Created
December 8, 2019 14:52
-
-
Save phanviet/610d5826916ad842ce9e32527230053b to your computer and use it in GitHub Desktop.
VTL create resource example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## [Start] Determine request authentication mode ** | |
| #if( $util.isNullOrEmpty($authMode) && !$util.isNull($ctx.identity) && !$util.isNull($ctx.identity.sub) && !$util.isNull($ctx.identity.issuer) && !$util.isNull($ctx.identity.username) && !$util.isNull($ctx.identity.claims) && !$util.isNull($ctx.identity.sourceIp) && !$util.isNull($ctx.identity.defaultAuthStrategy) ) | |
| #set( $authMode = "userPools" ) | |
| #end | |
| ## [End] Determine request authentication mode ** | |
| ## [Start] Check authMode and execute owner/group checks ** | |
| #if( $authMode == "userPools" ) | |
| ## [Start] Static Group Authorization Checks ** | |
| #set($isStaticGroupAuthorized = $util.defaultIfNull( | |
| $isStaticGroupAuthorized, false)) | |
| ## Authorization rule: { allow: groups, groups: ["mod","admin"], groupClaim: "cognito:groups" } ** | |
| #set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) ) | |
| #set( $allowedGroups = ["mod", "admin"] ) | |
| #foreach( $userGroup in $userGroups ) | |
| #if( $allowedGroups.contains($userGroup) ) | |
| #set( $isStaticGroupAuthorized = true ) | |
| #break | |
| #end | |
| #end | |
| ## [End] Static Group Authorization Checks ** | |
| ## No Dynamic Group Authorization Rules ** | |
| ## No Owner Authorization Rules ** | |
| ## [Start] Throw if unauthorized ** | |
| #if( !($isStaticGroupAuthorized == true || $isDynamicGroupAuthorized == true || $isOwnerAuthorized == true) ) | |
| $util.unauthorized() | |
| #end | |
| ## [End] Throw if unauthorized ** | |
| #end | |
| ## [End] Check authMode and execute owner/group checks ** | |
| ## [Start] Prepare DynamoDB PutItem Request. ** | |
| $util.qr($context.args.input.put("createdAt", $util.defaultIfNull($ctx.args.input.createdAt, $util.time.nowISO8601()))) | |
| $util.qr($context.args.input.put("updatedAt", $util.defaultIfNull($ctx.args.input.updatedAt, $util.time.nowISO8601()))) | |
| $util.qr($context.args.input.put("__typename", "Variant")) | |
| #set( $condition = { | |
| "expression": "attribute_not_exists(#id)", | |
| "expressionNames": { | |
| "#id": "id" | |
| } | |
| } ) | |
| #if( $context.args.condition ) | |
| #set( $condition.expressionValues = {} ) | |
| #set( $conditionFilterExpressions = $util.parseJson($util.transform.toDynamoDBConditionExpression($context.args.condition)) ) | |
| $util.qr($condition.put("expression", "($condition.expression) AND $conditionFilterExpressions.expression")) | |
| $util.qr($condition.expressionNames.putAll($conditionFilterExpressions.expressionNames)) | |
| $util.qr($condition.expressionValues.putAll($conditionFilterExpressions.expressionValues)) | |
| #end | |
| #if( $condition.expressionValues && $condition.expressionValues.size() == 0 ) | |
| #set( $condition = { | |
| "expression": $condition.expression, | |
| "expressionNames": $condition.expressionNames | |
| } ) | |
| #end | |
| { | |
| "version": "2017-02-28", | |
| "operation": "PutItem", | |
| "key": #if( $modelObjectKey ) $util.toJson($modelObjectKey) #else { | |
| "id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.args.input.id, $util.autoId())) | |
| } #end, | |
| "attributeValues": $util.dynamodb.toMapValuesJson($context.args.input), | |
| "condition": $util.toJson($condition) | |
| } | |
| ## [End] Prepare DynamoDB PutItem Request. ** |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment