Updated authorization rules to use the new syntax

Author: Rene Brandel

src/fragments/gen2/quickstart/build-a-backend.mdx

@@ -27,7 +27,7 @@ const schema = a.schema({
     .model({
       content: a.string()
     })
-    .authorization([a.allow.owner(), a.allow.public().to(['read'])])
+    .authorization(allow => [allow.owner(), allow.publicApiKey().to(['read'])])
 });
 
 export type Schema = ClientSchema<typeof schema>;
@@ -36,7 +36,7 @@ export const data = defineData({
   schema,
   authorizationModes: {
     defaultAuthorizationMode: 'apiKey',
-    // API Key is used for a.allow.public() rules
+    // API Key is used for allow.publicApiKey() rules
     apiKeyAuthorizationMode: {
       expiresInDays: 30
     }
@@ -99,7 +99,7 @@ const schema = a.schema({
       priority: a.enum(['low', 'medium', 'high'])
 // highlight-end
     })
-    .authorization([a.allow.owner(), a.allow.public().to(['read'])]),
+    .authorization(allow => [allow.owner(), allow.publicApiKey().to(['read'])]),
 });
 
 // ...
@@ -114,12 +114,12 @@ The `Todo` data model is defined with authorization rules to allow the person wh
 **Note:** These authorization rules can be modified using a chain of methods as defined by default. For example, we could remove the `.to(['read'])` and allow all visitors to perform all actions on data or add permissions for signed-in users or users who belong to user groups such as `Admin`. You can learn more about all options for authorization in the [Customize your auth rules](/gen2/build-a-backend/data/customize-authz/) section of the docs.
 </Callout>
 
-<b>Step 2:</b> Remove public access by deleting the `a.allow.public().to(['read'])` authorization rule. Your authorization rule will look like the code below:
+<b>Step 2:</b> Remove public access by deleting the `allow.publicApiKey().to(['read'])` authorization rule. Your authorization rule will look like the code below:
 
 ```js title="amplify/data/resource.ts"
 // ...
 
-.authorization([a.allow.owner()]),
+.authorization(allow => [allow.owner()]),
 
 // ...
 ```

src/pages/gen2/build-a-backend/data/connect-existing-data/index.mdx

@@ -92,7 +92,7 @@ import { schema as rdsSchema } from './schema.rds.ts'
 
 // Add an authorization rule to the schema
 // highlight-next-line
-rdsSchema.models.Todo.authorization([a.allow.public()])
+rdsSchema.models.Todo.authorization(allow => [allow.publicApiKey()])
 
 const schema = a.schema({
   Todo: a.model({
@@ -129,7 +129,7 @@ const schema = a.schema({
     content: a.string()
     isDone: a.boolean()
   })
-}).authorization([a.allow.public()])
+}).authorization(allow => [allow.publicApiKey()])
 
 const combinedSchema = a.schema.combine([
   schema,
@@ -166,7 +166,7 @@ rdsSchema.addQueries({
         ST_MakePoint(:lat, :long)
       ) <= :radiusInMeters
     `)
-    .authorization([a.allow.public()])
+    .authorization(allow => [allow.publicApiKey()])
 })
 // highlight-end
 

src/pages/gen2/build-a-backend/data/custom-business-logic/index.mdx

@@ -53,7 +53,7 @@ const schema = a.schema({
     // return type of the query
     .returns(a.ref('EchoResponse'))
     // only allow signed-in users to call this API
-    .authorization([a.allow.private()])
+    .authorization(allow => [allow.authenticated()])
 });
 
 export type Schema = ClientSchema<typeof schema>;
@@ -88,7 +88,7 @@ const schema = a.schema({
     // return type of the query
     .returns(a.ref('Post'))
     // only allow signed-in users to call this API
-    .authorization([a.allow.private()])
+    .authorization(allow => [allow.authenticated()])
 });
 
