✅ - GEN2: field level authorization error | AWS Amplify | Page 1

untold prism May 13, 2024, 5:19 AM

#

Hi,

I have defined some field level authorization:

    Resource: a
    .model({
      id: a.id().required().authorization( allow =>
        [
          allow.owner(), 
          allow.groups(["admins"]),
          allow.authenticated().to(['read'])
        ]
      ),
      name: a.string().required().authorization( allow =>
        [
          allow.owner(), 
          allow.groups(["admins"]),
          allow.ownersDefinedIn('approvedUsers').to(['read'])
        ]
      ),
      description: a.string(),
      type: a.enum(["Person_for_hire", "Equipment_for_hire", "Job", "Equipment_needed"]),
      userId: a.id().required(),
      user: a.belongsTo('User',"id").authorization( allow =>
        [
          allow.owner(), 
          allow.groups(["admins"]),
          allow.authenticated().to(['read'])
        ]
      ),
      attributes: a.hasMany('Attributes',"id"),
      availability: a.ref("Availability"),
      location: a.ref("Address"),
      pendingUsers: a.string().array(),
      approvedUsers: a.string().array(),
      publicQuestions: a.hasMany('PublicQuestion',"id"),
    })
    .secondaryIndexes((index) => [
      index("type").queryField("listByType"),
      index("userId").queryField("listByUser"),
    ])
    .authorization( allow =>
      [
        allow.owner(), 
        allow.groups(["admins"]),
        allow.authenticated().to(['read'])
      ]
    ),

but i get the error:

Failed to instantiate data construct
Caused By: When using field-level authorization rules you need to add rules to all of the model's required fields with at least read permissions. Found model "Resource" with required fields ["name"] missing field-level authorization rules.

I only wanted it on one field, but the error suggested i need to set it on all required fields. However, i have set all the required fields to have field level auth, but i still get the message. Any idea what i could be doing wrong?

Thanks,

Max

untold prism May 13, 2024, 6:03 AM

#

Do i need to use a custom resolver? If so, can someone point me in the direction of a good example? Bascially, i want some fields not to be visible unless they are approvedUsers

zealous bone May 13, 2024, 6:40 AM

#

If I understand the error message correctly, it says that required fields must allow at least ‘read’ for all users. Otherwise they can’t be required, since they might return null if the user doesn’t have access to it.

untold prism May 13, 2024, 6:41 AM

#

I'm actually want it to return null if the user doesn't have access to it

zealous bone May 13, 2024, 6:42 AM

#

Then it can’t be required, since with required you are saying that it will always be a string.

untold prism May 13, 2024, 6:45 AM

#

thanks, making the field not required seems to have fixed it

coarse cliffBOT Nov 5, 2024, 9:52 PM

#

✅ - GEN2: field level authorization error

#✅ - GEN2: field level authorization error