@aws-amplify/data-schema 1.13.3 → 1.14.0

package/dist/cjs/Authorization.js

@@ -1,7 +1,7 @@
 'use strict';
 
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.accessSchemaData = exports.accessData = exports.allowForCustomOperations = exports.allow = exports.ResourceOperations = exports.Operations = exports.Strategies = exports.CustomProviders = exports.GroupProviders = exports.OwnerProviders = exports.PrivateProviders = exports.PublicProviders = exports.Providers = void 0;
+exports.accessSchemaData = exports.accessData = exports.allowForConversations = exports.allowForCustomOperations = exports.allow = exports.ResourceOperations = exports.Operations = exports.Strategies = exports.CustomProviders = exports.GroupProviders = exports.OwnerProviders = exports.PrivateProviders = exports.PublicProviders = exports.Providers = void 0;
 const __data = Symbol('data');
 /**
  * All possible providers.
@@ -429,6 +429,17 @@ exports.allowForCustomOperations = {
         }, {});
     },
 };
+exports.allowForConversations = {
+    owner() {
+        return authData({
+            strategy: 'owner',
+            provider: 'userPools',
+        }, {
+            to,
+            identityClaim,
+        });
+    },
+};
 function resourceTo(operations) {
     this[__data].operations = operations;
     return omit(this, 'to');

package/dist/cjs/Authorization.js.map

@@ -1 +1 @@
-{"version":3,"file":"Authorization.js","sources":["../../src/Authorization.ts"],"sourcesContent":["\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.accessSchemaData = exports.accessData = exports.allowForCustomOperations = exports.allow = exports.ResourceOperations = exports.Operations = exports.Strategies = exports.CustomProviders = exports.GroupProviders = exports.OwnerProviders = exports.PrivateProviders = exports.PublicProviders = exports.Providers = void 0;\nconst __data = Symbol('data');\n/**\n * All possible providers.\n *\n * This list should not be used if you need to restrict available providers\n * according to an auth strategcy. E.g., `public` auth can only be facilitated\n * by `apiKey` and `identityPool` providers.\n */\nexports.Providers = [\n    'apiKey',\n    'identityPool',\n    'userPools',\n    'oidc',\n    'function',\n];\n/**\n * The subset of auth providers that can facilitate `public` auth.\n */\nexports.PublicProviders = ['apiKey', 'identityPool'];\n/**\n * The subset of auth providers that can facilitate `private` auth.\n */\nexports.PrivateProviders = ['userPools', 'oidc', 'identityPool'];\n/**\n * The subset of auth providers that can facilitate `owner` auth.\n */\nexports.OwnerProviders = ['userPools', 'oidc'];\n/**\n * The subset of auth providers that can facilitate `group` auth.\n */\nexports.GroupProviders = ['userPools', 'oidc'];\n/**\n * The subset of auth providers that can facilitate `custom` auth.\n */\nexports.CustomProviders = ['function'];\nexports.Strategies = [\n    'public',\n    'private',\n    'owner',\n    'groups',\n    'custom',\n];\n/**\n * The operations that can be performed against an API.\n */\nexports.Operations = [\n    'create',\n    'update',\n    'delete',\n    'read',\n    'get',\n    'list',\n    'sync',\n    'listen',\n    'search',\n];\n/**\n * The operations that can be performed against an API by a Lambda function.\n */\nexports.ResourceOperations = ['query', 'mutate', 'listen'];\n/**\n * Creates a shallow copy of an object with an individual field pruned away.\n *\n * @param original The original object to prune.\n * @param without The field to prune.\n * @returns The pruned object.\n */\nfunction omit(original, without) {\n    const pruned = { ...original };\n    delete pruned[without];\n    return pruned;\n}\nfunction to(operations) {\n    this[__data].operations = operations;\n    return omit(this, 'to');\n}\n/**\n * Specifies a property of the identity JWT to use in place of `sub::username`\n * as the value to match against the owner field for authorization.\n *\n * @param this Authorization object to operate against.\n * @param property A property of identity JWT.\n * @returns A copy of the Authorization object with the claim attached.\n */\nfunction identityClaim(property) {\n    this[__data].identityClaim = property;\n    return omit(this, 'identityClaim');\n}\nfunction withClaimIn(property) {\n    this[__data].groupClaim = property;\n    return omit(this, 'withClaimIn');\n}\nfunction validateProvider(needle, haystack) {\n    if (needle && !haystack.includes(needle)) {\n        throw new Error(`Invalid provider (${needle}) given!`);\n    }\n}\nfunction authData(defaults, builderMethods) {\n    return {\n        [__data]: {\n            strategy: 'public',\n            provider: undefined,\n            operations: undefined,\n            groupOrOwnerField: undefined,\n            multiOwner: false,\n            identityClaim: undefined,\n            groups: undefined,\n            ...defaults,\n        },\n        ...builderMethods,\n    };\n}\n/**\n * Defines an authorization rule for your data models and fields. First choose an authorization strategy (`public`,\n * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `identitypool`, `userPools`, `oidc`, or `function`)\n * and optionally use `.to(...)