I am building a WebApp With AWS Amplify.
I have the following object as part of my schema.graphql file.
type Xbiis @model @auth(rules: [{ allow: private,
operations: [create, update, delete, read] }])
{
id: ID!
name: String!
owner: User! @hasOne
defaultRole: AccessLevel
}
I want to limit access and queries to only users who are logged in.
When I login with my "admin user". That created everything. It works fine.
When I login with my second normal user I account I get the error
Not Authorized to access listXbiis on type Query.
Originally, Xbiis had a more complicated security model
type Xbiis @model @auth(rules: [{ allow: groups, groups: ["WebAppAdmin"],
operations: [create, update, read, delete] },
{ allow: public, operations: [read] }])
{
Could it be some semblence of of the old model in the backend still. Even though I ran a push with Xbiis commented out in the schema file?
What is causing the permissions error and how do I fix it?
Looking the AWS troubleshooting guide for unauthorized errors
Changing @auth permissions in the schema.graphql file doesn't change permissions.
The permissions are actually applied in the <project root>/amplify/backend/api/<appName>/resolvers/*.vtl files.
Since I had never added any custom resolvers logic, I just removed the folder. It solved the problem, but the next push, didn't regenerate the folder like I had hoped it would.