Unauthorized error when updating child object
rohit3d2003 opened this issue · 1 comments
Describe the bug
I followed the solution described in issue - #3797 but when the child object is deleted by Admin within Lambda, it gets successfully deleted by iOS data sync does not remove it. Since all this happened within Lambda, I am not sure how to debug it. I am not seeing any failure in iOS logs. Most likely something is wrong with solution and auth rule. Below is the graphql schema
type Child @model
@auth(rules: [
{ allow: owner, operations: [create, read, update, delete] },
{ allow: groups, groups: ["Admin"], operations: [create, read, delete, update] }
]) {
id: ID!
owner: String @auth(rules: [
{ allow: owner, operations: [create, read, delete] },
{ allow: groups, groups: ["Admin"], operations: [create, read, delete] }
])
}
type Parent @model
@auth(rules: [
{ allow: owner, operations: [create, read, update, delete] },
{ allow: groups, groups: ["Admin"], operations: [read, delete, update] }
]) {
id: ID!
children: [Child] @hasMany
owner: String @auth(rules: [
{ allow: owner, operations: [create, read, delete] },
{ allow: groups, groups: ["Admin"], operations: [read, delete] }
])
}
Child object is deleted via Lambda by calling GraphQL API via one of the user which is part of Admin group.
Below is the suggested schema update in Issue 3797
type Child
@model
@auth(
rules: [
{ allow: owner, operations: [create, read, update, delete] }
{
allow: groups
groups: ["Admin"]
operations: [create, read, delete, update]
}
]
) {
id: ID!
owner: String
@auth(
rules: [
{ allow: owner, operations: [create, read, delete] }
{ allow: groups, groups: ["Admin"], operations: [create, read, delete] }
]
)
parentChildrenId: ID
@auth(rules: [{ allow: owner, operations: [create, read, delete] }])
}
Below is what I have currently as I have given all permissions:
type Child @model
@auth(rules: [
{ allow: owner, operations: [create, read, update, delete] },
{ allow: groups, groups: ["Admin"], operations: [create, read, delete, update] }
]) {
id: ID!
owner: String @auth(rules: [
{ allow: owner, operations: [create, read, delete] },
{ allow: groups, groups: ["Admin"], operations: [create, read, delete] }
])
parentChildrenId: ID @auth(rules: [
{ allow: owner, operations: [create, read, update, delete] },
{ allow: groups, groups: ["Admin"], operations: [create, read, delete, update] }
])
}
type Parent @model
@auth(rules: [
{ allow: owner, operations: [create, read, update, delete] },
{ allow: groups, groups: ["Admin"], operations: [read, delete, update] }
]) {
id: ID!
children: [Child] @hasMany
owner: String @auth(rules: [
{ allow: owner, operations: [create, read, delete] },
{ allow: groups, groups: ["Admin"], operations: [read, delete] }
])
}
Steps To Reproduce
1. Fetch an existing Child object that has parentChildId set to nil.
2. Delete child object via Lambda by calling GraphQL API in context of Admin user.Expected behavior
iOS app should sync with DynamoDB as the item is deleted by DynamoDB
Amplify Framework Version
2.36
Amplify Categories
DataStore
Dependency manager
Swift PM
Swift version
5.10
CLI version
12.12.4
Xcode version
15.4
Relevant log output
<details>
<summary>Log Messages</summary>
INSERT LOG MESSAGES HEREIs this a regression?
Yes
Regression additional context
No response
Platforms
iOS
OS Version
iOS 17.5
Device
iPhone 15
Specific to simulators
No response
Additional context
No response
This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.