,\n identityClaim,\n });\n },\n /**\n * Authorize a specific user group. Provide the name of the specific user group to have access.\n *\n * By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n *\n * To change the specific claim that should be used as the user group identifier, chain the\n * `.withClaimIn(...)` method.\n * @param group the name of the group to authorize\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n group(group, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups: [group],\n }, {\n to,\n withClaimIn,\n });\n },\n /**\n * Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n *\n * By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n *\n * To change the specific claim that should be used as the user group identifier, chain the\n * `.withClaimIn(...)` method.\n * @param groups the names of the group to authorize defined as an array\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n groups(groups, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups,\n }, {\n to,\n withClaimIn,\n });\n },\n /**\n * Authorize if a user is part of a group defined in a data model field.\n *\n * By default, `.groupDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groupDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n *\n * To change the specific claim that should be used as the user group identifier within the groups field, chain the\n * `.withClaimIn(...)` method.\n * @param groupsField the field that should store the authorized user group information\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n groupDefinedIn(groupsField, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groupOrOwnerField: groupsField,\n }, {\n to,\n withClaimIn,\n });\n },\n /**\n * Authorize if a user is part of a one of the groups defined in a data model field.\n *\n * By default, `.groupsDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groupsDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n *\n * To change the specific claim that should be used as the user group identifier within the groups field, chain the\n * `.withClaimIn(...)` method.\n * @param groupsField the field that should store the list of authorized user groups\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n groupsDefinedIn(groupsField, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groupOrOwnerField: groupsField,\n multiOwner: true,\n }, {\n to,\n withClaimIn,\n });\n },\n custom(provider) {\n return authData({\n strategy: 'custom',\n provider,\n }, {\n to,\n });\n },\n resource(fn) {\n return resourceAuthData(fn, {\n to: resourceTo,\n });\n },\n};\n/**\n * This is a copy of the {@link allow} defined above, with modifications for custom operations.\n *\n * Removed builder methods:\n *\n * * `owner`\n * * `ownerDefinedIn`\n * * `ownersDefinedIn`\n * * `groupDefinedIn`\n * * `groupsDefinedIn`\n * * `resource`\n * * `.to()` builder method from each available rule builder\n */\nexports.allowForCustomOperations = {\n /**\n * Authorize unauthenticated users by using API key based authorization.\n * @returns an authorization rule for unauthenticated users\n */\n publicApiKey() {\n return authData({\n strategy: 'public',\n provider: 'apiKey',\n }, {});\n },\n /**\n * Authorize unauthenticated users by using identityPool based authorization.\n * @returns an authorization rule for unauthenticated users\n */\n guest() {\n return authData({\n strategy: 'public',\n provider: 'identityPool',\n }, {});\n },\n /**\n * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.authenticated(\"identityPool\")` or `.authenticated(\"oidc\")` to use Identity Pool or OIDC based authorization for authenticated users.\n * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n * @returns an authorization rule for authenticated users\n */\n authenticated(provider) {\n validateProvider(provider, exports.PrivateProviders);\n return authData({\n strategy: 'private',\n provider,\n }, {});\n },\n /**\n * Authorize a specific user group. Provide the name of the specific user group to have access.\n *\n * By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n *\n * @param group the name of the group to authorize\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n group(group, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups: [group],\n }, {});\n },\n /**\n * Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n *\n * By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n *\n * @param groups the names of the group to authorize defined as an array\n * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n * @returns an authorization rule to grant access by a specific group\n */\n groups(groups, provider) {\n return authData({\n strategy: 'groups',\n provider,\n groups,\n }, {});\n },\n custom(provider) {\n return authData({\n strategy: 'custom',\n provider,\n }, {});\n },\n};\nfunction resourceTo(operations) {\n