@aws-amplify/graphql-auth-transformer - npm Package Compare versions

Comparing version 0.5.0-apiext2.0 to 0.5.0-apiext3.0

CHANGELOG.md

		@@ -6,3 +6,3 @@ # Change Log

		# [0.5.0-apiext2.0](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.4.2...@aws-amplify/graphql-auth-transformer@0.5.0-apiext2.0) (2021-11-19)
		# [0.5.0-apiext3.0](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.4.5...@aws-amplify/graphql-auth-transformer@0.5.0-apiext3.0) (2021-11-20)

		@@ -12,3 +12,3 @@

		* extensibility for Amplify API ([#8954](https://github.com/aws-amplify/amplify-cli/issues/8954)) ([d662316](https://github.com/aws-amplify/amplify-cli/commit/d66231697abc7db86e4e6a7c66e78e88a332dd22))
		* extensibility for Amplify API ([#8954](https://github.com/aws-amplify/amplify-cli/issues/8954)) ([4a6b11a](https://github.com/aws-amplify/amplify-cli/commit/4a6b11aa60aa7a78200c71b92a0636d4c395737c))

		@@ -19,2 +19,29 @@

		## [0.4.5](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.4.4...@aws-amplify/graphql-auth-transformer@0.4.5) (2021-11-20)


		### Bug Fixes

		* update field auth check logic and error message to account for subscription level ([#8951](https://github.com/aws-amplify/amplify-cli/issues/8951)) ([acfefd4](https://github.com/aws-amplify/amplify-cli/commit/acfefd4b957d534b6d2031df22c56237d43d0261))





		## [0.4.4](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.4.2...@aws-amplify/graphql-auth-transformer@0.4.4) (2021-11-19)

		Note: Version bump only for package @aws-amplify/graphql-auth-transformer





		## [0.4.3](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.4.2...@aws-amplify/graphql-auth-transformer@0.4.3) (2021-11-19)

		Note: Version bump only for package @aws-amplify/graphql-auth-transformer





		## [0.4.2](https://github.com/aws-amplify/amplify-cli/compare/@aws-amplify/graphql-auth-transformer@0.4.1...@aws-amplify/graphql-auth-transformer@0.4.2) (2021-11-17)
		@@ -21,0 +48,0 @@

lib/graphql-auth-transformer.js

		@@ -169,2 +169,3 @@ "use strict";
		const def = context.output.getObject(modelName);
		const modelNameConfig = this.modelDirectiveConfig.get(modelName);
		const searchableDirective = def.directives.find(dir => dir.name.value === 'searchable');
		@@ -201,4 +202,5 @@ const queryFields = (0, utils_1.getQueryFieldNames)(this.modelDirectiveConfig.get(modelName));
		for (let field of modelFields) {
		const allowedRoles = readRoles.filter(r => acm.isAllowed(r, field.name.value, 'read'));
		const needsFieldResolver = allowedRoles.length < readRoles.length;
		const fieldReadRoles = (0, utils_1.getReadRolesForField)(acm, readRoles, field.name.value);
		const allowedRoles = fieldReadRoles.filter(r => acm.isAllowed(r, field.name.value, 'read'));
		const needsFieldResolver = allowedRoles.length < fieldReadRoles.length;
		if (needsFieldResolver && field.type.kind === graphql_1.Kind.NON_NULL_TYPE) {
		@@ -214,5 +216,5 @@ errorFields.push(field.name.value);
		}
		if (errorFields.length > 0) {
		throw new graphql_transformer_core_1.InvalidDirectiveError(`Because "${def.name.value}" has a field-level authorization rule,` +
		` you need to either apply field-level authorization rules to all required fields ${JSON.stringify(errorFields)} or make those fields nullable.`);
		if (errorFields.length > 0 && modelNameConfig.subscriptions.level === graphql_model_transformer_1.SubscriptionLevel.on) {
		throw new graphql_transformer_core_1.InvalidDirectiveError(`Because "${def.name.value}" has a field-level authorization rule and subscriptions are enabled,` +
		` you need to either apply field-level authorization rules to all required fields where all rules have read access ${JSON.stringify(errorFields)}, make those fields nullable, or disable subscriptions for "${def.name.value}" (setting level to off or public).`);
		}
		@@ -219,0 +221,0 @@ const mutationFields = (0, utils_1.getMutationFieldNames)(this.modelDirectiveConfig.get(modelName));

