Skip to content

serverside filtering on a dynamic-set-authorization field fails  #8047

New issue
New issue
Open
Open
serverside filtering on a dynamic-set-authorization field fails #8047
Labels
amplify/dataIssue related to aws-amplify/amplify-category-api
@ConstantinMueller

Description

@ConstantinMueller
ConstantinMueller
opened on Oct 20, 2024

When filtering on a dynamic-set-authorization field it results in an error.

Connection failed: {"errors":[{"message":"The variables input contains a field that is not defined for input object type 'ModelSubscriptionPostFilterInput' "}]}

even though in the debugger i could see, that this error was thrown after i received the expected (filtered) result.
but i was not able to use it and ignore the error. when i had, i received endless errors from the service.

To Reproduce

Model Difinition:

create a model which uses dynamic group based authorization. in this case its authGroup (@see line 08).

(there is documented how to use
authorization-rules-for-dynamically-set-user-groups )

01    Post: a
02        .model({
03            authGroup: a.string().required(), //to get access to the resource
04            content: a.string().required(), // that is what the user said
05            author: a.string().required(), // in a multi-user chat, the AI should track, who says what
06            playRole: a.string(), // the user can take over different roles too
07            aiRole: a.string(), //system or user
08        }).authorization((allow) => [allow.groupDefinedIn('authGroup') ]),

run observeQuery on a model fetching with filter on an authGroup:

in this example i use the a serverside filter (line 04 -06) on the query.

(there is documentation for using server-side-subscription-filters )

01   protected chatLog$: Observable<Post[]> = this._chatRoom$.pipe(
02        switchMap( chatRoom =>
03            client.models.Post.observeQuery({
04                filter: {
05                    authGroup: {eq: chatRoom.roomName}
06                },
07                authMode: 'userPool'
08            }).pipe(
09                map((value) =>
10                    value.items as any as Post[]
11                ),
12                defaultIfEmpty([]),
13                catchError((error, obs) => {
14                        console.error('error fetching chat-log', error);
15                        throw error
16                    }
17                )
18            )
19        )
20    )

Expected behavior

I would expect that i get the query result filtered on a dynamic-set-authorization field without any error
OR to have this noted in the documentation if it is not recommended or bad-practice to do this.

Workaround
I found a workaround:
Introduce a second field (i use the field room) wich contains the exact same content like authGroup.
I use room for serverside filtereing and authGroup for the authorization (the user has to be in this group to get even a chance of seeing this message).

Desktop (please complete the following information):

  • OS: Win 11
  • Browser chrome
  • Version 129.0.6668.101

Additional context
Use case is, that i am going to write some kind of chat program, where you can manage and share my rooms based on Cognito User Pools and store the chat history in the Post-model.

Metadata

Metadata

Assignees

No one assigned

    Labels

    amplify/dataIssue related to aws-amplify/amplify-category-api

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions