[英]AWS Amplify with GraphQL - Defining authentication rules by different types of users
Using Amplify, GraphQL, AppSync, Cognito, DynamoDB使用 Amplify、GraphQL、AppSync、Cognito、DynamoDB
Having the following model:具有以下model:
type Post
@model
{
id: ID!
content: String!
author: String!
}
I want my rules to enable the following case:我希望我的规则启用以下情况:
What is the best way to implement it using the mentioned tools?使用上述工具实现它的最佳方法是什么?
Thanks谢谢
From your question, it is not clear how you define "Some Posts" and how you would differentiate one from another.从你的问题来看,不清楚你如何定义“一些帖子”以及你如何将一个帖子与另一个帖子区分开来。 If I was designing this, I would have at least one more field in my
Post
type to manage the access level (For example: 3 (Admin) > 2 (Premium) > 1 (Logged-in) > 0 (Unregistered)), like so;如果我正在设计这个,我将在我的
Post
类型中至少有一个字段来管理访问级别(例如:3(管理员)> 2(高级)> 1(登录)> 0(未注册)),像这样;
type Post
@model
{
id: ID!
content: String!
author: String!
accessLevel: Int!
}
To manage this on user level, I think your best bet is to manage it using Cognito groups (like mentioned in the official documentation ) and assign appropriate permission for each group.要在用户级别进行管理,我认为最好的办法是使用 Cognito 组(如官方文档中所述)进行管理,并为每个组分配适当的权限。
Things you would need in Cognito:在 Cognito 中你需要的东西:
A user pool which will contain all of your registered users.一个包含所有注册用户的用户池。
A user group for premium members.高级会员的用户组。
A user group for your admins.您的管理员的用户组。
Things you would need in your AppSync:您在 AppSync 中需要的东西:
For Admin users to create, update and delete Post:管理员用户创建、更新和删除帖子:
type Mutation { createPost(id:ID,: content,String:: author:String:),Post: @aws_auth(cognito_groups, ["Admin"]) updatePost(id:ID:: content:String,: author,String:):Post: @aws_auth(cognito_groups: ["Admin"]) deletePost(id:ID!, content:String!, author:String!):Post! @aws_auth(cognito_groups: ["Admin"]) }
For some posts only visible to premium , logged-in or unregistered users to read:对于一些只对premium 、登录或未注册用户可见的帖子:
type Query { getPost(id:ID:):Post! @aws_api_key @aws_cognito_user_pools }
Furthermore, you can use the accessLevel
in your resolver to filter out the result based on which post you want to be visible to premium, logged-in or unregistered users.此外,您可以使用解析器中的
accessLevel
根据您希望高级用户、登录用户或未注册用户看到的帖子来过滤结果。
I used @Myz answers.我使用了@Myz 的答案。 And https://aws.amazon.com/blogs/mobile/graphql-security-appsync-amplify/ for full solution:
和https://aws.amazon.com/blogs/mobile/graphql-security-appsync-amplify/完整的解决方案:
type Post
@model
@auth(
rules: [
{ allow: owner }
{ allow: groups, groups: ["Admin"], operations: [create, update, delete] }
{ allow: groups, groupsField: "group", operations: [read] }
]
) {
id: ID!
content: String!
author: String!
group: [String] # or String for a single group
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.