基于字段值的 AWS Amplify GraphQL 授权

AWS Amplify GraphQL authorization based on field values

我有一个 AWS Amplify 项目,它在 Cognito 中具有三个不同的用户组。管理员、教师和学生组。我也有一个看起来像这样的 GraphQL 模式。

type DriveTime @model {
  id: ID!
  start: AWSDateTime!
  end: AWSDateTime!
  openRegistration: AWSDateTime!
  closeRegistration: AWSDateTime!
  vehicle: Vehicle @connection(name: "VehicleDriveConnection")
  instructor: Instructor @connection(name: "InstructorDriveConnection")
  student: Student @connection(name: "StudentDriveConnection")
  evaluation: DriveEvaluation @connection(name: "DriveEvaluationConnection")
}

基本上是管理员或讲师安排学生可以注册的时间。

我想创建允许以下内容的授权规则:

Amplify GraphQL @Auth 能做到这一点吗?

通读文档:

[1] https://docs.amplify.aws/cli/graphql-transformer/auth

[2]https://docs.amplify.aws/cli/graphql-transformer/directives#aws-appsync-provided-directives

[3]https://aws.amazon.com/blogs/mobile/graphql-security-appsync-amplify/

您的某些要求可能没有开箱即用的支持,这意味着您可能必须创建自定义逻辑 - 查看 Lambda Resolvershttps://docs.amplify.aws/cli/graphql-transformer/function#usage