在具有以下架构的 aws 上,它允许动态添加/删除记录上的所有者。
读者是否可以有同样的想法?
我想让所有者选择允许哪些读者访问特定记录。
type ToDo
@model
@auth(rules: [{ allow: owner, ownerField: "owners"}])
{
id: ID!
content: String
owners: [String]
}
基于:- AWS Amplify 的 GraphQL 授权架构
这是一个经过测试且有效的解决方案:
type ToDo
@model
@auth(rules: [ # owner-based authorization
{ allow: owner }, # defines that the creator of the todo is authorized to read, edit, and delete it
{ allow: owner, ownerField: "readers", operations: [read]} # defines that all users in the readers field of the todo have permission to view it
])
{
id: ID!
content: String
readers: [String] # String array to configure multi-readers authorizations
}