this[__data].operations = operations;\n return omit(this, 'to');\n}\nfunction resourceAuthData(resource, builderMethods) {\n return {\n [__data]: {\n strategy: 'resource',\n resource,\n },\n ...builderMethods,\n };\n}\nconst accessData = (authorization) => authorization[__data];\nexports.accessData = accessData;\n// TODO: delete when we make resource auth available at each level in the schema (model, field)\nconst accessSchemaData = (authorization) => authorization[__data];\nexports.accessSchemaData = accessSchemaData;\n"],"names":[],"mappings":";;AACA,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC9D,OAAO,CAAC,gBAAgB,GAAG,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,wBAAwB,GAAG,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,kBAAkB,GAAG,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,eAAe,GAAG,OAAO,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,GAAG,OAAO,CAAC,gBAAgB,GAAG,OAAO,CAAC,eAAe,GAAG,OAAO,CAAC,SAAS,GAAG,KAAK,CAAC,CAAC;AACtU,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,CAAC,SAAS,GAAG;AACpB,IAAI,QAAQ;AACZ,IAAI,cAAc;AAClB,IAAI,WAAW;AACf,IAAI,MAAM;AACV,IAAI,UAAU;AACd,CAAC,CAAC;AACF;AACA;AACA;AACA,OAAO,CAAC,eAAe,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;AACrD;AACA;AACA;AACA,OAAO,CAAC,gBAAgB,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;AACjE;AACA;AACA;AACA,OAAO,CAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;AAC/C;AACA;AACA;AACA,OAAO,CAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;AAC/C;AACA;AACA;AACA,OAAO,CAAC,eAAe,GAAG,CAAC,UAAU,CAAC,CAAC;AACvC,OAAO,CAAC,UAAU,GAAG;AACrB,IAAI,QAAQ;AACZ,IAAI,SAAS;AACb,IAAI,OAAO;AACX,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,CAAC,CAAC;AACF;AACA;AACA;AACA,OAAO,CAAC,UAAU,GAAG;AACrB,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,MAAM;AACV,IAAI,KAAK;AACT,IAAI,MAAM;AACV,IAAI,MAAM;AACV,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,CAAC,CAAC;AACF;AACA;AACA;AACA,OAAO,CAAC,kBAAkB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;AAC3D;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE;AACjC,IAAI,MAAM,MAAM,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;AACnC,IAAI,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;AAC3B,IAAI,OAAO,MAAM,CAAC;AAClB,CAAC;AACD,SAAS,EAAE,CAAC,UAAU,EAAE;AACxB,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC5B,CAAC;AACD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,aAAa,CAAC,QAAQ,EAAE;AACjC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,aAAa,GAAG,QAAQ,CAAC;AAC1C,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;AACvC,CAAC;AACD,SAAS,WAAW,CAAC,QAAQ,EAAE;AAC/B,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC;AACvC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;AACrC,CAAC;AACD,SAAS,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC5C,IAAI,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;AAC9C,QAAQ,MAAM,IAAI,KAAK,CAAC,CAAC,kBAAkB,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC/D,KAAK;AACL,CAAC;AACD,SAAS,QAAQ,CAAC,QAAQ,EAAE,cAAc,EAAE;AAC5C,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,UAAU,EAAE,SAAS;AACjC,YAAY,iBAAiB,EAAE,SAAS;AACxC,YAAY,UAAU,EAAE,KAAK;AAC7B,YAAY,aAAa,EAAE,SAAS;AACpC,YAAY,MAAM,EAAE,SAAS;AAC7B,YAAY,GAAG,QAAQ;AACvB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK,CAAC;AACN,CAAC;AACD;AACA;AACA;AACA;AACA;AACA,OAAO,CAAC,KAAK,GAAG;AAChB;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,cAAc;AACpC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAC7D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,QAAQ,EAAE;AACpB,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;AAC3D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,OAAO;AACtC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,UAAU,EAAE,QAAQ,EAAE;AACzC,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;AAC3D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,UAAU;AACzC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;AAC3D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC1C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,QAAQ,CAAC,EAAE,EAAE;AACjB,QAAQ,OAAO,gBAAgB,CAAC,EAAE,EAAE;AACpC,YAAY,EAAE,EAAE,UAAU;AAC1B,SAAS,CAAC,CAAC;AACX,KAAK;AACL,CAAC,CAAC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,CAAC,wBAAwB,GAAG;AACnC;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,cAAc;AACpC,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAC7D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL,CAAC,CAAC;AACF,SAAS,UAAU,CAAC,UAAU,EAAE;AAChC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC5B,CAAC;AACD,SAAS,gBAAgB,CAAC,QAAQ,EAAE,cAAc,EAAE;AACpD,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,UAAU;AAChC,YAAY,QAAQ;AACpB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK,CAAC;AACN,CAAC;AACD,MAAM,UAAU,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC;AAC5D,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC;AAChC;AACA,MAAM,gBAAgB,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC;AAClE,OAAO,CAAC,gBAAgB,GAAG,gBAAgB;;"}
