Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add AuthorizationCallback shared authorization type support #528

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

feat: Add AuthorizationCallback shared authorization type support #528

wants to merge 10 commits into from

Conversation

stocaaro
Copy link
Member

@stocaaro stocaaro commented Feb 14, 2025
edited
Loading

Problem

Developers have no way to share .authorization configuration between their different schema features

Issue number, if available:

Changes

This change introduces an a.AuthorizationCallback type which enables developers to define an auth callback once and reuse it in many .authorization calls.

Example:

const authCallback: a.AuthorizationCallback = (allow) => [
   allow.guest().to(["read"]),
   allow.owner()
];

const schema = a.schema({
   Post: a.model({
     id: a.id(),
     title: a.string(),
     protectedField: a.string().authorization(authCallback),
     content: a.string(),
   }).authorization(authCallback),
}).authorization(authCallback);

Different callback sites have different requirements (schema offers allow.resource, customOperations can't receive allow.guest().to(...) content. The model and field callback surface comes the most authorization features and works in the most customer locations (not compatable with custom operations or ai kit conversations). For all special cases the customer wants to define for code sharing, the type can be overriden using a type param.

AuthorizationCallback<'conversation' | 'customOperation' | 'field' | 'model' | 'reference' | 'relationship' | 'schema'>

Proposed Docs change

aws-amplify/docs#8269

Validation

Tests added for both type compatibility exploration and export surface feature coverage. This behavior has been manually tested in an example app definition.

Checklist

  • If this PR includes a functional change to the runtime or type-level behavior of the code, I have added or updated automated test coverage for this change. (see Testing Strategy README)
  • If this PR requires a docs update, I have linked to that docs PR above.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@stocaaro stocaaro requested review from a team as code owners February 14, 2025 16:48
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Feb 14, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 73dc1c0

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@aws-amplify/data-schema Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@stocaaro stocaaro mentioned this pull request Feb 25, 2025
Draft
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@stocaaro