@aws-amplify/graphql-auth-transformer - npm Package Compare versions

Comparing version 0.4.4 to 0.4.5

CHANGELOG.md

		@@ -6,2 +6,13 @@ # Change Log

		## [0.4.5](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.4.4...@aws-amplify/graphql-auth-transformer@0.4.5) (2021-11-20)


		### Bug Fixes

		* update field auth check logic and error message to account for subscription level ([#8951](https://github.com/aws-amplify/amplify-cli/issues/8951)) ([acfefd4](https://github.com/aws-amplify/amplify-cli/commit/acfefd4b957d534b6d2031df22c56237d43d0261))





		## [0.4.4](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.4.2...@aws-amplify/graphql-auth-transformer@0.4.4) (2021-11-19)
		@@ -8,0 +19,0 @@

lib/graphql-auth-transformer.js

		@@ -169,2 +169,3 @@ "use strict";
		const def = context.output.getObject(modelName);
		const modelNameConfig = this.modelDirectiveConfig.get(modelName);
		const searchableDirective = def.directives.find(dir => dir.name.value === 'searchable');
		@@ -201,4 +202,5 @@ const queryFields = utils_1.getQueryFieldNames(this.modelDirectiveConfig.get(modelName));
		for (let field of modelFields) {
		const allowedRoles = readRoles.filter(r => acm.isAllowed(r, field.name.value, 'read'));
		const needsFieldResolver = allowedRoles.length < readRoles.length;
		const fieldReadRoles = utils_1.getReadRolesForField(acm, readRoles, field.name.value);
		const allowedRoles = fieldReadRoles.filter(r => acm.isAllowed(r, field.name.value, 'read'));
		const needsFieldResolver = allowedRoles.length < fieldReadRoles.length;
		if (needsFieldResolver && field.type.kind === graphql_1.Kind.NON_NULL_TYPE) {
		@@ -214,5 +216,5 @@ errorFields.push(field.name.value);
		}
		if (errorFields.length > 0) {
		throw new graphql_transformer_core_1.InvalidDirectiveError(`Because "${def.name.value}" has a field-level authorization rule,` +
		` you need to either apply field-level authorization rules to all required fields ${JSON.stringify(errorFields)} or make those fields nullable.`);
		if (errorFields.length > 0 && modelNameConfig.subscriptions.level === graphql_model_transformer_1.SubscriptionLevel.on) {
		throw new graphql_transformer_core_1.InvalidDirectiveError(`Because "${def.name.value}" has a field-level authorization rule and subscriptions are enabled,` +
		` you need to either apply field-level authorization rules to all required fields where all rules have read access ${JSON.stringify(errorFields)}, make those fields nullable, or disable subscriptions for "${def.name.value}" (setting level to off or public).`);
		}
		@@ -219,0 +221,0 @@ const mutationFields = utils_1.getMutationFieldNames(this.modelDirectiveConfig.get(modelName));

lib/utils/index.d.ts

		import { TransformerContextProvider } from '@aws-amplify/graphql-transformer-interfaces';
		import { Stack } from '@aws-cdk/core';
		import { ObjectTypeDefinitionNode } from 'graphql';
		import { AccessControlMatrix } from '..';
		import { AuthRule, AuthTransformerConfig, ConfiguredAuthProviders, RoleDefinition, RolesByProvider } from './definitions';
		@@ -14,2 +15,3 @@ export * from './constants';
		export declare const getConfiguredAuthProviders: (config: AuthTransformerConfig) => ConfiguredAuthProviders;
		export declare const getReadRolesForField: (acm: AccessControlMatrix, readRoles: Array<string>, fieldName: string) => Array<string>;
		//# sourceMappingURL=index.d.ts.map

lib/utils/index.js

		@@ -13,3 +13,3 @@ "use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.getConfiguredAuthProviders = exports.getStackForField = exports.ensureAuthRuleDefaults = exports.splitRoles = void 0;
		exports.getReadRolesForField = exports.getConfiguredAuthProviders = exports.getStackForField = exports.ensureAuthRuleDefaults = exports.splitRoles = void 0;
		__exportStar(require("./constants"), exports);
		@@ -112,2 +112,15 @@ __exportStar(require("./definitions"), exports);
		exports.getConfiguredAuthProviders = getConfiguredAuthProviders;
		const getReadRolesForField = (acm, readRoles, fieldName) => {
		const hasCognitoPrivateRole = readRoles.some(r => r === 'userPools:private') && acm.isAllowed('userPools:private', fieldName, 'read');
		const hasOIDCPrivateRole = readRoles.some(r => r === 'oidc:private') && acm.isAllowed('oidc:private', fieldName, 'read');
		let allowedRoles = [...readRoles];
		if (hasCognitoPrivateRole) {
		allowedRoles = allowedRoles.filter(r => !(r.startsWith('userPools:') && r !== 'userPools:private'));
		}
		if (hasOIDCPrivateRole) {
		allowedRoles = allowedRoles.filter(r => !(r.startsWith('oidc:') && r !== 'oidc:private'));
		}
		return allowedRoles;
		};
		exports.getReadRolesForField = getReadRolesForField;
		//# sourceMappingURL=index.js.map

package.json

		{
		"name": "@aws-amplify/graphql-auth-transformer",
		"version": "0.4.4",
		"version": "0.4.5",
		"description": "Amplify GraphQL @auth Transformer",
		@@ -66,3 +66,3 @@ "repository": {
		},
		"gitHead": "d2d46e38d87de74b7c296e1cfad81f0ae2f3b772"
		"gitHead": "b0893a90065a267c991e319467cb1b6f514f10fb"
		}

lib/graphql-auth-transformer.d.ts.map

Sorry, the diff of this file is not supported yet

lib/graphql-auth-transformer.js.map

Sorry, the diff of this file is not supported yet

lib/utils/index.d.ts.map

Sorry, the diff of this file is not supported yet

lib/utils/index.js.map

Sorry, the diff of this file is not supported yet

@aws-amplify/graphql-auth-transformer - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics