Unauthorized Error When Updating Child Object

Question

Unauthorized Error When Updating Child Object

rohit3d2003 opened this issue 5 months ago · 6 comments

rohit3d2003 commented 5 months ago

Describe the bug

I am encountering an Unauthorized error when attempting to update an existing Child object in my iOS app using AWS Amplify with DataStore. Specifically, the error occurs when updating a Child object that already has parentChildId set to nil. Child object isn't associated to Parent object and hence parentChildId is nil in database. Below is the graphql schema

type Child @model 
  @auth(rules: [
    { allow: owner, operations: [create, read, update, delete] },
    { allow: groups, groups: ["Admin"], operations: [create, read, delete, update] }
  ]) {
  id: ID!
  owner: String @auth(rules: [
    { allow: owner, operations: [create, read, delete] },
    { allow: groups, groups: ["Admin"], operations: [create, read, delete] }
  ])
}

type Parent @model 
  @auth(rules: [
    { allow: owner, operations: [create, read, update, delete] },
    { allow: groups, groups: ["Admin"], operations: [read, delete, update] }
  ]) {
  id: ID!
  children: [Child] @hasMany
  owner: String @auth(rules: [
    { allow: owner, operations: [create, read, delete] },
    { allow: groups, groups: ["Admin"], operations: [read, delete] }
  ])
}

Code to Update Existing Child Object:

let existingChildObject: Child = Code to retrieve existing object
existingChildObject.owner = nil
existingChildObject.parentChildId = nil // existingChildObject.parentChildId is already nil
try await Amplify.DataStore.save(childObject)

Steps To Reproduce

1. Fetch an existing Child object that has parentChildId set to nil.
2. Attempt to update the Child object without changing the parentChildId field.

Expected behavior

The Child object should be updated successfully

Amplify Framework Version

2.36

Amplify Categories

API, DataStore

Dependency manager

Swift PM

Swift version

5.10

CLI version

12.12.4

Xcode version

15.4

Relevant log output

Recovery suggestion: The list of `GraphQLError` contains service-specific messages)
finish(result:)
[SyncMutationToCloudOperation] mutationEvent finished: 188FBB0D-CD31-431F-8BEE-9CFD9C05FA96; result: success(Swift.Result<AWSPluginsCore.MutationSync<AWSPluginsCore.AnyModel>, Amplify.GraphQLResponseError<AWSPluginsCore.MutationSync<AWSPluginsCore.AnyModel>>>.failure(GraphQLResponseError<MutationSync<AnyModel>>: GraphQL service returned a successful response containing errors: [Amplify.GraphQLError(message: "Unauthorized on [parentChildId]", locations: Optional([Amplify.GraphQLError.Location(line: 2, column: 3)]), path: Optional([Amplify.JSONValue.string("updateTransaction")]), extensions: Optional(["errorInfo": Amplify.JSONValue.null, "data": Amplify.JSONValue.null, "errorType": Amplify.JSONValue.string("Unauthorized")]))]
Recovery suggestion: The list of `GraphQLError` contains service-specific messages))

Is this a regression?

Yes

Regression additional context

No response

Platforms

iOS

OS Version

iOS 17.5

Device

iPhone 15

Specific to simulators

No response

Additional context

No response

Answer 1 · 2024-07-31T20:40:48.000Z

Hi @rohit3d2003 ,

Thank you for bringing this issue to our attention. We will attempt to reproduce and investigate it, and we'll keep you informed as soon as we have more details.

Answer 2 · 2024-08-02T17:27:43.000Z

This only happens when I try to update an existing object. If I create a new child object without parentChildId, everything works fine

Answer 3 · 2024-08-03T01:02:10.000Z

Here is a similar issue aws-amplify/amplify-category-api#2562.

The issue is that the generated field parentChildId is optional and lacks a defined delete auth rule. Could you try explicitly adding delete permission for that field?

type Child
  @model
  @auth(
    rules: [
      { allow: owner, operations: [create, read, update, delete] }
      {
        allow: groups
        groups: ["Admin"]
        operations: [create, read, delete, update]
      }
    ]
  ) {
  id: ID!
  owner: String
    @auth(
      rules: [
        { allow: owner, operations: [create, read, delete] }
        { allow: groups, groups: ["Admin"], operations: [create, read, delete] }
      ]
    )
  parentChildrenId: ID
    @auth(rules: [{ allow: owner, operations: [create, read, delete] }])
}

Answer 4 · 2024-08-03T02:26:30.000Z

@5d - This fixed the issue

Answer 5 · 2024-08-07T18:39:24.000Z

Thank you - closing the issue.

Answer 6 · 2024-08-07T18:39:42.000Z

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.