amplify-js: Field Level @auth declarations throw errors?

** Which Category is your question related to? ** API ** What AWS Services are you utilizing? ** AppSync ** Provide additional details e.g. code snippets **

type User 
@model 
{
  name: String
  balance: Int @auth(rules: [
    {allow: groups, groups: ["Admins"], operations: [update, create, read]},
    {allow: owner, ownerField: "id", operations: [read]},
  ])
}

It appears I get an error if I issue a graphql query for name and balance.

Meaning, I have to issue two different queries depending on whether the logged in user is an admin or not.

Seems to me that if I try to read a particular field and don’t have permissions, it should just return null.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 22 (8 by maintainers)

Most upvoted comments

@CodySwannGT This looks like an issue with the AppSync JS SDK (and maybe the apollo sdk used underneath). I’m transferring this issue back to the Amplify JS team to look into this further.

+1
kaustavghosh06 on Aug 7, 2019

@CodySwannGT I agree this shouldn’t be the ideal behavior. We’re looking into this.

+1
kaustavghosh06 on Aug 6, 2019

This seems an issue more related to amplify cli, I will transfer it to that repo.

Thanks!

+1
elorzafe on Aug 5, 2019
Read more comments on GitHub
← amplify-js: Federated user fails to update mutable attributes with a 400 response: "Access Token does not have required scopes"
amplify-js: Force Token to Expire →