` to specify the operations that can be performed against your data models and fields.\n */\nexports.allow = {\n    /**\n     * Authorize unauthenticated users by using API key based authorization.\n     * @returns an authorization rule for unauthenticated users\n     */\n    publicApiKey() {\n        return authData({\n            strategy: 'public',\n            provider: 'apiKey',\n        }, {\n            to,\n        });\n    },\n    /**\n     * Authorize unauthenticated users by using IDENTITYPOOL based authorization.\n     * @returns an authorization rule for unauthenticated users\n     */\n    guest() {\n        return authData({\n            strategy: 'public',\n            provider: 'identityPool',\n        }, {\n            to,\n        });\n    },\n    /**\n     * Authorize authenticated users. By default, `.authenticated()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.authenticated(\"identityPool\")` or `.authenticated(\"oidc\")` to use identityPool or OIDC based authorization for authenticated users.\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    authenticated(provider) {\n        validateProvider(provider, exports.PrivateProviders);\n        return authData({\n            strategy: 'private',\n            provider,\n        }, {\n            to,\n        });\n    },\n    /**\n     * Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new `owner: a.string()`\n     * field will be added to the model to store which user \"owns\" the item. Upon item creation, the \"owner field\" is\n     * auto-populated with the authenticated user's information. If you want to specify which field should be used as\n     * the owner field, you can use the `ownerDefinedIn` builder function instead.\n     *\n     * By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.owner(\"oidc\")` to use OIDC based authentication to designate the owner.\n     *\n     * To change the specific claim that should be used as the user identifier within the owner field, chain the\n     * `.identityClaim(...)` method.\n     *\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    owner(provider) {\n        validateProvider(provider, exports.OwnerProviders);\n        return authData({\n            strategy: 'owner',\n            provider,\n            groupOrOwnerField: 'owner',\n        }, {\n            to,\n            identityClaim,\n        });\n    },\n    /**\n     * Authorize access on a per-user (owner) basis with specifying which field should be used as the owner field.\n     *\n     * By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.ownerDefinedIn(\"owner\", \"oidc\")` to use OIDC based authentication to designate the owner.\n     *\n     * To change the specific claim that should be used as the user identifier within the owner field, chain the\n     * `.identityClaim(...)` method.\n     *\n     * @param ownerField the field that contains the owner information\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    ownerDefinedIn(ownerField, provider) {\n        validateProvider(provider, exports.OwnerProviders);\n        return authData({\n            strategy: 'owner',\n            provider,\n            groupOrOwnerField: ownerField,\n        }, {\n            to,\n            identityClaim,\n        });\n    },\n    /**\n     * Authorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new `owners: a.string().array()`\n     * field will be added to the model to store which users \"own\" the item. Upon item creation, the \"owners field\" is\n     * auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the `owners` array.\n     *\n     * You can specify which field should be used as the owners field by passing the `ownersField` parameter.\n     *\n     * By default, `.ownersDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.ownersDefinedIn(\"owners\", \"oidc\")` to use OIDC based authentication to designate the owner.\n     *\n     * To change the specific claim that should be used as the user identifier within the owners field, chain the\n     * `.identityClaim(...)` method.\n     *\n     * @param ownersField the field that contains the owners information\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    ownersDefinedIn(ownersField, provider) {\n        validateProvider(provider, exports.OwnerProviders);\n        return authData({\n            strategy: 'owner',\n            provider,\n            groupOrOwnerField: ownersField,\n            multiOwner: true,\n        }, {\n            to,\n            identityClaim,\n        });\n    },\n    /**\n     * Authorize a specific user group. Provide the name of the specific user group to have access.\n     *\n     * By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * To change the specific claim that should be used as the user group identifier, chain the\n     * `.withClaimIn(...)