-
Notifications
You must be signed in to change notification settings - Fork 821
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GraphQL real time subscriptions with shared ownership through auth rules #4794
Comments
@abdielou |
I am having exactly the same problem, using the example from the CLI Directives examples.
Test 1: create mutation with no explicit owner should populate owner and editor field with username Test 2 owner can read Test 1 record Test 3 "otheruser" can't read test 1 record Test 4 Update Test 1 record so editors contains ["usename", "otheruser"] should mean both users can read it Test 5 "Username" user gets subscription notifications when subscribing with input:{user: "username", editors:"username"} Test 6 "otheruser" gets notifications input:{user: "otheruser", editors:"otheruser"} I tried simplifying the auth rules to make "owner" an array, in the hope that both owners would get notifications. No luck. They could both list and edit but neither got notifications
At the moment it looks like "owner" has to be a Single string, so only one owner gets notified - unless you can use static groups |
I'm not sure I follow. What do you mean by "in the JWT"? I am not handling the JWT, as this is handled by the autogenerated code. I suppose you are refering to how I configure the @auth(rules: [
{ allow: owner },
{ allow: owner, ownerField: "members", operations: [read] }
])
@SwaySway Yes that's what I'm trying to accomplish. |
WARNING: This is a hackaround Finally accomplished what I wanted. https://github.com/abdielou/nextjs-amplify-members-example Anyone, please take a look and give me your thoughts? Workflow:
I'll try to explain this in more detail later. 😪 |
Just an update... I was able to modify the DataStore and enabled syncing with my initial use-case. This is what I needed, a This is how I roughly did it:
The architecture above works for GQL only. The DataStore builds its own Subscriptions at startup, therefore it's impossible to sync through the custom subscriptions required by the previous architecture. I modified (still working on cleaning it up) the DataStore to allow custom data sync events, in other words, an Observable is sent through Amplify.DataStore configs, which serves as a bridge between custom Subscriptions on the client and the internal SyncEngine. Events are sent into the SyncEngine for local syncing with the local indexed db. It works! The DataStore is used normally, and custom subscriptions maintain new objects. I'm still cleaning up and improving the NOTE: Again, this is a hackaround, exploring possible longer-term solutions. |
This is a limitation of appsync where it expects the exact list with the exact order, which is not possible in this case, as the auto generated subscriptions only accept a string. You can read more about it in this thread and I am not sure, if the appsync/amplify team has any ETA on implementing such a feature https://stackoverflow.com/questions/56822317/appsync-subscribe-to-element-in-array Considering that this would not be delivered anytime soon, I tried to use another field as the input of the subscription, lets say in the provided directive example:
a new subscription is defined as follows:
Please note that the newField parameter is optional. This subscription would be fired on update, however, the received response has an empty data inside value while the provider is populated properly. Any idea why this is happening? |
I realised that this is another bug, where amplify does not work according to the documentation provided here: https://docs.aws.amazon.com/appsync/latest/devguide/real-time-data.html Subscriptions dont work with optional arguments, I changed it to a required argument and it is working. Just to explain what I have in mind is another table which is responsible for mapping subscriptions to subscribers and vice versa. It returns a subscription key, which is this newly added field, where subscribers can subscribe to. |
I'm going to close this. The original post was regarding how to enable members to listen I have implemented a workaround involving custom resolvers and a Notifications table to get the events through GraphQL. All that works if you are just using GQL. If you want to use the DataStore... the story is a bit different because you will not be able to sync. The DataStore only allows for single ownership, so your subscriptions will fail. This is what I did:
So yeah, original issue is not possible. In the future I'm replacing the Notifications table with a PubSub like SNS. |
…d of an id array in the conversation schema. That didn't work Next we tried restricting the private operations, and adding a new owner field to the conversation schema. That still didn't work Next we tried editing the resolvers for the onupdate and oncreate events, and that still didn't work. Here I realized that the onnewmessage and onnewconversation would need their own resolvers, but none were generated. I checked out how to do this by following this aws-amplify/amplify-cli#4794 Then I realized the onupdate subscription could accept a string, I thought it would be used to check the users array, and tried supplying the user's id when creating the event listener, but that didn't work. also realized we'd need a second event listener for conversations being created on top of being updated. playing with giving different permissions in the schema didn't work. also realized that the subscription for new friend requests has no authorization and probably isn't secure. I'm guessing including different ids into the receiver field would listen for new friend requests with those receivers. instead we'll add auth directives and modify the resolvers directly.
This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs. Looking for a help forum? We recommend joining the Amplify Community Discord server |
GraphQL real time subscriptions with shared ownership through auth rules
Which Category is your question related to?
GraphQL Schema
@auth
configurationAmplify CLI Version
4.23.0
What AWS Services are you utilizing?
AWS AppSync (api), Amazon Cognito (auth), Amazon DynamoDB (storage)
Provide additional details e.g. code snippets
I am trying to share access to a Model with multiple users. I'm doing so through multiple auth rules where the owner is identified by the field
owner
and other users are given access throughownerField
. Here's my schema:The problem is the following, I have no idea how to listen for onCreateChannel events for member users. As per documentation:
The only alternative I found was through Static group authorization. As per docs, when using static group auth:
So for example I could enable read for everyone in the User group/role. But that's obviously not desired.
What would you recommend? Again and to summarize. I have a simple Channel table where the creator has CRUDL and members can only read.
The text was updated successfully, but these errors were encountered: