When I run a query, I am getting data from all the users (owners), not just the currently logged in owner. I thought that if I had this: [create, update, delete, read] only owners could read their data? What's going on here? What am I missing?
I am using the same device (emulator), and I sign in and sign out with different accounts.
Amplify.DataStore.query(Todo.class,
all -> {
while (all.hasNext()) {
Todo todo1 = all.next();
Log.i("tag", "Title: " + todo1.getName());
}
},
failure -> Log.e("tag", "Query failed.", failure)
);
type Todo
@model
@auth(
rules: [
{
allow: owner,
ownerField: "owner",
operations: [create, update, delete, read]
}
]
) {
id: ID!
owner: String
name: String!
}
I think I found the solution here:
https://docs.amplify.aws/lib/datastore/sync/q/platform/android#update-and-delete-with-predicate
Every time you switch user on the same device, you have to call Amplify.DataStore.clear()
Note: In case multiple users share the same device and your schema defines user-specific data, make sure you call Amplify.DataStore.clear() when switching users. Visit Auth events for all authentication related events.