added custom authorization rule

aws-amplify · Nov 7, 2023 · df573ad · df573ad
1 parent 0af509d
commit df573ad
Show file tree

Hide file tree

Showing 5 changed files with 139 additions and 2 deletions.
diff --git a/.changeset/green-wolves-pretend.md b/.changeset/green-wolves-pretend.md
@@ -0,0 +1,5 @@
+---
+'@aws-amplify/amplify-api-next-alpha': minor
+---
+
+Added support for "a.allow.custom()" auth rule
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/amplify-api-next/__tests__/ModelType.test.ts b/packages/amplify-api-next/__tests__/ModelType.test.ts
@@ -392,4 +392,40 @@ describe('model auth rules', () => {
       });
     }
   }
-});
+
+  it(`can define a custom authorization rule`, () => {
+    const schema = a.schema({
+      Widget: a.model({
+          title: a.string().required(),
+        })
+        .authorization([a.allow.custom()]),
+    });
+
+    const graphql = schema.transform().schema;
+    expect(graphql).toMatchSnapshot()
+  })
+
+  const TestOperations: Operation[][] = [
+    // each individual operation
+    ...Operations.map((op) => [op]),
+
+    // a couple sanity checks to support a combinations
+    ['create', 'read', 'update', 'delete'],
+    ['create', 'read', 'listen'],
+  ];
+
+  for (const operations of TestOperations) {
+    it(`can define custom auth rule for operations ${operations}`, () => {
+      const schema = a.schema({
+        widget: a
+          .model({
+            title: a.string().required(),
+          })
+          .authorization([a.allow.custom().to(operations)]),
+      });
+
+      const graphql = schema.transform().schema;
+      expect(graphql).toMatchSnapshot();
+    });
+  }
+});
diff --git a/packages/amplify-api-next/__tests__/__snapshots__/ModelType.test.ts.snap b/packages/amplify-api-next/__tests__/__snapshots__/ModelType.test.ts.snap
@@ -62,6 +62,90 @@ exports[`model auth rules can create a static Admins group rule 1`] = `
 }"
 `;
 
+exports[`model auth rules can define a custom authorization rule 1`] = `
+"type Widget @model @auth(rules: [{allow: custom}])
+{
+  title: String!
+}"
+`;
+
+exports[`model auth rules can define custom auth rule for operations create 1`] = `
+"type widget @model @auth(rules: [{allow: custom, operations: [create]}])
+{
+  title: String!
+}"
+`;
+
+exports[`model auth rules can define custom auth rule for operations create,read,listen 1`] = `
+"type widget @model @auth(rules: [{allow: custom, operations: [create, read, listen]}])
+{
+  title: String!
+}"
+`;
+
+exports[`model auth rules can define custom auth rule for operations create,read,update,delete 1`] = `
+"type widget @model @auth(rules: [{allow: custom, operations: [create, read, update, delete]}])
+{
+  title: String!
+}"
+`;
+
+exports[`model auth rules can define custom auth rule for operations delete 1`] = `
+"type widget @model @auth(rules: [{allow: custom, operations: [delete]}])
+{
+  title: String!
+}"
+`;
+
+exports[`model auth rules can define custom auth rule for operations get 1`] = `
+"type widget @model @auth(rules: [{allow: custom, operations: [get]}])
+{
+  title: String!
+}"
+`;
+
+exports[`model auth rules can define custom auth rule for operations list 1`] = `
+"type widget @model @auth(rules: [{allow: custom, operations: [list]}])
+{
+  title: String!
+}"
+`;
+
+exports[`model auth rules can define custom auth rule for operations listen 1`] = `
+"type widget @model @auth(rules: [{allow: custom, operations: [listen]}])
+{
+  title: String!
+}"
+`;
+
+exports[`model auth rules can define custom auth rule for operations read 1`] = `
+"type widget @model @auth(rules: [{allow: custom, operations: [read]}])
+{
+  title: String!
+}"
+`;
+
+exports[`model auth rules can define custom auth rule for operations search 1`] = `
+"type widget @model @auth(rules: [{allow: custom, operations: [search]}])
+{
+  title: String!
+}"
+`;
+
+exports[`model auth rules can define custom auth rule for operations sync 1`] = `
+"type widget @model @auth(rules: [{allow: custom, operations: [sync]}])
+{
+  title: String!
+}"
+`;
+
+exports[`model auth rules can define custom auth rule for operations update 1`] = `
+"type widget @model @auth(rules: [{allow: custom, operations: [update]}])
+{
+  title: String!
+}"
+`;
+
 exports[`model auth rules can define owner auth with no provider 1`] = `
 "type widget @model @auth(rules: [{allow: owner}])
 {

diff --git a/packages/amplify-api-next/src/Authorization.ts b/packages/amplify-api-next/src/Authorization.ts
@@ -398,6 +398,18 @@ export const allow = {
       },
     );
   },
+
+  custom(provider?: CustomProvider) {
+    return authData(
+      {
+        strategy: 'custom',
+        provider,
+      },
+      {
+        to
+      }
+    )
+  }
 } as const;
 
 /**