|
|
@@ -115,7 +115,7 @@ function modelFieldToGql(fieldDef) {
|
|
|
115
115
|
}
|
|
116
116
|
return field;
|
|
117
117
|
}
|
|
118
|
-
function refFieldToGql(fieldDef) {
|
|
118
|
+
function refFieldToGql(fieldDef, secondaryIndexes = []) {
|
|
119
119
|
const { link, valueRequired, array, arrayRequired } = fieldDef;
|
|
120
120
|
let field = link;
|
|
121
121
|
if (valueRequired === true) {
|
|
@@ -127,6 +127,16 @@ function refFieldToGql(fieldDef) {
|
|
|
127
127
|
if (arrayRequired === true) {
|
|
128
128
|
field += '!';
|
|
129
129
|
}
|
|
130
|
+
for (const index of secondaryIndexes) {
|
|
131
|
+
field += ` ${index}`;
|
|
132
|
+
}
|
|
133
|
+
return field;
|
|
134
|
+
}
|
|
135
|
+
function enumFieldToGql(enumName, secondaryIndexes = []) {
|
|
136
|
+
let field = enumName;
|
|
137
|
+
for (const index of secondaryIndexes) {
|
|
138
|
+
field += ` ${index}`;
|
|
139
|
+
}
|
|
130
140
|
return field;
|
|
131
141
|
}
|
|
132
142
|
function transformFunctionHandler(handlers, functionFieldName) {
|
|
@@ -378,7 +388,9 @@ function calculateAuth(authorization) {
|
|
|
378
388
|
};
|
|
379
389
|
}
|
|
380
390
|
if (rule.provider) {
|
|
381
|
-
|
|
391
|
+
// identityPool maps to iam in the transform
|
|
392
|
+
const provider = rule.provider === 'identityPool' ? 'iam' : rule.provider;
|
|
393
|
+
ruleParts.push(`provider: ${provider}`);
|
|
382
394
|
}
|
|
383
395
|
if (rule.operations) {
|
|
384
396
|
ruleParts.push(`operations: [${rule.operations.join(', ')}]`);
|
|
@@ -510,14 +522,14 @@ function processFields(typeName, fields, impliedFields, fieldLevelAuthRules, ide
|
|
|
510
522
|
gqlFields.push(`${fieldName}: ${scalarFieldToGql(fieldDef.data, identifier, secondaryIndexes[fieldName])}${fieldAuth}`);
|
|
511
523
|
}
|
|
512
524
|
else if (isRefField(fieldDef)) {
|
|
513
|
-
gqlFields.push(`${fieldName}: ${refFieldToGql(fieldDef.data)}${fieldAuth}`);
|
|
525
|
+
gqlFields.push(`${fieldName}: ${refFieldToGql(fieldDef.data, secondaryIndexes[fieldName])}${fieldAuth}`);
|
|
514
526
|
}
|
|
515
527
|
else if (isEnumType(fieldDef)) {
|
|
516
528
|
// The inline enum type name should be `<TypeName><FieldName>` to avoid
|
|
517
529
|
// enum type name conflicts
|
|
518
530
|
const enumName = `${capitalize(typeName)}${capitalize(fieldName)}`;
|
|
519
531
|
models.push([enumName, fieldDef]);
|
|
520
|
-
gqlFields.push(`${fieldName}: ${enumName}`);
|
|
532
|
+
gqlFields.push(`${fieldName}: ${enumFieldToGql(enumName, secondaryIndexes[fieldName])}`);
|
|
521
533
|
}
|
|
522
534
|
else if (isCustomType(fieldDef)) {
|
|
523
535
|
// The inline CustomType name should be `<TypeName><FieldName>` to avoid
|
|
@@ -551,8 +563,17 @@ const secondaryIndexDefaultQueryField = (modelName, pk, sk) => {
|
|
|
551
563
|
* Given InternalModelIndexType[] returns a map where the key is the model field to be annotated with an @index directive
|
|
552
564
|
* and the value is an array of transformed Amplify @index directives with all supplied attributes
|
|
553
565
|
*/
|
|
554
|
-
const transformedSecondaryIndexesForModel = (modelName, secondaryIndexes) => {
|
|
566
|
+
const transformedSecondaryIndexesForModel = (modelName, secondaryIndexes, modelFields, getRefType) => {
|
|
555
567
|
const indexDirectiveWithAttributes = (partitionKey, sortKeys, indexName, queryField) => {
|
|
568
|
+
for (const keyName of [partitionKey, ...sortKeys]) {
|
|
569
|
+
const field = modelFields[keyName];
|
|
570
|
+
if (isRefField(field)) {
|
|
571
|
+
const { def } = getRefType(field.data.link, modelName);
|
|
572
|
+
if (!isEnumType(def)) {
|
|
573
|
+
throw new Error(`The ref field \`${keyName}\` used in the secondary index of \`${modelName}\` should refer to an enum type. \`${field.data.link}\` is not a enum type.`);
|
|
574
|
+
}
|
|
575
|
+
}
|
|
576
|
+
}
|
|
556
577
|
if (!sortKeys.length && !indexName && !queryField) {
|
|
557
578
|
return `@index(queryField: "${secondaryIndexDefaultQueryField(modelName, partitionKey)}")`;
|
|
558
579
|
}
|
|
@@ -723,7 +744,7 @@ const schemaPreprocessor = (schema) => {
|
|
|
723
744
|
const fields = typeDef.data.fields;
|
|
724
745
|
const identifier = typeDef.data.identifier;
|
|
725
746
|
const [partitionKey] = identifier;
|
|
726
|
-
const transformedSecondaryIndexes = transformedSecondaryIndexesForModel(typeName, typeDef.data.secondaryIndexes);
|
|
747
|
+
const transformedSecondaryIndexes = transformedSecondaryIndexesForModel(typeName, typeDef.data.secondaryIndexes, fields, getRefType);
|
|
727
748
|
const { authString, authFields } = calculateAuth(mostRelevantAuthRules);
|
|
728
749
|
if (authString == '') {
|
|
729
750
|
throw new Error(`Model \`${typeName}\` is missing authorization rules. Add global rules to the schema or ensure every model has its own rules.`);
|