Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delete mutation not rorking --- owners cannot delete their own record #2742

Open
2 tasks done
tszchung019 opened this issue Aug 3, 2024 · 3 comments
Open
2 tasks done

Delete mutation not rorking --- owners cannot delete their own record #2742

tszchung019 opened this issue Aug 3, 2024 · 3 comments
Labels
api-graphql auth pending-response pending-triage question Further information is requested

Comments

@tszchung019
Copy link

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

v20.11.1

Amplify CLI Version

12.12.3

What operating system are you using?

Windows 11

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes made

Describe the bug

I tried to run a delete mutation on AWS AppSync to test if my API works, it seems that I can create a record with @auth with the tokens but it failed to delete the object I just created. I confirmed the owner of the record is the same as the one who is trying to delete the same record but it returned "Not Authorized to access deleteBlog on type Mutation" which is very strange.

image

image

Provided my schema in Reproduction steps section. Is there any misconfiguration I had made? Thank you.

Expected behavior

The mutation should allow owners of the record to delete their own records.

Reproduction steps

  1. Create the GraphQL schema as below:
    type Blog @model @auth(rules: [{ allow: public, operations: [read] }, { allow: owner, operations: [create, update, delete] }]) {
    id: ID!
    name: String!
    summary: String
    imgPath: String
    posts: [Post] @hasmany @auth(rules: [{ allow: public, operations: [read] }])
    }

Project Identifier

No response

Log output

# Put your logs below this line

Additional information

No response

Before submitting, please confirm:

  • I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
  • I have removed any sensitive information from my code snippets and submission.
@AnilMaktala AnilMaktala added api-graphql auth question Further information is requested labels Aug 5, 2024
@tszchung019
Copy link
Author

I can tell it is a bug since I looked at the schema at AppSync, under type Mutation, the label @aws_cognito_user_pools should be added given the schema I pushed. (I did not provide my entire schema in my post). Interestingly, if I define another table like this:

type Project @model @auth(rules: [{ allow: owner, operations: [read, create, update, delete] }]) {
  id: ID!
  name: String!
  description: String!
  completion: Float
  status: Boolean
  user: User @belongsTo
}

AppSync is able to generate the schema correctly. May I know is that relevant?

image

@AnilMaktala
Copy link
Member

Hi @tszchung019  👋 Thanks for raising this issue. We are working on reproducing the issue. Could you please run below command and send us the report amplify diagnose --send-report. please refer here

@AnilMaktala
Copy link
Member

Hey 👋 , This issue is being closed due to inactivity. If you are still experiencing the same problem and need further assistance, please feel free to leave a comment. This will enable us to reopen the issue and provide you with the necessary support.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api-graphql auth pending-response pending-triage question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AnilMaktala @tszchung019