` method.\n     * @param group the name of the group to authorize\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    group(group, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groups: [group],\n        }, {\n            to,\n            withClaimIn,\n        });\n    },\n    /**\n     * Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n     *\n     * By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * To change the specific claim that should be used as the user group identifier, chain the\n     * `.withClaimIn(...)` method.\n     * @param groups the names of the group to authorize defined as an array\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    groups(groups, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groups,\n        }, {\n            to,\n            withClaimIn,\n        });\n    },\n    /**\n     * Authorize if a user is part of a group defined in a data model field.\n     *\n     * By default, `.groupDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.groupDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * To change the specific claim that should be used as the user group identifier within the groups field, chain the\n     * `.withClaimIn(...)` method.\n     * @param groupsField the field that should store the authorized user group information\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    groupDefinedIn(groupsField, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groupOrOwnerField: groupsField,\n        }, {\n            to,\n            withClaimIn,\n        });\n    },\n    /**\n     * Authorize if a user is part of a one of the groups defined in a data model field.\n     *\n     * By default, `.groupsDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.groupsDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * To change the specific claim that should be used as the user group identifier within the groups field, chain the\n     * `.withClaimIn(...)` method.\n     * @param groupsField the field that should store the list of authorized user groups\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    groupsDefinedIn(groupsField, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groupOrOwnerField: groupsField,\n            multiOwner: true,\n        }, {\n            to,\n            withClaimIn,\n        });\n    },\n    custom(provider) {\n        return authData({\n            strategy: 'custom',\n            provider,\n        }, {\n            to,\n        });\n    },\n    resource(fn) {\n        return resourceAuthData(fn, {\n            to: resourceTo,\n        });\n    },\n};\n/**\n * This is a copy of the {@link allow} defined above, with modifications for custom operations.\n *\n * Removed builder methods:\n *\n * * `owner`\n * * `ownerDefinedIn`\n * * `ownersDefinedIn`\n * * `groupDefinedIn`\n * * `groupsDefinedIn`\n * * `resource`\n * * `.to()` builder method from each available rule builder\n */\nexports.allowForCustomOperations = {\n    /**\n     * Authorize unauthenticated users by using API key based authorization.\n     * @returns an authorization rule for unauthenticated users\n     */\n    publicApiKey() {\n        return authData({\n            strategy: 'public',\n            provider: 'apiKey',\n        }, {});\n    },\n    /**\n     * Authorize unauthenticated users by using identityPool based authorization.\n     * @returns an authorization rule for unauthenticated users\n     */\n    guest() {\n        return authData({\n            strategy: 'public',\n            provider: 'identityPool',\n        }, {});\n    },\n    /**\n     * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.authenticated(\"identityPool\")` or `.authenticated(\"oidc\")` to use Identity Pool or OIDC based authorization for authenticated users.\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    authenticated(provider) {\n        validateProvider(provider, exports.PrivateProviders);\n        return authData({\n            strategy: 'private',\n            provider,\n        }, {});\n    },\n    /**\n     * Authorize a specific user group. Provide the name of the specific user group to have access.\n     *\n     * By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * @param group the name of the group to authorize\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    group(group, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groups: [group],\n        }, {});\n    },\n    /**\n     * Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n     *\n     * By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * @param groups the names of the group to authorize defined as an array\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    groups(groups, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groups,\n        }, {});\n    },\n    custom(provider) {\n        return authData({\n            strategy: 'custom',\n            provider,\n        }, {});\n    },\n};\nfunction resourceTo(operations) {\n    