Graphql - 无权访问来自 AWS AppSync Amplify 控制台的错误消息

Posted

技术标签:

【中文标题】Graphql - 无权访问来自 AWS AppSync Amplify 控制台的错误消息【英文标题】:Graphql - Not Authorized to access error message from AWS AppSync Amplify Console 【发布时间】:2021-09-28 14:47:01 【问题描述】:

我正在使用 React + NextJs 并实现了 Amplify Graphql。我已登录并将当前用户设置为管理员组,但是,我无法根据 authorId 更改数据。

登录的userId是1234(例如)

type Xp
  @model
  @key(name: "xpsByUserId", fields: ["authorId"])
  @auth(
    rules: [
       allow: owner, ownerField: "authorId" 
       allow: public, operations: [read] 
       allow: private, operations: [read] 
    ]
  ) 
  id: ID!
  authorId: ID!
  author: User @connection(fields: ["authorId"])
  name: String
  visibility: Visibility
  post: [Post] @connection(name: "XpPosts")
  createdAt: String

尝试变异:

mutation MyMutation 
  createXp(input: authorId: "1234", name: "fdsfa") 
    id
    name
    author 
      username

我收到一条消息:Not Authorized to access createXp on type Xp

这是我的用户类型:

type User
  @model(subscriptions: null)
  @key(fields: ["userId"])
  @auth(
    rules: [
       allow: groups, groups: ["Admin"] 
       allow: owner, ownerField: "userId" 
       allow: private, operations: [read] 
    ]
  ) 
  userId: ID!
  username: String!
  email: String!
  posts: [Post] @connection(keyName: "postsByUserId", fields: ["userId"])
  xps: [Xp] @connection(keyName: "xpsByUserId", fields: ["userId"])
  createdAt: String
  updatedAt: String
  following: [Following] @connection(keyName: "followingByUserId", fields: ["userId"])

我在这里做错了什么?

【问题讨论】:

您正在测试的用户,它的认知子是否与您传递给突变的 authorId 相对应? owner 字段将 cognito sub 与您传入的内容/ownerField 中的内容相匹配。如果这不起作用,您能否尝试在 xp 模型和 allow: owner 行中更新您的 amplify graphql 模式,并检查是否有效: allow: owner, ownerField: "authorId", operations: [创建、读取、更新、删除] 【参考方案1】:

尝试在 Xp 模型中按照link 提及身份验证规则,如下所示,

type Xp
  @model
  @key(name: "xpsByUserId", fields: ["authorId"])
  @auth(
    rules: [
       allow: owner, ownerField: "authorId", operations: [create, delete, read, update] ,
       allow: groups, groups: ["Admin"], operations: [create, delete, read, update]  ,
       allow: public, operations: [read] ,
       allow: private, operations: [read] 
    ]
  ) 
  id: ID!
  authorId: ID!
  author: User @connection(fields: ["authorId"])
  name: String
  visibility: Visibility
  post: [Post] @connection(name: "XpPosts")
  createdAt: String

【讨论】:

以上是关于Graphql - 无权访问来自 AWS AppSync Amplify 控制台的错误消息的主要内容,如果未能解决你的问题,请参考以下文章

AWS Lambda 函数无法访问 AppSync GraphQL API - 权限被拒绝

如果我有登录用户的访问令牌,如何使用 AWS Amplify GraphQL API?

获取“Google Apps 脚本”“该脚本无权执行该操作。”随机

如何在 aws amplify 中使用 graphQL 限制

markdown 使用ramda通过嵌套值过滤对象数组:有时您无权访问后端,并且您希望过滤来自

Google Apps脚本:动态单元格位置;无权调用setValues