lib/utils/index.d.ts

		import { TransformerContextProvider } from '@aws-amplify/graphql-transformer-interfaces';
		import { Stack } from '@aws-cdk/core';
		import { ObjectTypeDefinitionNode } from 'graphql';
		import { AccessControlMatrix } from '..';
		import { AuthRule, AuthTransformerConfig, ConfiguredAuthProviders, RoleDefinition, RolesByProvider } from './definitions';
		@@ -14,2 +15,3 @@ export * from './constants';
		export declare const getConfiguredAuthProviders: (config: AuthTransformerConfig) => ConfiguredAuthProviders;
		export declare const getReadRolesForField: (acm: AccessControlMatrix, readRoles: Array<string>, fieldName: string) => Array<string>;
		//# sourceMappingURL=index.d.ts.map

lib/utils/index.js

		@@ -13,3 +13,3 @@ "use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.getConfiguredAuthProviders = exports.getStackForField = exports.ensureAuthRuleDefaults = exports.splitRoles = void 0;
		exports.getReadRolesForField = exports.getConfiguredAuthProviders = exports.getStackForField = exports.ensureAuthRuleDefaults = exports.splitRoles = void 0;
		__exportStar(require("./constants"), exports);
		@@ -112,2 +112,15 @@ __exportStar(require("./definitions"), exports);
		exports.getConfiguredAuthProviders = getConfiguredAuthProviders;
		const getReadRolesForField = (acm, readRoles, fieldName) => {
		const hasCognitoPrivateRole = readRoles.some(r => r === 'userPools:private') && acm.isAllowed('userPools:private', fieldName, 'read');
		const hasOIDCPrivateRole = readRoles.some(r => r === 'oidc:private') && acm.isAllowed('oidc:private', fieldName, 'read');
		let allowedRoles = [...readRoles];
		if (hasCognitoPrivateRole) {
		allowedRoles = allowedRoles.filter(r => !(r.startsWith('userPools:') && r !== 'userPools:private'));
		}
		if (hasOIDCPrivateRole) {
		allowedRoles = allowedRoles.filter(r => !(r.startsWith('oidc:') && r !== 'oidc:private'));
		}
		return allowedRoles;
		};
		exports.getReadRolesForField = getReadRolesForField;
		//# sourceMappingURL=index.js.map

package.json

		{
		"name": "@aws-amplify/graphql-auth-transformer",
		"version": "0.5.0-apiext2.0",
		"version": "0.5.0-apiext3.0",
		"description": "Amplify GraphQL @auth Transformer",
		@@ -30,4 +30,4 @@ "repository": {
		"dependencies": {
		"@aws-amplify/graphql-model-transformer": "0.10.0-apiext2.0",
		"@aws-amplify/graphql-transformer-core": "0.14.0-apiext2.0",
		"@aws-amplify/graphql-model-transformer": "0.10.0-apiext3.0",
		"@aws-amplify/graphql-transformer-core": "0.14.0-apiext3.0",
		"@aws-amplify/graphql-transformer-interfaces": "1.12.2",
		@@ -45,4 +45,4 @@ "@aws-cdk/aws-appsync": "~1.124.0",
		"devDependencies": {
		"@aws-amplify/graphql-index-transformer": "0.8.0-apiext2.0",
		"@aws-amplify/graphql-searchable-transformer": "0.10.0-apiext2.0",
		"@aws-amplify/graphql-index-transformer": "0.8.0-apiext3.0",
		"@aws-amplify/graphql-searchable-transformer": "0.10.0-apiext3.0",
		"@aws-cdk/assert": "~1.124.0",
		@@ -68,3 +68,3 @@ "@types/fs-extra": "^8.0.1",
		},
		"gitHead": "273fdfda0ac3ddd7135991dcecd95e4b62ea889c"
		"gitHead": "49f684c53f6d52ae0c46ade3bc9c63790e76b266"
		}

lib/graphql-auth-transformer.d.ts.map

Sorry, the diff of this file is not supported yet

lib/graphql-auth-transformer.js.map

Sorry, the diff of this file is not supported yet

lib/utils/index.d.ts.map

Sorry, the diff of this file is not supported yet

lib/utils/index.js.map

Sorry, the diff of this file is not supported yet

@aws-amplify/graphql-auth-transformer - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Dependency changes