From d4cc9d7d4e1ee114f2798078126db2cccbf4b60a Mon Sep 17 00:00:00 2001 From: Rene Brandel Date: Thu, 18 Apr 2024 21:52:28 -0400 Subject: [PATCH 1/3] Updated authorization rules to use the new syntax --- .../gen2/quickstart/build-a-backend.mdx | 10 +++--- .../data/connect-existing-data/index.mdx | 6 ++-- .../data/custom-business-logic/index.mdx | 22 ++++++------ .../data/custom-subscription/index.mdx | 16 ++++----- .../index.mdx | 6 ++-- .../custom-data-access-patterns/index.mdx | 2 +- .../index.mdx | 6 ++-- .../data/customize-authz/index.mdx | 34 +++++++++---------- .../multi-user-data-access/index.mdx | 10 +++--- .../per-user-per-owner-data-access/index.mdx | 10 +++--- .../public-data-access/index.mdx | 4 +-- .../signed-in-user-data-access/index.mdx | 4 +-- .../user-group-based-data-access/index.mdx | 10 +++--- .../index.mdx | 10 +++--- .../data/data-modeling/identifiers/index.mdx | 4 +-- .../data/data-modeling/index.mdx | 2 +- .../data-modeling/relationships/index.mdx | 10 +++--- .../data-modeling/secondary-index/index.mdx | 8 ++--- .../data/set-up-data/index.mdx | 4 +-- src/pages/gen2/start/mobile-support/index.mdx | 6 ++-- 20 files changed, 92 insertions(+), 92 deletions(-) diff --git a/src/fragments/gen2/quickstart/build-a-backend.mdx b/src/fragments/gen2/quickstart/build-a-backend.mdx index cba4f141643..f1245a2e1ec 100644 --- a/src/fragments/gen2/quickstart/build-a-backend.mdx +++ b/src/fragments/gen2/quickstart/build-a-backend.mdx @@ -27,7 +27,7 @@ const schema = a.schema({ .model({ content: a.string() }) - .authorization([a.allow.owner(), a.allow.public().to(['read'])]) + .authorization(allow => [allow.owner(), allow.publicApiKey().to(['read'])]) }); export type Schema = ClientSchema; @@ -36,7 +36,7 @@ export const data = defineData({ schema, authorizationModes: { defaultAuthorizationMode: 'apiKey', - // API Key is used for a.allow.public() rules + // API Key is used for allow.publicApiKey() rules apiKeyAuthorizationMode: { expiresInDays: 30 } @@ -99,7 +99,7 @@ const schema = a.schema({ priority: a.enum(['low', 'medium', 'high']) // highlight-end }) - .authorization([a.allow.owner(), a.allow.public().to(['read'])]), + .authorization(allow => [allow.owner(), allow.publicApiKey().to(['read'])]), }); // ... @@ -114,12 +114,12 @@ The `Todo` data model is defined with authorization rules to allow the person wh **Note:** These authorization rules can be modified using a chain of methods as defined by default. For example, we could remove the `.to(['read'])` and allow all visitors to perform all actions on data or add permissions for signed-in users or users who belong to user groups such as `Admin`. You can learn more about all options for authorization in the [Customize your auth rules](/gen2/build-a-backend/data/customize-authz/) section of the docs. -Step 2: Remove public access by deleting the `a.allow.public().to(['read'])` authorization rule. Your authorization rule will look like the code below: +Step 2: Remove public access by deleting the `allow.publicApiKey().to(['read'])` authorization rule. Your authorization rule will look like the code below: ```js title="amplify/data/resource.ts" // ... -.authorization([a.allow.owner()]), +.authorization(allow => [allow.owner()]), // ... ``` diff --git a/src/pages/gen2/build-a-backend/data/connect-existing-data/index.mdx b/src/pages/gen2/build-a-backend/data/connect-existing-data/index.mdx index 8057b800547..e069be5ed8b 100644 --- a/src/pages/gen2/build-a-backend/data/connect-existing-data/index.mdx +++ b/src/pages/gen2/build-a-backend/data/connect-existing-data/index.mdx @@ -92,7 +92,7 @@ import { schema as rdsSchema } from './schema.rds.ts' // Add an authorization rule to the schema // highlight-next-line -rdsSchema.models.Todo.authorization([a.allow.public()]) +rdsSchema.models.Todo.authorization(allow => [allow.publicApiKey()]) const schema = a.schema({ Todo: a.model({ @@ -129,7 +129,7 @@ const schema = a.schema({ content: a.string() isDone: a.boolean() }) -}).authorization([a.allow.public()]) +}).authorization(allow => [allow.publicApiKey()]) const combinedSchema = a.schema.combine([ schema, @@ -166,7 +166,7 @@ rdsSchema.addQueries({ ST_MakePoint(:lat, :long) ) <= :radiusInMeters `) - .authorization([a.allow.public()]) + .authorization(allow => [allow.publicApiKey()]) }) // highlight-end diff --git a/src/pages/gen2/build-a-backend/data/custom-business-logic/index.mdx b/src/pages/gen2/build-a-backend/data/custom-business-logic/index.mdx index ee37a2a9775..a6e91c95366 100644 --- a/src/pages/gen2/build-a-backend/data/custom-business-logic/index.mdx +++ b/src/pages/gen2/build-a-backend/data/custom-business-logic/index.mdx @@ -53,7 +53,7 @@ const schema = a.schema({ // return type of the query .returns(a.ref('EchoResponse')) // only allow signed-in users to call this API - .authorization([a.allow.private()]) + .authorization(allow => [allow.authenticated()]) }); export type Schema = ClientSchema; @@ -88,7 +88,7 @@ const schema = a.schema({ // return type of the query .returns(a.ref('Post')) // only allow signed-in users to call this API - .authorization([a.allow.private()]) + .authorization(allow => [allow.authenticated()]) }); export type Schema = ClientSchema; @@ -149,7 +149,7 @@ const schema = a.schema({ .query() .arguments({ content: a.string() }) .returns(a.ref('EchoResponse')) - .authorization([a.allow.public()]) + .authorization(allow => [allow.publicApiKey()]) // 3. set the function has the handler .handler(a.handler.function(echoHandler)) }); @@ -185,17 +185,17 @@ const schema = a.schema({ Post: a.model({ content: a.string(), likes: a.integer() - .authorization([a.allow.private().to(['read'])]) + .authorization(allow => [allow.authenticated().to(['read'])]) }).authorization([ - a.allow.owner(), - a.allow.private().to(['read']) + allow.owner(), + allow.authenticated().to(['read']) ]), likePost: a .mutation() .arguments({ postId: a.id() }) .returns(a.ref('Post')) - .authorization([a.allow.private()]) + .authorization(allow => [allow.authenticated()]) .handler(a.handler.custom({ dataSource: a.ref('Post'), entry: './increment-like.js' @@ -278,17 +278,17 @@ const schema = a.schema({ Post: a.model({ content: a.string(), likes: a.integer() - .authorization([a.allow.private().to(['read'])]) + .authorization(allow => [allow.authenticated().to(['read'])]) }).authorization([ - a.allow.owner(), - a.allow.private().to(['read']) + allow.owner(), + allow.authenticated().to(['read']) ]), likePost: a .mutation() .arguments({ postId: a.id() }) .returns(a.ref('Post')) - .authorization([a.allow.private()]) + .authorization(allow => [allow.authenticated()]) .handler(a.handler.custom({ // highlight-next-line dataSource: "ExternalTableDataSource", diff --git a/src/pages/gen2/build-a-backend/data/custom-subscription/index.mdx b/src/pages/gen2/build-a-backend/data/custom-subscription/index.mdx index 7354da3f0b1..6e5adbe8638 100644 --- a/src/pages/gen2/build-a-backend/data/custom-subscription/index.mdx +++ b/src/pages/gen2/build-a-backend/data/custom-subscription/index.mdx @@ -43,7 +43,7 @@ const schema = a.schema({ }) .returns(a.ref('Message')) .handler(a.handler.custom({ entry: './publish.js' })) - .authorization([a.allow.public()]), + .authorization(allow => [allow.publicApiKey()]), // highlight-start // Subscribe to incoming messages @@ -55,13 +55,13 @@ const schema = a.schema({ // subscription handler to set custom filters .handler(a.handler.custom({entry: './receive.js'})) // authorization rules as to who can subscribe to the data - .authorization([a.allow.public()]), + .authorization(allow => [allow.publicApiKey()]), // highlight-end // A data model to manage channels Channel: a.model({ name: a.string(), - }).authorization([a.allow.public()]), + }).authorization(allow => [allow.publicApiKey()]), }); export type Schema = ClientSchema; @@ -166,14 +166,14 @@ const schema = a.schema({ .handler(a.handler.custom({ entry: "./publish.js" })) - .authorization([a.allow.private()]), + .authorization(allow => [allow.authenticated()]), // Subscribe to all events from the "publish" mutation receive: a.subscription(['publish']) // highlight-next-line .arguments({ name: a.string() }) .returns(a.ref('Channel')) - .authorization([a.allow.public()]) + .authorization(allow => [allow.publicApiKey()]) }); export type Schema = ClientSchema; @@ -193,7 +193,7 @@ import { type ClientSchema, a, defineData } from '@aws-amplify/backend'; const schema = a.schema({ Channel: a.model({ name: a.string(), - }).authorization([a.allow.public()]), + }).authorization(allow => [allow.publicApiKey()]), Message: a.customType({ content: a.string().required(), @@ -207,7 +207,7 @@ const schema = a.schema({ }) .returns(a.ref('Message')) .handler(a.handler.custom({ entry: './publish.js' })) - .authorization([a.allow.public()]), + .authorization(allow => [allow.publicApiKey()]), receive: a.subscription() .for(a.ref('publish')) @@ -215,7 +215,7 @@ const schema = a.schema({ .arguments({ namePrefix: a.string() }) .returns(a.ref('Message')) .handler(a.handler.custom({entry: './receive.js'})) - .authorization([a.allow.public()]) + .authorization(allow => [allow.publicApiKey()]) }); export type Schema = ClientSchema; diff --git a/src/pages/gen2/build-a-backend/data/customize-authz/configure-custom-identity-and-group-claim/index.mdx b/src/pages/gen2/build-a-backend/data/customize-authz/configure-custom-identity-and-group-claim/index.mdx index 6dc13f3656e..90f0647bc74 100644 --- a/src/pages/gen2/build-a-backend/data/customize-authz/configure-custom-identity-and-group-claim/index.mdx +++ b/src/pages/gen2/build-a-backend/data/customize-authz/configure-custom-identity-and-group-claim/index.mdx @@ -26,9 +26,9 @@ const schema = a.schema({ postname: a.string(), content: a.string(), }) - .authorization([ - a.allow.owner().identityClaim('user_id'), - a.allow.specificGroups(['Moderator']).withClaimIn('user_groups'), + .authorization(allow => [ + allow.owner().identityClaim('user_id'), + allow.groups(['Moderator']).withClaimIn('user_groups'), ]), }); diff --git a/src/pages/gen2/build-a-backend/data/customize-authz/custom-data-access-patterns/index.mdx b/src/pages/gen2/build-a-backend/data/customize-authz/custom-data-access-patterns/index.mdx index 730cfefd3f2..59b11216555 100644 --- a/src/pages/gen2/build-a-backend/data/customize-authz/custom-data-access-patterns/index.mdx +++ b/src/pages/gen2/build-a-backend/data/customize-authz/custom-data-access-patterns/index.mdx @@ -28,7 +28,7 @@ const schema = a.schema({ }) // STEP 1 // Indicate which models / fields should use a custom authorization rule - .authorization([a.allow.custom()]), + .authorization(allow => [allow.custom()]), }); export type Schema = ClientSchema; diff --git a/src/pages/gen2/build-a-backend/data/customize-authz/grant-lambda-function-access-to-api/index.mdx b/src/pages/gen2/build-a-backend/data/customize-authz/grant-lambda-function-access-to-api/index.mdx index 7b4afecd7bf..6e2207a1b34 100644 --- a/src/pages/gen2/build-a-backend/data/customize-authz/grant-lambda-function-access-to-api/index.mdx +++ b/src/pages/gen2/build-a-backend/data/customize-authz/grant-lambda-function-access-to-api/index.mdx @@ -34,7 +34,7 @@ const schema = a }) }) // highlight-next-line - .authorization([a.allow.resource(functionWithDataAccess)]); + .authorization(allow => [allow.resource(functionWithDataAccess)]); export type Schema = ClientSchema; @@ -43,7 +43,7 @@ export const data = defineData({ }); ``` -The object returned from `defineFunction` can be passed directly to `a.allow.resource()` in the schema authorization rules. This will grant the function the ability to execute Query, Mutation, and Subscription operations against the GraphQL API. Use the `.to()` method to narrow down access to one or more operations. +The object returned from `defineFunction` can be passed directly to `allow.resource()` in the schema authorization rules. This will grant the function the ability to execute Query, Mutation, and Subscription operations against the GraphQL API. Use the `.to()` method to narrow down access to one or more operations. ```ts const schema = a @@ -55,7 +55,7 @@ const schema = a }) // highlight-start .authorization([ - a.allow.resource(functionWithDataAccess).to(['query', 'listen']) + allow.resource(functionWithDataAccess).to(['query', 'listen']) ]); // allow