I have two types that are connected
type Auction @model {
id: ID!
name: String!
startingDate: AWSDateTime!
createdAt: AWSDateTime!
updatedAt: AWSDateTime!
products: [Product] @connection(name: "AuctionProducts")
}
type Product @model {
id: ID!
name: String!
description: String!
price: Int!
ownerId: String!
createdAt: AWSDateTime!
updatedAt: AWSDateTime!
auction: Auction @connection(name: "AuctionProducts")
}
I would like to query an auction and the products related to it BUT filtered by ownerId The idea is that a user could not see the products in an auction that doesn't belong to him.
I would like to do it server side for security issue. I lost myself in filtering the products as if they were in the auction dynamoDB document but they are not.
I have no idea anymore… Is that even possible ?
Probably figured it out by now, but you'll need to have an Auth service configured, Cognito being the easiest to work with. Then use the @auth directive on all of your schema types you'd like to be protected and visible only to owner:
type Product @model @auth(rules: [{allow: owner, ownerField: "ownerId"}]) {
id: ID!
name: String!
description: String!
price: Int!
ownerId: String!
createdAt: AWSDateTime!
updatedAt: AWSDateTime!
auction: Auction @connection(name: "AuctionProducts")
}