 export type Schema = ClientSchema<typeof schema>;
@@ -149,7 +149,7 @@ const schema = a.schema({
     .query()
     .arguments({ content: a.string() })
     .returns(a.ref('EchoResponse'))
-    .authorization([a.allow.public()])
+    .authorization(allow => [allow.publicApiKey()])
     // 3. set the function has the handler
     .handler(a.handler.function(echoHandler))
 });
@@ -185,17 +185,17 @@ const schema = a.schema({
   Post: a.model({
     content: a.string(),
     likes: a.integer()
-      .authorization([a.allow.private().to(['read'])])
+      .authorization(allow => [allow.authenticated().to(['read'])])
   }).authorization([
-    a.allow.owner(),
-    a.allow.private().to(['read'])
+    allow.owner(),
+    allow.authenticated().to(['read'])
   ]),
 
   likePost: a
     .mutation()
     .arguments({ postId: a.id() })
     .returns(a.ref('Post'))
-    .authorization([a.allow.private()])
+    .authorization(allow => [allow.authenticated()])
     .handler(a.handler.custom({
       dataSource: a.ref('Post'),
       entry: './increment-like.js'
@@ -278,17 +278,17 @@ const schema = a.schema({
   Post: a.model({
     content: a.string(),
     likes: a.integer()
-      .authorization([a.allow.private().to(['read'])])
+      .authorization(allow => [allow.authenticated().to(['read'])])
   }).authorization([
-    a.allow.owner(),
-    a.allow.private().to(['read'])
+    allow.owner(),
+    allow.authenticated().to(['read'])
   ]),
 
   likePost: a
     .mutation()
     .arguments({ postId: a.id() })
     .returns(a.ref('Post'))
-    .authorization([a.allow.private()])
+    .authorization(allow => [allow.authenticated()])
     .handler(a.handler.custom({
       // highlight-next-line
       dataSource: "ExternalTableDataSource",

src/pages/gen2/build-a-backend/data/custom-subscription/index.mdx

@@ -43,7 +43,7 @@ const schema = a.schema({
     })
     .returns(a.ref('Message'))
     .handler(a.handler.custom({ entry: './publish.js' }))
-    .authorization([a.allow.public()]),
+    .authorization(allow => [allow.publicApiKey()]),
 
   // highlight-start
   // Subscribe to incoming messages
@@ -55,13 +55,13 @@ const schema = a.schema({
     // subscription handler to set custom filters
     .handler(a.handler.custom({entry: './receive.js'})) 
     // authorization rules as to who can subscribe to the data
-    .authorization([a.allow.public()]),
+    .authorization(allow => [allow.publicApiKey()]),
   // highlight-end
 
   // A data model to manage channels
   Channel: a.model({
     name: a.string(),
-  }).authorization([a.allow.public()]),
+  }).authorization(allow => [allow.publicApiKey()]),
 });
 
 export type Schema = ClientSchema<typeof schema>;
@@ -166,14 +166,14 @@ const schema = a.schema({
     .handler(a.handler.custom({
       entry: "./publish.js"
     }))
-    .authorization([a.allow.private()]),
+    .authorization(allow => [allow.authenticated()]),
   
   // Subscribe to all events from the "publish" mutation
   receive: a.subscription(['publish'])
     // highlight-next-line
     .arguments({ name: a.string() })
     .returns(a.ref('Channel'))
-    .authorization([a.allow.public()])
+    .authorization(allow => [allow.publicApiKey()])
 });
 
 export type Schema = ClientSchema<typeof schema>;
@@ -193,7 +193,7 @@ import { type ClientSchema, a, defineData } from '@aws-amplify/backend';
 const schema = a.schema({
   Channel: a.model({
     name: a.string(),
-  }).authorization([a.allow.public()]),
+  }).authorization(allow => [allow.publicApiKey()]),
 
