AWS Amplify - Field Level GraphQL Auth on Required Fields

1

I am trying to set up GraphQL via AWS Amplify so that all users can see part of a Member object (e.g. the name), but only members in certain groups can see other parts (e.g. the e-mail address).

I have set up my schema.graphql as follows (note this is a truncated version):

type Member @model(subscriptions: { level: off }) @auth(rules: [{allow: groups, groups: ["MANAGER"]}, {allow: private, operations: [read]}]) {
  membershipNumber: Int! @primaryKey
  firstName: String!
  lastName: String!
  email: String! @auth(rules: [{allow: groups, groups: ["MANAGER"]}, {allow: groups, groups: ["COMMITTEE"], operations: [read]}])
  dietaryRequirements: String @auth(rules: [{allow: groups, groups: ["MANAGER"]}, {allow: groups, groups: ["COMMITTEE"], operations: [read]}])
}

As I understand it, all logged in users should be able to read membershipNumber, firstName and lastName. Users in the COMMITTEE group should also be able to read email and dietaryRequirements, and users in the MANAGER group should be able to read/write all fields.

When I try to run a query as a logged in user with no groups though, I get an unauthorized error on dietaryRequirements (which is good) but I am able to read email without an error (which is bad).

The only difference I can see is that email is a required field, whereas dietaryRequirements isn't. What am I doing wrong? Do required fields override the authorization rules?

沒有答案

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南