query and subscription operations but not mutations // highlight-end ``` diff --git a/src/pages/gen2/build-a-backend/data/customize-authz/index.mdx b/src/pages/gen2/build-a-backend/data/customize-authz/index.mdx index 23b47646a19..e5f3bd5a188 100644 --- a/src/pages/gen2/build-a-backend/data/customize-authz/index.mdx +++ b/src/pages/gen2/build-a-backend/data/customize-authz/index.mdx @@ -23,12 +23,12 @@ Use the `.authorization()` modifier to configure authorization rules for public, const schema = a.schema({ Post: a.model({ content: a.string() - }).authorization([ + }).authorization(allow => [ // Allow anyone auth'd with an API key to read everyone's posts. - a.allow.public().to(['read']), + allow.publicApiKey().to(['read']), // Allow signed-in user to create, read, update, // and delete their __OWN__ posts. - a.allow.owner(), + allow.owner(), ]) }) ``` @@ -59,7 +59,7 @@ If there are multiple authorization rules present, they will be logically OR'ed. To help you get started, you can define an authorization rule on the data schema that will be applied to all data models that **do not** have a model-level authorization rule. Instead of having a global authorization rule for all production environments, we recommend creating specific authorization rules for each model or field. -The global authorization rule below uses `a.allow.public()`. This example allows anyone to create, read, update, and delete and is applied to every data model. +The global authorization rule below uses `allow.publicApiKey()`. This example allows anyone to create, read, update, and delete and is applied to every data model. ```ts const schema = a.schema({ @@ -73,11 +73,11 @@ const schema = a.schema({ Notes: a.model({ content: a.string() // [Model-level authorization rule] - }).authorization([a.allow.public().to(['read'])]) + }).authorization(allow => [allow.publicApiKey().to(['read'])]) // [Global authorization rule] -}).authorization([ - a.allow.public() +}).authorization(allow => [ + allow.publicApiKey() ]) ``` @@ -93,9 +93,9 @@ const schema = a.schema({ // [Model-level authorization rule] // All fields (content, createdBy) will be protected by // this authorization rule - }).authorization([ - a.allow.public().to(['read']), - a.allow.owner(), + }).authorization(allow => [ + allow.publicApiKey().to(['read']), + allow.owner(), ]) }) ``` @@ -117,13 +117,13 @@ const schema = a.schema({ // [Field-level authorization rule] // This auth rule will be used for the "ssn" field // All other fields will use the model-level auth rule - ssn: a.string().authorization([a.allow.owner()]), + ssn: a.string().authorization(allow => [allow.owner()]), }) // [Model-level authorization rule] - .authorization([ - a.allow.private().to(["read"]), - a.allow.owner() + .authorization(allow => [ + allow.authenticated().to(["read"]), + allow.owner() ]), }); ``` @@ -139,9 +139,9 @@ const schema = a.schema({ Post: a.model({ title: a.string(), content: a.string() - }).authorization([ - a.allow.public("identityPool").to(["read"]), - a.allow.owner() + }).authorization(allow => [ + allow.guest().to(["read"]), + allow.owner() ]) }) ``` diff --git a/src/pages/gen2/build-a-backend/data/customize-authz/multi-user-data-access/index.mdx b/src/pages/gen2/build-a-backend/data/customize-authz/multi-user-data-access/index.mdx index 97c1cf8e932..7dc6212660a 100644 --- a/src/pages/gen2/build-a-backend/data/customize-authz/multi-user-data-access/index.mdx +++ b/src/pages/gen2/build-a-backend/data/customize-authz/multi-user-data-access/index.mdx @@ -1,6 +1,6 @@ export const meta = { title: 'Multi-user data access', - description: "The `multipleOwners` rule grants a set of users access to a record by automatically creating an `owners` field to store the allowed record owners. You can override the default owners field name by specifying `inField` with the desired field name to store the owner information. You can dynamically manage which users can access a record by updating the owner field." + description: "The `ownersDefinedIn` rule grants a set of users access to a record by automatically creating an `owners` field to store the allowed record owners. You can override the default owners field name by specifying `inField` with the desired field name to store the owner information. You can dynamically manage which users can access a record by updating the owner field." }; @@ -12,11 +12,11 @@ export function getStaticProps(context) { }; } -The `multipleOwners` rule grants a set of users access to a record by automatically creating an `owners` field to store the allowed record owners. You can override the default owners field name by specifying `inField` with the desired field name to store the owner information. You can dynamically manage which users can access a record by updating the owner field. +The `ownersDefinedIn` rule grants a set of users access to a record by automatically creating an `owners` field to store the allowed record owners. You can override the default owners field name by specifying `inField` with the desired field name to store the owner information. You can dynamically manage which users can access a record by updating the owner field. ## Add multi-user authorization rule -If you want to grant a set of users access to a record, you use the `multipleOwners` rule. This automatically creates a `owner: a.string().array()` field to store the allowed owners. +If you want to grant a set of users access to a record, you use the `ownersDefinedIn` rule. This automatically creates a `owner: a.string().array()` field to store the allowed owners. ```ts title="amplify/data/resource.ts" const schema = a.schema({ @@ -24,7 +24,7 @@ const schema = a.schema({ .model({ content: a.string(), }) - .authorization([a.allow.multipleOwners()]), + .authorization(allow => [allow.ownersDefinedIn('owners')]), }); ``` @@ -74,6 +74,6 @@ const schema = a.schema({ content: a.string(), authors: a.string().array(), // record owner information now stored in "authors" field }) - .authorization([a.allow.multipleOwners().inField('authors')]), + .authorization(allow => [allow.ownersDefinedIn('authors')]), }); ``` diff --git a/src/pages/gen2/build-a-backend/data/customize-authz/per-user-per-owner-data-access/index.mdx b/src/pages/gen2/build-a-backend/data/customize-authz/per-user-per-owner-data-access/index.mdx index 54a84cd4217..ca191efbc36 100644 --- a/src/pages/gen2/build-a-backend/data/customize-authz/per-user-per-owner-data-access/index.mdx +++ b/src/pages/gen2/build-a-backend/data/customize-authz/per-user-per-owner-data-access/index.mdx @@ -26,7 +26,7 @@ const schema = a.schema({ .model({ content: a.string(), }) - .authorization([a.allow.owner()]), + .authorization(allow => [allow.owner()]), }); ``` @@ -38,7 +38,7 @@ const schema = a.schema({ .model({ content: a.string(), }) - .authorization([a.allow.owner().to(['create', 'read', 'update'])]), + .authorization(allow => [allow.owner().to(['create', 'read', 'update'])]), }); ``` @@ -77,9 +77,9 @@ const schema = a.schema({ Todo: a .model({ content: a.string(), - owner: a.string().authorization([a.allow.owner().to(['read', 'delete'])]), + owner: a.string().authorization(allow => [allow.owner().to(['read', 'delete'])]), }) - .authorization([a.allow.owner()]), + .authorization(allow => [allow.owner()]), }); ``` @@ -96,6 +96,6 @@ const schema = a.schema({ content: a.string(), author: a.string(), // record owner information now stored in "author" field }) - .authorization([a.allow.owner().inField('author')]), + .authorization(allow => [allow.ownerDefinedIn('author')]), }); ``` diff --git a/src/pages/gen2/build-a-backend/data/customize-authz/public-data-access/index.mdx b/src/pages/gen2/build-a-backend/data/customize-authz/public-data-access/index.mdx index ecfc87a8c9f..aa1f6aa4a1e 100644 --- a/src/pages/gen2/build-a-backend/data/customize-authz/public-data-access/index.mdx +++ b/src/pages/gen2/build-a-backend/data/customize-authz/public-data-access/index.mdx @@ -23,7 +23,7 @@ const schema = a.schema({ .model({ content: a.string(), }) - .authorization([a.allow.public()]), + .authorization(allow => [allow.publicApiKey()]), }); ``` @@ -57,7 +57,7 @@ const schema = a.schema({ .model({ content: a.string(), }) - .authorization([a.allow.public('identityPool')]), + .authorization(allow => [allow.guest()]), }); ``` diff --git a/src/pages/gen2/build-a-backend/data/customize-authz/signed-in-user-data-access/index.mdx b/src/pages/gen2/build-a-backend/data/customize-authz/signed-in-user-data-access/index.mdx index d02f7009a7f..27b0b82c9b7 100644 --- a/src/pages/gen2/build-a-backend/data/customize-authz/signed-in-user-data-access/index.mdx +++ b/src/pages/gen2/build-a-backend/data/customize-authz/signed-in-user-data-access/index.mdx @@ -29,7 +29,7 @@ const schema = a.schema({ .model({ content: a.string(), }) - .authorization([a.allow.private()]), + .authorization(allow => [allow.authenticated()]), }); ``` @@ -64,7 +64,7 @@ const schema = a.schema({ .model({ content: a.string(), }) - .authorization([a.allow.private('identityPool')]), + .authorization(allow => [allow.authenticated('identityPool')]), }); ``` diff --git a/src/pages/gen2/build-a-backend/data/customize-authz/user-group-based-data-access/index.mdx b/src/pages/gen2/build-a-backend/data/customize-authz/user-group-based-data-access/index.mdx index 2de0c26b284..d744a424f67 100644 --- a/src/pages/gen2/build-a-backend/data/customize-authz/user-group-based-data-access/index.mdx +++ b/src/pages/gen2/build-a-backend/data/customize-authz/user-group-based-data-access/index.mdx @@ -25,7 +25,7 @@ const schema = a.schema({ wage: a.float(), currency: a.string(), }) - .authorization([a.allow.specificGroup('Admin')]), + .authorization(allow => [allow.group('Admin')]), }); ``` @@ -61,7 +61,7 @@ const schema = a.schema({ wage: a.float(), currency: a.string(), }) - .authorization([a.allow.specificGroups(['Admin', 'Leadership'])]), + .authorization(allow => [allow.groups(['Admin', 'Leadership'])]), }); ``` @@ -77,7 +77,7 @@ const schema = a.schema({ title: a.string(), groups: a.string().array(), }) - .authorization([a.allow.groupsDefinedIn('groups')]), + .authorization(allow => [allow.groupsDefinedIn('groups')]), }); ``` @@ -87,9 +87,9 @@ const schema = a.schema({ Post: a .model({ title: a.string(), - groups: a.string(), + group: a.string(), }) - .authorization([a.allow.groupDefinedIn('groups')]), + .authorization(allow => [allow.groupDefinedIn('group')]), }); ``` diff --git a/src/pages/gen2/build-a-backend/data/customize-authz/using-oidc-authorization-provider/index.mdx b/src/pages/gen2/build-a-backend/data/customize-authz/using-oidc-authorization-provider/index.mdx index 0132ebf9dfe..dda80097389 100644 --- a/src/pages/gen2/build-a-backend/data/customize-authz/using-oidc-authorization-provider/index.mdx +++ b/src/pages/gen2/build-a-backend/data/customize-authz/using-oidc-authorization-provider/index.mdx @@ -24,11 +24,11 @@ const schema = a.schema({ .model({ content: a.string(), }) - .authorization([ - a.allow.owner('oidc').identityClaim('user_id'), - a.allow.private('oidc'), - a.allow - .specificGroups(['testGroupName'], 'oidc') + .authorization(allow => [ + allow.owner('oidc').identityClaim('user_id'), + allow.authenticated('oidc'), + allow + .groups(['testGroupName'], 'oidc') .withClaimIn('user_groups'), ]), }); diff --git a/src/pages/gen2/build-a-backend/data/data-modeling/identifiers/index.mdx b/src/pages/gen2/build-a-backend/data/data-modeling/identifiers/index.mdx index 76f1a517100..0be3a5d4c8f 100644 --- a/src/pages/gen2/build-a-backend/data/data-modeling/identifiers/index.mdx +++ b/src/pages/gen2/build-a-backend/data/data-modeling/identifiers/index.mdx @@ -45,7 +45,7 @@ const schema = a.schema({ title: a.string(), completed: a.boolean(), }).identifier(['todoId']) - .authorization([a.allow.public()]), + .authorization(allow => [allow.publicApiKey()]), }); const client = generateClient(); @@ -69,7 +69,7 @@ const schema = a.schema({ zipCode: a.string(), streetAddress: a.string(), }).identifier(['tenantId', 'name']) - .authorization([a.allow.public()]), + .authorization(allow => [allow.publicApiKey()]), }); const client = generateClient(); diff --git a/src/pages/gen2/build-a-backend/data/data-modeling/index.mdx b/src/pages/gen2/build-a-backend/data/data-modeling/index.mdx index 4505a42d0b5..41c10c6ac84 100644 --- a/src/pages/gen2/build-a-backend/data/data-modeling/index.mdx +++ b/src/pages/gen2/build-a-backend/data/data-modeling/index.mdx @@ -47,7 +47,7 @@ const schema = a.schema({ }).secondaryIndexes(index => [ index('representativeId') ]), -}).authorization([a.allow.owner()]) +}).authorization(allow => [allow.owner()]) ``` diff --git a/src/pages/gen2/build-a-backend/data/data-modeling/relationships/index.mdx b/src/pages/gen2/build-a-backend/data/data-modeling/relationships/index.mdx index 4e2ede257d4..dbe16a38772 100644 --- a/src/pages/gen2/build-a-backend/data/data-modeling/relationships/index.mdx +++ b/src/pages/gen2/build-a-backend/data/data-modeling/relationships/index.mdx @@ -39,7 +39,7 @@ const schema = a.schema({ // 2. Create a belongsTo relationship with the reference field team: a.belongsTo('Team', 'teamId'), }) - .authorization([a.allow.public()]), + .authorization(allow => [allow.publicApiKey()]), Team: a.model({ mantra: a.string().required(), @@ -47,7 +47,7 @@ const schema = a.schema({ // from the `Member`s model. members: a.hasMany('Member', 'teamId'), }) - .authorization([a.allow.public()]), + .authorization(allow => [allow.publicApiKey()]), }); ``` @@ -229,7 +229,7 @@ const schema = a.schema({ // highlight-next-line posts: a.hasMany('PostTag', 'tagId'), }), -}).authorization([a.allow.public()]); +}).authorization(allow => [allow.publicApiKey()]); ``` ## Model multiple relationships between two models @@ -255,7 +255,7 @@ const schema = a.schema({ authoredPosts: a.hasMany('Post', 'authorId'), // highlight-end }), -}).authorization([a.allow.public()]); +}).authorization(allow => [allow.publicApiKey()]); ``` On the client-side, you can fetch the related data with the following code: @@ -294,7 +294,7 @@ const schema = a.schema({ authoredPosts: a.hasMany('Post', ['authorName', 'authorDoB']), // highlight-next-line }).identifier(['name', 'dateOfBirth']), -}).authorization([a.allow.public()]); +}).authorization(allow => [allow.publicApiKey()]); ``` ## Make relationships required or optional diff --git a/src/pages/gen2/build-a-backend/data/data-modeling/secondary-index/index.mdx b/src/pages/gen2/build-a-backend/data/data-modeling/secondary-index/index.mdx index b37f89c14e8..90d21cd8d21 100644 --- a/src/pages/gen2/build-a-backend/data/data-modeling/secondary-index/index.mdx +++ b/src/pages/gen2/build-a-backend/data/data-modeling/secondary-index/index.mdx @@ -26,7 +26,7 @@ export const schema = a.schema({ }) // highlight-next-line .secondaryIndexes((index) => [index("accountRepresentativeId")]) - .authorization([a.allow.public()]), + .authorization(allow => [allow.publicApiKey()]), }); ``` @@ -71,7 +71,7 @@ export const schema = a.schema({ // highlight-next-line .sortKeys(["name"]), ]) - .authorization([a.allow.owner()]), + .authorization(allow => [allow.owner()]), }); ``` @@ -108,7 +108,7 @@ const schema = a.schema({ // highlight-next-line .queryField("listByRep"), ]) - .authorization([a.allow.owner()]), + .authorization(allow => [allow.owner()]), }); ``` @@ -141,6 +141,6 @@ const schema = a.schema({ // highlight-next-line .name("MyCustomIndexName"), ]) - .authorization([a.allow.owner()]), + .authorization(allow => [allow.owner()]), }); ``` diff --git a/src/pages/gen2/build-a-backend/data/set-up-data/index.mdx b/src/pages/gen2/build-a-backend/data/set-up-data/index.mdx index f54724275b1..283093d58bd 100644 --- a/src/pages/gen2/build-a-backend/data/set-up-data/index.mdx +++ b/src/pages/gen2/build-a-backend/data/set-up-data/index.mdx @@ -38,7 +38,7 @@ const schema = a.schema({ content: a.string(), isDone: a.boolean() }) - .authorization([a.allow.public()]) + .authorization(allow => [allow.publicApiKey()]) }); // Used for code completion / highlighting when making requests from frontend @@ -60,7 +60,7 @@ Every `a.model()` automatically creates the following resources in the cloud: - query and mutation APIs to create, read (list/get), update, and delete records - real-time APIs to subscribe for create, update, and delete events of records -The `a.allow.public()` rule designates that anyone authenticated using an API