this[__data].operations = operations;\n    return omit(this, 'to');\n}\nfunction resourceAuthData(resource, builderMethods) {\n    return {\n        [__data]: {\n            strategy: 'resource',\n            resource,\n        },\n        ...builderMethods,\n    };\n}\nconst accessData = (authorization) => authorization[__data];\nexports.accessData = accessData;\n// TODO: delete when we make resource auth available at each level in the schema (model, field)\nconst accessSchemaData = (authorization) => authorization[__data];\nexports.accessSchemaData = accessSchemaData;\n"],"names":[],"mappings":";;AACA,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC9D,OAAO,CAAC,gBAAgB,GAAG,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,wBAAwB,GAAG,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,kBAAkB,GAAG,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,eAAe,GAAG,OAAO,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,GAAG,OAAO,CAAC,gBAAgB,GAAG,OAAO,CAAC,eAAe,GAAG,OAAO,CAAC,SAAS,GAAG,KAAK,CAAC,CAAC;AACtU,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,CAAC,SAAS,GAAG;AACpB,IAAI,QAAQ;AACZ,IAAI,cAAc;AAClB,IAAI,WAAW;AACf,IAAI,MAAM;AACV,IAAI,UAAU;AACd,CAAC,CAAC;AACF;AACA;AACA;AACA,OAAO,CAAC,eAAe,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;AACrD;AACA;AACA;AACA,OAAO,CAAC,gBAAgB,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;AACjE;AACA;AACA;AACA,OAAO,CAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;AAC/C;AACA;AACA;AACA,OAAO,CAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;AAC/C;AACA;AACA;AACA,OAAO,CAAC,eAAe,GAAG,CAAC,UAAU,CAAC,CAAC;AACvC,OAAO,CAAC,UAAU,GAAG;AACrB,IAAI,QAAQ;AACZ,IAAI,SAAS;AACb,IAAI,OAAO;AACX,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,CAAC,CAAC;AACF;AACA;AACA;AACA,OAAO,CAAC,UAAU,GAAG;AACrB,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,MAAM;AACV,IAAI,KAAK;AACT,IAAI,MAAM;AACV,IAAI,MAAM;AACV,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,CAAC,CAAC;AACF;AACA;AACA;AACA,OAAO,CAAC,kBAAkB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;AAC3D;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE;AACjC,IAAI,MAAM,MAAM,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;AACnC,IAAI,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;AAC3B,IAAI,OAAO,MAAM,CAAC;AAClB,CAAC;AACD,SAAS,EAAE,CAAC,UAAU,EAAE;AACxB,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC5B,CAAC;AACD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,aAAa,CAAC,QAAQ,EAAE;AACjC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,aAAa,GAAG,QAAQ,CAAC;AAC1C,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;AACvC,CAAC;AACD,SAAS,WAAW,CAAC,QAAQ,EAAE;AAC/B,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC;AACvC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;AACrC,CAAC;AACD,SAAS,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC5C,IAAI,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;AAC9C,QAAQ,MAAM,IAAI,KAAK,CAAC,CAAC,kBAAkB,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC/D,KAAK;AACL,CAAC;AACD,SAAS,QAAQ,CAAC,QAAQ,EAAE,cAAc,EAAE;AAC5C,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,UAAU,EAAE,SAAS;AACjC,YAAY,iBAAiB,EAAE,SAAS;AACxC,YAAY,UAAU,EAAE,KAAK;AAC7B,YAAY,aAAa,EAAE,SAAS;AACpC,YAAY,MAAM,EAAE,SAAS;AAC7B,YAAY,GAAG,QAAQ;AACvB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK,CAAC;AACN,CAAC;AACD;AACA;AACA;AACA;AACA;AACA,OAAO,CAAC,KAAK,GAAG;AAChB;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,cAAc;AACpC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAC7D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,QAAQ,EAAE;AACpB,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;AAC3D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,OAAO;AACtC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,UAAU,EAAE,QAAQ,EAAE;AACzC,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;AAC3D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,UAAU;AACzC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;AAC3D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC1C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,QAAQ,CAAC,EAAE,EAAE;AACjB,QAAQ,OAAO,gBAAgB,CAAC,EAAE,EAAE;AACpC,YAAY,EAAE,EAAE,UAAU;AAC1B,SAAS,CAAC,CAAC;AACX,KAAK;AACL,CAAC,CAAC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,CAAC,wBAAwB,GAAG;AACnC;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,cAAc;AACpC,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAC7D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL,CAAC,CAAC;AACF,SAAS,UAAU,CAAC,UAAU,EAAE;AAChC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC5B,CAAC;AACD,SAAS,gBAAgB,CAAC,QAAQ,EAAE,cAAc,EAAE;AACpD,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,UAAU;AAChC,YAAY,QAAQ;AACpB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK,CAAC;AACN,CAAC;AACD,MAAM,UAAU,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC;AAC5D,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC;AAChC;AACA,MAAM,gBAAgB,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC;AAClE,OAAO,CAAC,gBAAgB,GAAG,gBAAgB;;"}
