Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Datastore update auth groups Unauthorized error #5162

Closed
3 of 14 tasks
jamontesg opened this issue Jul 16, 2024 · 15 comments
Closed
3 of 14 tasks

Datastore update auth groups Unauthorized error #5162

jamontesg opened this issue Jul 16, 2024 · 15 comments
Assignees
@Equartey
Labels
bug Something is not working; the issue has reproducible steps and has been reproduced datastore Issues related to the DataStore Category

Comments

@jamontesg
Copy link

jamontesg commented Jul 16, 2024
edited by Equartey
Loading

Description

I have a table using authorization rules with cognito groups

type Item @model 
@auth(rules: [
  { allow: groups, groups: ["Admin"], operations: [create, update, read, delete]  }
  { allow: groups, groups: ["Api","Operative"], operations: [create, update, read]  }
  { allow: groups, groups: ["Guest"], operations: [read]  }
  ])

profile Operative has. permission "update" but not. delete.

when I try to update a item whit this code:

final oldItem = (await Amplify.DataStore.query(Item.classType,
            where: Item.TENANTID.eq(itm.tenantId).and(Item.ID.eq(itm.id))))
        .first;

    final List<S3Object>? images = oldItem.images;
    final List<S3Object> nImage = [...img, ...?images];

    final newItem =
        oldItem.copyWith(tenantId: itm.tenantId, id: itm.id, images: nImage);
    try {
      await Amplify.DataStore.save(newItem);
    } on DataStoreException catch (e) {
      developer.log('error saving new image: ${e.message}');
    }

This code only update a field "images" and generates the following error:

AppSync response contained errors = [GraphQLResponse.Error{message='Unauthorized on [production, description,  cattleLot lastOwner, letag, admissionDate, cost, purchase, market, retag, sale]', locations='[GraphQLLocation{line='2', column='3'}]', 

path='[GraphQLPathSegment{value='updateItem'}]', extensions='{errorInfo=null, data=null, errorType=Unauthorized}'}], errors=[GraphQLResponse.Error{message='Unauthorized on [production, description, cattleLot,  lastOwner, letag, admissionDate, cost, purchase, market, retag, sale]', locations='[GraphQLLocation{line='2', column='3'}]',

but, if I add a. "delete" permission

{ allow: groups, groups: ["Api","Operative"], operations: [create, update, read, delete]  }

update record works fine.

Does my update function have any errors?
What are the auth rules for. update (without delete permission) ?

Kind regards
Thanks. for your. time

Categories

  • Analytics
  • API (REST)
  • API (GraphQL)
  • Auth
  • Authenticator
  • DataStore
  • Notifications (Push)
  • Storage

Steps to Reproduce

configure DynamoDB/ API /. AUTH with cognate group access.
define a auth rule. with update but without delete permission
tries to. update a item

Screenshots

No response

Platforms

  • iOS
  • Android
  • Web
  • macOS
  • Windows
  • Linux

Flutter Version

3.22.2

Amplify Flutter Version

2.2.0

Deployment Method

Amplify CLI

Schema

type Item @model 
@auth(rules: [
  { allow: groups, groups: ["Admin"], operations: [create, update, read, delete]  }
  { allow: groups, groups: ["Api","Operative"], operations: [create, update, read, delete]  }
  { allow: groups, groups: ["Guest"], operations: [read]  }
  ])
 {
  tenantId: ID! @primaryKey(sortKeyFields: ["id"])  # customized foreign key for parent primary key
  #tenantId: ID! @primaryKey(sortKeyFields: ["id"])
  
  locationId: ID! @index(sortKeyFields: ["ck"])
  location: String!
  #location: String! @index(sortKeyFields: ["ck"])  

  id: ID!  
  group: String
  groupId: String
  parcel: String
  parcelId: String
  cattleLot: String
  ck: String!
  ckt: String

  aid: String
  altaid: String
  alias: String
  name: String
  description: String

  admissionDate: AWSDate
  
  lastOwner: String
  cost: Float
  
  market: AWSDate
  purchase: Float
  retag: String
  letag: String
  eid: String
  events: [Event]
  production: [Production]
  weights: [Weight]
  images: [S3Object]
  documents: [S3Object]
  
  type: AnimalType!
  gender: Gender!
  breed: String
  color: String
  status: ItemStatus!
  sale: Float
    
}

type S3Object {
  name: String
  date: AWSDateTime!
  bucket: String!
  region: String!
  key: String
  localPath: String
  ownerId: String
  ownerName: String
}
@Equartey Equartey added datastore Issues related to the DataStore Category pending-triage This issue is in the backlog of issues to triage labels Jul 16, 2024
@Equartey
Copy link
Member

Hi @jamontesg, your update function looks good to me. Do you see this behavior on iOS too?

