Using Amplify, GraphQL, AppSync, Cognito, DynamoDB
Having the following model:
type Post
@model
{
id: ID!
content: String!
author: String!
}
I want my rules to enable the following case:
- Only Admin users can create, update and delete Post
- Some Posts where only premium users allow to read
- Some Posts where all logged in users allow to read
- Some Posts where all users (also unauthenticated) allow to read
What is the best way to implement it using the mentioned tools?
Thanks
From your question, it is not clear how you define "Some Posts" and how you would differentiate one from another. If I was designing this, I would have at least one more field in my
Post
type to manage the access level (For example: 3 (Admin) > 2 (Premium) > 1 (Logged-in) > 0 (Unregistered)), like so;To manage this on user level, I think your best bet is to manage it using Cognito groups (like mentioned in the official documentation) and assign appropriate permission for each group.
Things you would need in Cognito:
A user pool which will contain all of your registered users.
A user group for premium members.
A user group for your admins.
Things you would need in your AppSync:
For Admin users to create, update and delete Post:
For some posts only visible to premium, logged-in or unregistered users to read:
Furthermore, you can use the
accessLevel
in your resolver to filter out the result based on which post you want to be visible to premium, logged-in or unregistered users.