key can create, read, update, and delete todos. +The `allow.publicApiKey()` rule designates that anyone authenticated using an API key can create, read, update, and delete todos. To deploy these resources to your cloud sandbox, run the following CLI command in your terminal: diff --git a/src/pages/gen2/start/mobile-support/index.mdx b/src/pages/gen2/start/mobile-support/index.mdx index 91fb7f99e65..6262bf72c5c 100644 --- a/src/pages/gen2/start/mobile-support/index.mdx +++ b/src/pages/gen2/start/mobile-support/index.mdx @@ -225,7 +225,7 @@ const schema = a.schema({ content: a.string(), isDone: a.boolean() }) - .authorization([a.allow.owner()]) + .authorization(allow => [allow.owner()]) }); export type Schema = ClientSchema; @@ -639,7 +639,7 @@ const schema = a.schema({ content: a.string(), isDone: a.boolean() }) - .authorization([a.allow.owner()]) + .authorization(allow => [allow.owner()]) }); export type Schema = ClientSchema; @@ -1019,7 +1019,7 @@ const schema = a.schema({ content: a.string(), isDone: a.boolean() }) - .authorization([a.allow.owner()]) + .authorization(allow => [allow.owner()]) }); export type Schema = ClientSchema; From 8c9ab45331f4f4ce7a43eb85bf6121552a836686 Mon Sep 17 00:00:00 2001 From: Rene Brandel <4989523+renebrandel@users.noreply.github.com> Date: Thu, 18 Apr 2024 19:13:34 -0700 Subject: [PATCH 2/3] Update src/pages/gen2/build-a-backend/data/customize-authz/signed-in-user-data-access/index.mdx Co-authored-by: Hui Zhao <10602282+HuiSF@users.noreply.github.com> --- .../data/customize-authz/signed-in-user-data-access/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/gen2/build-a-backend/data/customize-authz/signed-in-user-data-access/index.mdx b/src/pages/gen2/build-a-backend/data/customize-authz/signed-in-user-data-access/index.mdx index 27b0b82c9b7..715ed2ae9f2 100644 --- a/src/pages/gen2/build-a-backend/data/customize-authz/signed-in-user-data-access/index.mdx +++ b/src/pages/gen2/build-a-backend/data/customize-authz/signed-in-user-data-access/index.mdx @@ -64,7 +64,7 @@ const schema = a.schema({ .model({ content: a.string(), }) - .authorization(allow => [allow.authenticated('identityPool')]), + .authorization(allow => [allow.authenticated('iam')]), }); ``` From d344a9e2d5d0c50600b580676201764f743ac8d5 Mon Sep 17 00:00:00 2001 From: Hui Zhao Date: Fri, 19 Apr 2024 10:27:23 -0700 Subject: [PATCH 3/3] update missed spots --- .../gen2/build-a-backend/data/custom-business-logic/index.mdx | 4 ++-- .../grant-lambda-function-access-to-api/index.mdx | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/pages/gen2/build-a-backend/data/custom-business-logic/index.mdx b/src/pages/gen2/build-a-backend/data/custom-business-logic/index.mdx index a6e91c95366..43ab8890846 100644 --- a/src/pages/gen2/build-a-backend/data/custom-business-logic/index.mdx +++ b/src/pages/gen2/build-a-backend/data/custom-business-logic/index.mdx @@ -186,7 +186,7 @@ const schema = a.schema({ content: a.string(), likes: a.integer() .authorization(allow => [allow.authenticated().to(['read'])]) - }).authorization([ + }).authorization(allow => [ allow.owner(), allow.authenticated().to(['read']) ]), @@ -279,7 +279,7 @@ const schema = a.schema({ content: a.string(), likes: a.integer() .authorization(allow => [allow.authenticated().to(['read'])]) - }).authorization([ + }).authorization(allow => [ allow.owner(), allow.authenticated().to(['read']) ]), diff --git a/src/pages/gen2/build-a-backend/data/customize-authz/grant-lambda-function-access-to-api/index.mdx b/src/pages/gen2/build-a-backend/data/customize-authz/grant-lambda-function-access-to-api/index.mdx index 6e2207a1b34..fe27464ab15 100644 --- a/src/pages/gen2/build-a-backend/data/customize-authz/grant-lambda-function-access-to-api/index.mdx +++ b/src/pages/gen2/build-a-backend/data/customize-authz/grant-lambda-function-access-to-api/index.mdx @@ -54,7 +54,7 @@ const schema = a }) }) // highlight-start - .authorization([ + .authorization(allow => [ allow.resource(functionWithDataAccess).to(['query', 'listen']) ]); // allow query and subscription operations but not mutations // highlight-end