graphql – Appsync – owner authorization with condition
I have type SomeEntity
in schema with field isPrivate
.
It is protected with @auth
directive, which allows create
operation for everyone and read
only for owners:
@auth(
rules: [
{ allow: groups, groups: ["user"], operations: [create] }
{ allow: owner, operations: [read] }
]
)
Now I’m thinking how to allow read
operation for ovner if isPrivate == true
and allowed for everyone if isPrivate == false
.
Is it possible to do using schema only or I need custom Lambda resolver for this?
Read more here: Source link