+{"version":3,"file":"Authorization.js","sources":["../../src/Authorization.ts"],"sourcesContent":["\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.accessSchemaData = exports.accessData = exports.allowForConversations = exports.allowForCustomOperations = exports.allow = exports.ResourceOperations = exports.Operations = exports.Strategies = exports.CustomProviders = exports.GroupProviders = exports.OwnerProviders = exports.PrivateProviders = exports.PublicProviders = exports.Providers = void 0;\nconst __data = Symbol('data');\n/**\n * All possible providers.\n *\n * This list should not be used if you need to restrict available providers\n * according to an auth strategcy. E.g., `public` auth can only be facilitated\n * by `apiKey` and `identityPool` providers.\n */\nexports.Providers = [\n    'apiKey',\n    'identityPool',\n    'userPools',\n    'oidc',\n    'function',\n];\n/**\n * The subset of auth providers that can facilitate `public` auth.\n */\nexports.PublicProviders = ['apiKey', 'identityPool'];\n/**\n * The subset of auth providers that can facilitate `private` auth.\n */\nexports.PrivateProviders = ['userPools', 'oidc', 'identityPool'];\n/**\n * The subset of auth providers that can facilitate `owner` auth.\n */\nexports.OwnerProviders = ['userPools', 'oidc'];\n/**\n * The subset of auth providers that can facilitate `group` auth.\n */\nexports.GroupProviders = ['userPools', 'oidc'];\n/**\n * The subset of auth providers that can facilitate `custom` auth.\n */\nexports.CustomProviders = ['function'];\nexports.Strategies = [\n    'public',\n    'private',\n    'owner',\n    'groups',\n    'custom',\n];\n/**\n * The operations that can be performed against an API.\n */\nexports.Operations = [\n    'create',\n    'update',\n    'delete',\n    'read',\n    'get',\n    'list',\n    'sync',\n    'listen',\n    'search',\n];\n/**\n * The operations that can be performed against an API by a Lambda function.\n */\nexports.ResourceOperations = ['query', 'mutate', 'listen'];\n/**\n * Creates a shallow copy of an object with an individual field pruned away.\n *\n * @param original The original object to prune.\n * @param without The field to prune.\n * @returns The pruned object.\n */\nfunction omit(original, without) {\n    const pruned = { ...original };\n    delete pruned[without];\n    return pruned;\n}\nfunction to(operations) {\n    this[__data].operations = operations;\n    return omit(this, 'to');\n}\n/**\n * Specifies a property of the identity JWT to use in place of `sub::username`\n * as the value to match against the owner field for authorization.\n *\n * @param this Authorization object to operate against.\n * @param property A property of identity JWT.\n * @returns A copy of the Authorization object with the claim attached.\n */\nfunction identityClaim(property) {\n    this[__data].identityClaim = property;\n    return omit(this, 'identityClaim');\n}\nfunction withClaimIn(property) {\n    this[__data].groupClaim = property;\n    return omit(this, 'withClaimIn');\n}\nfunction validateProvider(needle, haystack) {\n    if (needle && !haystack.includes(needle)) {\n        throw new Error(`Invalid provider (${needle}) given!`);\n    }\n}\nfunction authData(defaults, builderMethods) {\n    return {\n        [__data]: {\n            strategy: 'public',\n            provider: undefined,\n            operations: undefined,\n            groupOrOwnerField: undefined,\n            multiOwner: false,\n            identityClaim: undefined,\n            groups: undefined,\n            ...defaults,\n        },\n        ...builderMethods,\n    };\n}\n/**\n * Defines an authorization rule for your data models and fields. First choose an authorization strategy (`public`,\n * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `identitypool`, `userPools`, `oidc`, or `function`)\n * and optionally use `.to(...)` to specify the operations that can be performed against your data models and fields.\n */\nexports.allow = {\n    /**\n     * Authorize unauthenticated users by using API key based authorization.\n     * @returns an authorization rule for unauthenticated users\n     */\n    publicApiKey() {\n        return authData({\n            strategy: 'public',\n            provider: 'apiKey',\n        }, {\n            to,\n        });\n    },\n    /**\n     * Authorize unauthenticated users by using IDENTITYPOOL based authorization.\n     * @returns an authorization rule for unauthenticated users\n     */\n    guest() {\n        return authData({\n            strategy: 'public',\n            provider: 'identityPool',\n        }, {\n            to,\n        });\n    },\n    /**\n     * Authorize authenticated users. By default, `.authenticated()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.authenticated(\"identityPool\")` or `.authenticated(\"oidc\")` to use identityPool or OIDC based authorization for authenticated users.\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    authenticated(provider) {\n        validateProvider(provider, exports.PrivateProviders);\n        return authData({\n            strategy: 'private',\n            provider,\n        }, {\n            to,\n        });\n    },\n    /**\n     * Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new `owner: a.string()`\n     * field will be added to the model to store which user \"owns\" the item. Upon item creation, the \"owner field\" is\n     * auto-populated with the authenticated user's information. If you want to specify which field should be used as\n     * the owner field, you can use the `ownerDefinedIn` builder function instead.\n     *\n     * By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.owner(\"oidc\")` to use OIDC based authentication to designate the owner.\n     *\n     * To change the specific claim that should be used as the user identifier within the owner field, chain the\n     * `.identityClaim(...)` method.\n     *\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    owner(provider) {\n        validateProvider(provider, exports.OwnerProviders);\n        return authData({\n            strategy: 'owner',\n            provider,\n            groupOrOwnerField: 'owner',\n        }, {\n            to,\n            identityClaim,\n        });\n    },\n    /**\n     * Authorize access on a per-user (owner) basis with specifying which field should be used as the owner field.\n     *\n     * By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.ownerDefinedIn(\"owner\", \"oidc\")` to use OIDC based authentication to designate the owner.\n     *\n     * To change the specific claim that should be used as the user identifier within the owner field, chain the\n     * `.identityClaim(...)` method.\n     *\n     * @param ownerField the field that contains the owner information\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    ownerDefinedIn(ownerField, provider) {\n        validateProvider(provider, exports.OwnerProviders);\n        return authData({\n            strategy: 'owner',\n            provider,\n            groupOrOwnerField: ownerField,\n        }, {\n            to,\n            identityClaim,\n        });\n    },\n    /**\n     * Authorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new `owners: a.string().array()`\n     * field will be added to the model to store which users \"own\" the item. Upon item creation, the \"owners field\" is\n     * auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the `owners` array.\n     *\n     * You can specify which field should be used as the owners field by passing the `ownersField` parameter.\n     *\n     * By default, `.ownersDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.ownersDefinedIn(\"owners\", \"oidc\")` to use OIDC based authentication to designate the owner.\n     *\n     * To change the specific claim that should be used as the user identifier within the owners field, chain the\n     * `.identityClaim(...)` method.\n     *\n     * @param ownersField the field that contains the owners information\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    ownersDefinedIn(ownersField, provider) {\n        validateProvider(provider, exports.OwnerProviders);\n        return authData({\n            strategy: 'owner',\n            provider,\n            groupOrOwnerField: ownersField,\n            multiOwner: true,\n        }, {\n            to,\n            identityClaim,\n        });\n    },\n    /**\n     * Authorize a specific user group. Provide the name of the specific user group to have access.\n     *\n     * By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * To change the specific claim that should be used as the user group identifier, chain the\n     * `.withClaimIn(...)` method.\n     * @param group the name of the group to authorize\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    group(group, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groups: [group],\n        }, {\n            to,\n            withClaimIn,\n        });\n    },\n    /**\n     * Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n     *\n     * By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * To change the specific claim that should be used as the user group identifier, chain the\n     * `.withClaimIn(...)` method.\n     * @param groups the names of the group to authorize defined as an array\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    groups(groups, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groups,\n        }, {\n            to,\n            withClaimIn,\n        });\n    },\n    /**\n     * Authorize if a user is part of a group defined in a data model field.\n     *\n     * By default, `.groupDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.groupDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * To change the specific claim that should be used as the user group identifier within the groups field, chain the\n     * `.withClaimIn(...)` method.