AWS Amplify 动态且可扩展的所有者 graphql 架构
[英]AWS Amplify dynamic and scalable owner graphql schema
问题描述
I'm struggling to find a way to make a model that can work for multiple organizations within the platform I want to build with AWS Amplify.
我正在努力寻找一种方法来制作适用于我想使用 AWS Amplify 构建的平台内的多个组织的模型。
The use case is a sort of corporate intranet, where a user registers on the platform and has access to a Workspace.用例是一种企业内部网,用户在平台上注册并可以访问工作区。 Within the Workspace, posts are created, and posts are commented on.在工作区中,创建帖子并评论帖子。
This is the example model:这是示例模型:
type Workspace
@model(subscriptions: null)
@auth(
rules: [
{ allow: owner, operations: [create, read], ownerField: "owner" }
{ allow: private, provider: iam, operations: [read, delete] }
]
) {
id: ID!
title: String!
planCode: PlanType!
plan: Plan! @connection(fields: ["planCode"])
posts: [Post]! @connection(name: "workspacePosts", sortField: "createdAt")
totalPosts: Int!
owner: String!
}
type Post
@model(subscriptions: null)
@auth(
rules: [
{ allow: owner, ownerField: "owner", }
]
) {
id: ID!
title: String
workspace: Workspace! @connection(name: "workspacePosts")
comments: [Comment]! @connection(name: "postComments")
totalComments: Int!
owner: String!
}
type Comment
@model(subscriptions: null)
@auth(
rules: [
{ allow: owner, ownerField: "owner", }
]
) {
id: ID!
content: String
post: Post! @connection(name: "postComments")
owner: String!
}
enum PlanType {
FREE
BASIC
PRO
}
The Posts, Comments and the Workspace are private and can only be viewed by the Workspace owner, who will also be the owner of the Posts and comments.帖子、评论和工作区是私有的,只能由工作区所有者查看,工作区所有者也是帖子和评论的所有者。
At some point, the user must be able to invite another user into his Workspace, and the new user must then be able to access all the records that the previous owner has generated (Workspace, Posts and Comments).在某些时候,用户必须能够邀请其他用户进入他的工作区,然后新用户必须能够访问前任所有者生成的所有记录(工作区、帖子和评论)。
In this case, with the addition of the new user I am forced to:在这种情况下,随着新用户的加入,我被迫:
- get all the Posts related to the Workspace获取与工作区相关的所有帖子
- get all the Comments related to the Posts related to the Workspace获取与工作区相关的帖子相关的所有评论
- update every record from
owner: "User_1"toowner: ["User_1", "User_2"]将所有记录从owner: "User_1"为owner: ["User_1", "User_2"]
Everything related to the Workspace must be visible or "owned" by every new users added to the Workspace.与工作区相关的所有内容都必须由添加到工作区的每个新用户可见或“拥有”。
Is there a more efficient way?有没有更有效的方法?
For example, is it possible to add an owner to the Workspace and automatically give access to all Posts and Comments related to the workspace, if the user is the owner of the Workspace?例如,如果用户是工作区的所有者,是否可以向工作区添加所有者并自动授予对与工作区相关的所有帖子和评论的访问权限?
Are there any other options?还有其他选择吗?
1 个解决方案
解决方案1
0 2020-12-05 12:19:59
对更有效方法的建议是使用 ControlTower 并且那里的任何规则都适用,特别是如果您想通过 SSO 执行此操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.