   Message: a.customType({
     content: a.string().required(),
@@ -207,15 +207,15 @@ const schema = a.schema({
     })
     .returns(a.ref('Message'))
     .handler(a.handler.custom({ entry: './publish.js' }))
-    .authorization([a.allow.public()]),
+    .authorization(allow => [allow.publicApiKey()]),
 
   receive: a.subscription()
     .for(a.ref('publish'))
     // highlight-next-line
     .arguments({ namePrefix: a.string() })
     .returns(a.ref('Message'))
     .handler(a.handler.custom({entry: './receive.js'}))
-    .authorization([a.allow.public()])
+    .authorization(allow => [allow.publicApiKey()])
 });
 
 export type Schema = ClientSchema<typeof schema>;

src/pages/gen2/build-a-backend/data/customize-authz/configure-custom-identity-and-group-claim/index.mdx

@@ -26,9 +26,9 @@ const schema = a.schema({
       postname: a.string(),
       content: a.string(),
     })
-    .authorization([
-      a.allow.owner().identityClaim('user_id'),
-      a.allow.specificGroups(['Moderator']).withClaimIn('user_groups'),
+    .authorization(allow => [
+      allow.owner().identityClaim('user_id'),
+      allow.groups(['Moderator']).withClaimIn('user_groups'),
     ]),
 });
 

src/pages/gen2/build-a-backend/data/customize-authz/custom-data-access-patterns/index.mdx

@@ -28,7 +28,7 @@ const schema = a.schema({
     })
     // STEP 1
     // Indicate which models / fields should use a custom authorization rule
-    .authorization([a.allow.custom()]),
+    .authorization(allow => [allow.custom()]),
 });
 
 export type Schema = ClientSchema<typeof schema>;

src/pages/gen2/build-a-backend/data/customize-authz/grant-lambda-function-access-to-api/index.mdx

@@ -34,7 +34,7 @@ const schema = a
     })
   })
   // highlight-next-line
-  .authorization([a.allow.resource(functionWithDataAccess)]);
+  .authorization(allow => [allow.resource(functionWithDataAccess)]);
 
 export type Schema = ClientSchema<typeof schema>;
 
@@ -43,7 +43,7 @@ export const data = defineData({
 });
 ```
 
-The object returned from `defineFunction` can be passed directly to `a.allow.resource()` in the schema authorization rules. This will grant the function the ability to execute Query, Mutation, and Subscription operations against the GraphQL API. Use the `.to()` method to narrow down access to one or more operations.
+The object returned from `defineFunction` can be passed directly to `allow.resource()` in the schema authorization rules. This will grant the function the ability to execute Query, Mutation, and Subscription operations against the GraphQL API. Use the `.to()` method to narrow down access to one or more operations.
 
 ```ts
 const schema = a
@@ -55,7 +55,7 @@ const schema = a
   })
   // highlight-start
   .authorization([
-    a.allow.resource(functionWithDataAccess).to(['query', 'listen'])
+    allow.resource(functionWithDataAccess).to(['query', 'listen'])
   ]); // allow query and subscription operations but not mutations
 // highlight-end
 ```

src/pages/gen2/build-a-backend/data/customize-authz/index.mdx

@@ -23,12 +23,12 @@ Use the `.authorization()` modifier to configure authorization rules for public,
 const schema = a.schema({
   Post: a.model({
     content: a.string()
-  }).authorization([
+  }).authorization(allow => [
     // Allow anyone auth'd with an API key to read everyone's posts.
-    a.allow.public().to(['read']),
+    allow.publicApiKey().to(['read']),
     // Allow signed-in user to create, read, update,
     // and delete their __OWN__ posts.
-    a.allow.owner(),
+    allow.owner(),
   ])
 })
 ```
@@ -59,7 +59,7 @@ If there are multiple authorization rules present, they will be logically OR'ed.
 
 To help you get started, you can define an authorization rule on the data schema that will be applied to all data models that **do not** have a model-level authorization rule. Instead of having a global authorization rule for all production environments, we recommend creating specific authorization rules for each model or field.
 