\n     * @param groupsField the field that should store the authorized user group information\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    groupDefinedIn(groupsField, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groupOrOwnerField: groupsField,\n        }, {\n            to,\n            withClaimIn,\n        });\n    },\n    /**\n     * Authorize if a user is part of a one of the groups defined in a data model field.\n     *\n     * By default, `.groupsDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.groupsDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * To change the specific claim that should be used as the user group identifier within the groups field, chain the\n     * `.withClaimIn(...)` method.\n     * @param groupsField the field that should store the list of authorized user groups\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    groupsDefinedIn(groupsField, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groupOrOwnerField: groupsField,\n            multiOwner: true,\n        }, {\n            to,\n            withClaimIn,\n        });\n    },\n    custom(provider) {\n        return authData({\n            strategy: 'custom',\n            provider,\n        }, {\n            to,\n        });\n    },\n    resource(fn) {\n        return resourceAuthData(fn, {\n            to: resourceTo,\n        });\n    },\n};\n/**\n * This is a copy of the {@link allow} defined above, with modifications for custom operations.\n *\n * Removed builder methods:\n *\n * * `owner`\n * * `ownerDefinedIn`\n * * `ownersDefinedIn`\n * * `groupDefinedIn`\n * * `groupsDefinedIn`\n * * `resource`\n * * `.to()` builder method from each available rule builder\n */\nexports.allowForCustomOperations = {\n    /**\n     * Authorize unauthenticated users by using API key based authorization.\n     * @returns an authorization rule for unauthenticated users\n     */\n    publicApiKey() {\n        return authData({\n            strategy: 'public',\n            provider: 'apiKey',\n        }, {});\n    },\n    /**\n     * Authorize unauthenticated users by using identityPool based authorization.\n     * @returns an authorization rule for unauthenticated users\n     */\n    guest() {\n        return authData({\n            strategy: 'public',\n            provider: 'identityPool',\n        }, {});\n    },\n    /**\n     * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.authenticated(\"identityPool\")` or `.authenticated(\"oidc\")` to use Identity Pool or OIDC based authorization for authenticated users.\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    authenticated(provider) {\n        validateProvider(provider, exports.PrivateProviders);\n        return authData({\n            strategy: 'private',\n            provider,\n        }, {});\n    },\n    /**\n     * Authorize a specific user group. Provide the name of the specific user group to have access.\n     *\n     * By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * @param group the name of the group to authorize\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    group(group, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groups: [group],\n        }, {});\n    },\n    /**\n     * Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n     *\n     * By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * @param groups the names of the group to authorize defined as an array\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    groups(groups, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groups,\n        }, {});\n    },\n    custom(provider) {\n        return authData({\n            strategy: 'custom',\n            provider,\n        }, {});\n    },\n};\nexports.allowForConversations = {\n    owner() {\n        return authData({\n            strategy: 'owner',\n            provider: 'userPools',\n        }, {\n            to,\n            identityClaim,\n        });\n    },\n};\nfunction resourceTo(operations) {\n    this[__data].operations = operations;\n    return omit(this, 'to');\n}\nfunction resourceAuthData(resource, builderMethods) {\n    return {\n        [__data]: {\n            strategy: 'resource',\n            resource,\n        },\n        ...builderMethods,\n    };\n}\nconst accessData = (authorization) => authorization[__data];\nexports.accessData = accessData;\n// TODO: delete when we make resource auth available at each level in the schema (model, field)\nconst accessSchemaData = (authorization) => authorization[__data];\nexports.accessSchemaData = accessSchemaData;\n"],"names":[],"mappings":";;AACA,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC9D,OAAO,CAAC,gBAAgB,GAAG,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,qBAAqB,GAAG,OAAO,CAAC,wBAAwB,GAAG,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,kBAAkB,GAAG,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,eAAe,GAAG,OAAO,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,GAAG,OAAO,CAAC,gBAAgB,GAAG,OAAO,CAAC,eAAe,GAAG,OAAO,CAAC,SAAS,GAAG,KAAK,CAAC,CAAC;AACtW,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,CAAC,SAAS,GAAG;AACpB,IAAI,QAAQ;AACZ,IAAI,cAAc;AAClB,IAAI,WAAW;AACf,IAAI,MAAM;AACV,IAAI,UAAU;AACd,CAAC,CAAC;AACF;AACA;AACA;AACA,OAAO,CAAC,eAAe,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;AACrD;AACA;AACA;AACA,OAAO,CAAC,gBAAgB,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;AACjE;AACA;AACA;AACA,OAAO,CAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;AAC/C;AACA;AACA;AACA,OAAO,CAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;AAC/C;AACA;AACA;AACA,OAAO,CAAC,eAAe,GAAG,CAAC,UAAU,CAAC,CAAC;AACvC,OAAO,CAAC,UAAU,GAAG;AACrB,IAAI,QAAQ;AACZ,IAAI,SAAS;AACb,IAAI,OAAO;AACX,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,CAAC,CAAC;AACF;AACA;AACA;AACA,OAAO,CAAC,UAAU,GAAG;AACrB,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,MAAM;AACV,IAAI,KAAK;AACT,IAAI,MAAM;AACV,IAAI,MAAM;AACV,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,CAAC,CAAC;AACF;AACA;AACA;AACA,OAAO,CAAC,kBAAkB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;AAC3D;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE;AACjC,IAAI,MAAM,MAAM,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;AACnC,IAAI,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;AAC3B,IAAI,OAAO,MAAM,CAAC;AAClB,CAAC;AACD,SAAS,EAAE,CAAC,UAAU,EAAE;AACxB,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC5B,CAAC;AACD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,aAAa,CAAC,QAAQ,EAAE;AACjC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,aAAa,GAAG,QAAQ,CAAC;AAC1C,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;AACvC,CAAC;AACD,SAAS,WAAW,CAAC,QAAQ,EAAE;AAC/B,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC;AACvC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;AACrC,CAAC;AACD,SAAS,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC5C,IAAI,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;AAC9C,QAAQ,MAAM,IAAI,KAAK,CAAC,CAAC,kBAAkB,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC/D,KAAK;AACL,CAAC;AACD,SAAS,QAAQ,CAAC,QAAQ,EAAE,cAAc,EAAE;AAC5C,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,UAAU,EAAE,SAAS;AACjC,YAAY,iBAAiB,EAAE,SAAS;AACxC,YAAY,UAAU,EAAE,KAAK;AAC7B,YAAY,aAAa,EAAE,SAAS;AACpC,YAAY,MAAM,EAAE,SAAS;AAC7B,YAAY,GAAG,QAAQ;AACvB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK,CAAC;AACN,CAAC;AACD;AACA;AACA;AACA;AACA;AACA,OAAO,CAAC,KAAK,GAAG;AAChB;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,cAAc;AACpC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAC7D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,QAAQ,EAAE;AACpB,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;AAC3D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,OAAO;AACtC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,UAAU,EAAE,QAAQ,EAAE;AACzC,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;AAC3D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,UAAU;AACzC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;AAC3D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC1C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,QAAQ,CAAC,EAAE,EAAE;AACjB,QAAQ,OAAO,gBAAgB,CAAC,EAAE,EAAE;AACpC,YAAY,EAAE,EAAE,UAAU;AAC1B,SAAS,CAAC,CAAC;AACX,KAAK;AACL,CAAC,CAAC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,CAAC,wBAAwB,GAAG;AACnC;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,cAAc;AACpC,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAC7D,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC,CAAC;AACf,KAAK;AACL,CAAC,CAAC;AACF,OAAO,CAAC,qBAAqB,GAAG;AAChC,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ,EAAE,WAAW;AACjC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC,CAAC;AACX,KAAK;AACL,CAAC,CAAC;AACF,SAAS,UAAU,CAAC,UAAU,EAAE;AAChC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC;AACzC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC5B,CAAC;AACD,SAAS,gBAAgB,CAAC,QAAQ,EAAE,cAAc,EAAE;AACpD,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,UAAU;AAChC,YAAY,QAAQ;AACpB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK,CAAC;AACN,CAAC;AACD,MAAM,UAAU,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC;AAC5D,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC;AAChC;AACA,MAAM,gBAAgB,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC;AAClE,OAAO,CAAC,gBAAgB,GAAG,gBAAgB;;"}

package/dist/cjs/SchemaProcessor.js

@@ -18,7 +18,8 @@ const ConversationSchemaProcessor_1 = require("./ai/ConversationSchemaProcessor"
 function isInternalModel(model) {
     if (model.data &&
         !isCustomType(model) &&
-        !isCustomOperation(model)) {
+        !isCustomOperation(model) &&
+        !isConversationRoute(model)) {
         return true;
     }
     return false;
@@ -955,7 +956,6 @@ const schemaPreprocessor = (schema) => {
                 }
             }
             else if (isConversationRoute(typeDef)) {
-                // TODO: add inferenceConfiguration values to directive.
                 const { field, functionHandler } = (0, ConversationSchemaProcessor_1.createConversationField)(typeDef, typeName);
                 customMutations.push(field);
                 Object.assign(lambdaFunctions, functionHandler);