Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cbonif/add-non-model-auth-section #7817

Merged
merged 9 commits into from
Jul 12, 2024
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,44 @@ const schema = a.schema({
});
```

### Non-model authorization rules

**Non-model** types are any types added to the schema without using `a.model()`. These consist of modifiers such as `a.customType()`, `a.enum()`,`a.query()`, `a.mutation()`, or `a.subscription()`.

Dynamic authorization rules such as `allow.owner()`, `allow.ownerDefinedIn()`, `allow.groupDefinedIn()` are not supported for **non-model** types.

**Example**

```ts
// Custom Query
listCustomType: a
chrisbonifacio marked this conversation as resolved.
Show resolved Hide resolved
.query()
.returns(a.ref("CustomType").array())
.handler(
a.handler.custom({
entry: "./handler.js",
})
)
.authorization((allow) => [
// Static auth rules - Supported
allow.guest(),
allow.publicApiKey(),
allow.authenticated(),
allow.group("Admin"),
allow.groups(["Teacher", "Student"]),

// Dynamic auth rules - Not supported
allow.owner(),
allow.ownerDefinedIn("owner"),
allow.ownersDefinedIn("otherOwners"),
allow.groupDefinedIn("group"),
allow.groupsDefinedIn("otherGroups"),
]),
```

There are TS warnings and validation checks in place that will cause a sandbox deployment to fail if unsupported auth rules are defined on custom queries and mutations.


### Configure multiple authorization rules

When combining multiple authorization rules, they are "logically OR"-ed. In the following example:
Expand Down