我正在使用 AWS Amplify。我的 GraphQL 架构中有两个如下所示的模型。
type Class
@model
@auth(rules: [{
allow: owner,
identityClaim: "sub"
}
{
allow: owner
identityClaim: "sub"
ownerField: "studentUserIds"
operations: [read]
}
{
allow: private,
provider: iam
operations: [read]
}
]) {
id: ID!
name: String!
studentUserIds: [String!]
students: [Student!] @connection(keyName: "ClassStudent", fields: ["id"])
}
type Student
@model(queries: null)
@auth(
rules: [
{ allow: owner, identityClaim: "sub", operations: [create, update, delete, read] }
{ allow: private, provider: iam, operations: [create, update, delete, read] }
{ allow: owner, ownerField: "studentUserId", operations: [update, delete] }
{ allow: private, operations: [read] }
]
)
@key(name: "ClassStudent", fields: ["classId", "id"])
@key(name: "ClassesByStudent", fields: ["studentUserId"], queryField: "classesByStudent") {
id: ID!
classId: ID!
class: Class @connection(fields: ["classId"])
studentUserId: ID!
user: User! @connection(fields: ["studentUserId"])
owner: String
}
当我运行classesByStudent
使用 IAM 帐户时,即使 IAM 提供程序具有对学生表和班级表的读取访问权限,我也会收到未经授权的响应。我究竟做错了什么?