Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DataStore] Detected multiple owner type auth rules with a READ operation #1728

Open
1 task done
dnys1 opened this issue May 6, 2022 · 0 comments
Open
1 task done

[DataStore] Detected multiple owner type auth rules with a READ operation #1728

dnys1 opened this issue May 6, 2022 · 0 comments
Labels
datastore DataStore category/plugins feature-request Request a new feature

Comments

@dnys1
Copy link
Contributor

dnys1 commented May 6, 2022

Before opening, please confirm:

Language and Async Model

Kotlin

Amplify Categories

DataStore

Gradle script dependencies

implementation "com.amplifyframework:aws-datastore:1.35.1"
implementation "com.amplifyframework:aws-api-appsync:1.35.1"

Environment information

------------------------------------------------------------
Gradle 7.2
------------------------------------------------------------

Build time:   2021-08-17 09:59:03 UTC
Revision:     a773786b58bb28710e3dc96c4d1a7063628952ad

Kotlin:       1.5.21
Groovy:       3.0.8
Ant:          Apache Ant(TM) version 1.10.9 compiled on September 27 2020
JVM:          11.0.14 (Amazon.com Inc. 11.0.14+9-LTS)
OS:           Mac OS X 12.3.1 x86_64

Please include any relevant guides or documentation you're referencing

No response

Describe the bug

The schema below describes the authorization scheme: Every todo can be accessed by its owner and read by precisely one other user if it chooses. This is being used in a customer app to mirror a parent/child relationship where the child is the owner. Using Cognito Groups is not possible due to the fact that you can only have a limited number of groups registered, so these would quickly be exhausted if they were created on a per-parent/child basis.

I have verified that the schema works in AppSync, fulfilling the authorization scheme described. However, sync in DataStore is not possible due to the following issue:

ApiAuthException{message=Detected multiple owner type auth rules with a READ operation, cause=null, recoverySuggestion=We currently do not support this use case. Please limit your type to just one owner auth rule with a READ operation restriction.}

I have also confirmed that the same issue is present on iOS. What is the intended workaround to achieve this authorization scheme?

Reproduction steps (if applicable)

  1. Login
  2. See initial sync fail

Code Snippet

No response

Log output

The logs show the following. Setting a breakpoint at MultiAuthSubscriptionOperation.java:105 gives the underlying exception posted above.

E/amplify:aws-datastore(18986): Failure encountered while attempting to start API sync.
E/amplify:aws-datastore(18986): DataStoreException{message=Error during subscription., cause=ApiException{message=Unable to establish subscription connection., cause=null, recoverySuggestion=Sorry, we don't have a suggested fix for this error yet.}, recoverySuggestion=Evaluate details.}
E/amplify:aws-datastore(18986): 	at com.amplifyframework.datastore.appsync.AppSyncClient.lambda$subscription$3(AppSyncClient.java:331)
E/amplify:aws-datastore(18986): 	at com.amplifyframework.datastore.appsync.AppSyncClient$$ExternalSyntheticLambda1.accept(Unknown Source:4)
E/amplify:aws-datastore(18986): 	at com.amplifyframework.api.aws.MutiAuthSubscriptionOperation.emitErrorAndCancelSubscription(MutiAuthSubscriptionOperation.java:178)
E/amplify:aws-datastore(18986): 	at com.amplifyframework.api.aws.MutiAuthSubscriptionOperation.dispatchRequest(MutiAuthSubscriptionOperation.java:141)
E/amplify:aws-datastore(18986): 	at com.amplifyframework.api.aws.MutiAuthSubscriptionOperation.$r8$lambda$iziEcYpvlINdYbit2it7fDbbt8A(Unknown Source:0)
E/amplify:aws-datastore(18986): 	at com.amplifyframework.api.aws.MutiAuthSubscriptionOperation$$ExternalSyntheticLambda4.run(Unknown Source:2)
E/amplify:aws-datastore(18986): 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:462)
E/amplify:aws-datastore(18986): 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
E/amplify:aws-datastore(18986): 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
E/amplify:aws-datastore(18986): 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
E/amplify:aws-datastore(18986): 	at java.lang.Thread.run(Thread.java:923)
E/amplify:aws-datastore(18986): Caused by: ApiException{message=Unable to establish subscription connection., cause=null, recoverySuggestion=Sorry, we don't have a suggested fix for this error yet.}
E/amplify:aws-datastore(18986): 	... 8 more

amplifyconfiguration.json

No response

GraphQL Schema

type Todo @model @auth(rules: [
  { allow: owner }
  { allow: owner, ownerField: "user", operations: [read] }
]) {
    id: ID!
    name: String!
    description: String
    isComplete: Boolean!
    owner: String
    user: String
}

Additional information and screenshots

No response
@poojamat poojamat added bug Something isn't working datastore DataStore category/plugins labels May 11, 2022
@poojamat poojamat added the feature-request Request a new feature label Jul 7, 2022
@chrisbonifacio chrisbonifacio mentioned this issue Aug 16, 2022
Closed
3 tasks
@mattcreaser mattcreaser removed the p4 label Jul 25, 2023
@ankpshah ankpshah removed the bug Something isn't working label Sep 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
datastore DataStore category/plugins feature-request Request a new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mattcreaser @chrisbonifacio @poojamat @ankpshah @dnys1