-The global authorization rule below uses `a.allow.public()`. This example allows anyone to create, read, update, and delete and is applied to every data model.
+The global authorization rule below uses `allow.publicApiKey()`. This example allows anyone to create, read, update, and delete and is applied to every data model.
 
 ```ts
 const schema = a.schema({
@@ -73,11 +73,11 @@ const schema = a.schema({
   Notes: a.model({
     content: a.string()
     // [Model-level authorization rule]
-  }).authorization([a.allow.public().to(['read'])])
+  }).authorization(allow => [allow.publicApiKey().to(['read'])])
 
 // [Global authorization rule]
-}).authorization([
-  a.allow.public()
+}).authorization(allow => [
+  allow.publicApiKey()
 ])
 ```
 
@@ -93,9 +93,9 @@ const schema = a.schema({
     // [Model-level authorization rule]
     // All fields (content, createdBy) will be protected by
     // this authorization rule
-  }).authorization([
-    a.allow.public().to(['read']),
-    a.allow.owner(),
+  }).authorization(allow => [
+    allow.publicApiKey().to(['read']),
+    allow.owner(),
   ])
 })
 ```
@@ -117,13 +117,13 @@ const schema = a.schema({
     // [Field-level authorization rule]
     // This auth rule will be used for the "ssn" field
     // All other fields will use the model-level auth rule
-    ssn: a.string().authorization([a.allow.owner()]),
+    ssn: a.string().authorization(allow => [allow.owner()]),
   })
 
   // [Model-level authorization rule]
-  .authorization([
-    a.allow.private().to(["read"]),
-    a.allow.owner()
+  .authorization(allow => [
+    allow.authenticated().to(["read"]),
+    allow.owner()
   ]),
 });
 ```
@@ -139,9 +139,9 @@ const schema = a.schema({
   Post: a.model({
     title: a.string(),
     content: a.string()
-  }).authorization([
-    a.allow.public("identityPool").to(["read"]),
-    a.allow.owner()
+  }).authorization(allow => [
+    allow.guest().to(["read"]),
+    allow.owner()
   ])
 })
 ```

src/pages/gen2/build-a-backend/data/customize-authz/multi-user-data-access/index.mdx

@@ -1,6 +1,6 @@
 export const meta = {
   title: 'Multi-user data access',
-  description: "The `multipleOwners` rule grants a set of users access to a record by automatically creating an `owners` field to store the allowed record owners. You can override the default owners field name by specifying `inField` with the desired field name to store the owner information. You can dynamically manage which users can access a record by updating the owner field."
+  description: "The `ownersDefinedIn` rule grants a set of users access to a record by automatically creating an `owners` field to store the allowed record owners. You can override the default owners field name by specifying `inField` with the desired field name to store the owner information. You can dynamically manage which users can access a record by updating the owner field."
 };
 
 
@@ -12,19 +12,19 @@ export function getStaticProps(context) {
   };
 }
 
-The `multipleOwners` rule grants a set of users access to a record by automatically creating an `owners` field to store the allowed record owners. You can override the default owners field name by specifying `inField` with the desired field name to store the owner information. You can dynamically manage which users can access a record by updating the owner field.
+The `ownersDefinedIn` rule grants a set of users access to a record by automatically creating an `owners` field to store the allowed record owners. You can override the default owners field name by specifying `inField` with the desired field name to store the owner information. You can dynamically manage which users can access a record by updating the owner field.
 
 ## Add multi-user authorization rule
 
-If you want to grant a set of users access to a record, you use the `multipleOwners` rule. This automatically creates a `owner: a.string().array()` field to store the allowed owners.
+If you want to grant a set of users access to a record, you use the `ownersDefinedIn` rule. This automatically creates a `owner: a.string().array()` field to store the allowed owners.
 
 ```ts title="amplify/data/resource.ts"
 const schema = a.schema({
   Todo: a
     .model({
       content: a.string(),
     })
-    .authorization([a.allow.multipleOwners()]),
+    .authorization(allow => [allow.ownersDefinedIn('owners')]),
 });
 ```
 
@@ -74,6 +74,6 @@ const schema = a.schema({
       content: a.string(),
       authors: a.string().array(), // record owner information now stored in "authors" field
     })
-    .authorization([a.allow.multipleOwners().inField('authors')]),
+    .authorization(allow => [allow.ownersDefinedIn('authors')]),
 });
 ```