@jamontesg
Copy link
Author

jamontesg commented Jul 16, 2024
edited
Loading

Thanks @Equartey
IOS --> ok
Android --> error

(test done in emulators)
Please tell me if you need more info

@Equartey Equartey self-assigned this Jul 17, 2024
@Equartey Equartey added Investigating question A question about the Amplify Flutter libraries and removed pending-triage This issue is in the backlog of issues to triage labels Jul 17, 2024
@jamontesg
Copy link
Author

Hi @Equartey, any news about this issue ?

@Jordan-Nelson Jordan-Nelson added pending-triage This issue is in the backlog of issues to triage to-be-reproduced Issues that have not been reproduced yet, but have reproduction steps provided and removed Investigating question A question about the Amplify Flutter libraries labels Jul 24, 2024
@Equartey
Copy link
Member

Hi @jamontesg, no updates yet. Still need to reproduce the error. We will provide an update from our investigation we possible.

@Equartey Equartey added Android Issues specific to the Android Platform bug Something is not working; the issue has reproducible steps and has been reproduced and removed to-be-reproduced Issues that have not been reproduced yet, but have reproduction steps provided pending-triage This issue is in the backlog of issues to triage labels Jul 26, 2024
@Equartey
Copy link
Member

Hi @jamontesg, small update I was able to reproduce the issue, and believe this to be a bug. Will be working next finding the root cause and solution. Updates to follow.

@jamontesg
Copy link
Author

thanks @Equartey , tell me if you need more info from my side.

@khatruong2009
Copy link
Member

@jamontesg we will let you know if there is any information you need, thanks.

@jamontesg
Copy link
Author

thanks @khatruong2009

@NikaHsn
Copy link
Member

NikaHsn commented Aug 21, 2024

@jamontesg we are working with the Amplify Android team to investigate this issue and will provide you update as we have them. thanks for your patience.

@Equartey Equartey added the requires-android-fix This issue is the result of an underlying Amplify Android issue that needs to be fixed. label Aug 23, 2024
@Equartey Equartey mentioned this issue Aug 26, 2024
Merged
@Equartey Equartey added question A question about the Amplify Flutter libraries and removed bug Something is not working; the issue has reproducible steps and has been reproduced Android Issues specific to the Android Platform requires-android-fix This issue is the result of an underlying Amplify Android issue that needs to be fixed. datastore Issues related to the DataStore Category labels Aug 26, 2024
@Equartey Equartey added bug Something is not working; the issue has reproducible steps and has been reproduced datastore Issues related to the DataStore Category and removed question A question about the Amplify Flutter libraries labels Aug 26, 2024
@Equartey
Copy link
Member

Hi @jamontesg, sorry for the delay.

I investigated this with both the Amplify Swift and Android teams, and we have determined that the observed error is expect. Update mutations within DataStore require the delete permission. Which is due to our libraries including null in the request variables for all fields on a model not explicitly specified with a value. This is already the case in native Android and Swift DataStore.

To explain what was seen here, Android was working correctly by returning the error. The observation that Swift was working was the result of a bug and will be corrected to mirror behavior observed on Android.

I have an open PR #5370 to address this. I will notify you here when its available.

Again, apologies for the delay, please let us know if you have any additional questions.

@Equartey Equartey added the pending-release Issues that have been addressed in main but have not been released label Aug 26, 2024
@jamontesg
Copy link
Author

Thanks @Equartey , if. Android is working properly. For what is update permission ? I think that update permissions is useless.

@Equartey
Copy link
Member

Hi @jamontesg, while using DataStore I understand that conclusion. Unfortunately, its currently a technical requirement when using DataStore.

If you want to use the update permission how you were initially thinking, I recommend using the API category escape hatch to create your own GraphQL requests. The generated requests by the library make assumptions about what how to handle null values.

@jamontesg
Copy link
Author

Ok @Equartey, thanks for your time.

@Jordan-Nelson
Copy link
Member

Closing this issue out as it was released in v2.4.1

@github-actions GitHub Actions
Copy link

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

@github-actions github-actions bot removed the pending-release Issues that have been addressed in main but have not been released label Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Equartey Equartey

Labels
bug Something is not working; the issue has reproducible steps and has been reproduced datastore Issues related to the DataStore Category
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Equartey @NikaHsn @jamontesg @Jordan-Nelson @khatruong2009