phanviet · December 8, 2019 14:55
diff --git a/Mutation.deleteVariant.req.vtl b/Mutation.deleteVariant.req.vtl
 ## [Start] Determine request authentication mode **
 #if( $util.isNullOrEmpty($authMode) && !$util.isNull($ctx.identity) && !$util.isNull($ctx.identity.sub) && !$util.isNull($ctx.identity.issuer) && !$util.isNull($ctx.identity.username) && !$util.isNull($ctx.identity.claims) && !$util.isNull($ctx.identity.sourceIp) && !$util.isNull($ctx.identity.defaultAuthStrategy) )
  #set( $authMode = "userPools" )
 #end
 ## [End] Determine request authentication mode **
 ## [Start] Check authMode and execute owner/group checks **
 #if( $authMode == "userPools" )
  ## [Start] Static Group Authorization Checks **
  #set($isStaticGroupAuthorized = $util.defaultIfNull(
            $isStaticGroupAuthorized, false))
  ## Authorization rule: { allow: groups, groups: ["mod","admin"], groupClaim: "cognito:groups" } **
  #set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) )
  #set( $allowedGroups = ["mod", "admin"] )
  #foreach( $userGroup in $userGroups )
    #if( $allowedGroups.contains($userGroup) )
      #set( $isStaticGroupAuthorized = true )
      #break
    #end
  #end
  ## [End] Static Group Authorization Checks **


  #if( ! $isStaticGroupAuthorized )
    ## No dynamic group authorization rules **


    ## No owner authorization rules **


    ## [Start] Collect Auth Condition **
    #set( $authCondition = $util.defaultIfNull($authCondition, {
  "expression": "",
  "expressionNames": {},
  "expressionValues": {}
 }) )
    #set( $totalAuthExpression = "" )
    ## Add dynamic group auth conditions if they exist **
    #if( $groupAuthExpressions )
      #foreach( $authExpr in $groupAuthExpressions )
        #set( $totalAuthExpression = "$totalAuthExpression $authExpr" )
        #if( $foreach.hasNext )
          #set( $totalAuthExpression = "$totalAuthExpression OR" )
        #end
      #end
    #end
    #if( $groupAuthExpressionNames )
      $util.qr($authCondition.expressionNames.putAll($groupAuthExpressionNames))
    #end
    #if( $groupAuthExpressionValues )
      $util.qr($authCondition.expressionValues.putAll($groupAuthExpressionValues))
    #end
    ## Add owner auth conditions if they exist **
    #if( $totalAuthExpression != "" && $ownerAuthExpressions && $ownerAuthExpressions.size() > 0 )
      #set( $totalAuthExpression = "$totalAuthExpression OR" )
    #end
    #if( $ownerAuthExpressions )
      #foreach( $authExpr in $ownerAuthExpressions )
        #set( $totalAuthExpression = "$totalAuthExpression $authExpr" )
        #if( $foreach.hasNext )
          #set( $totalAuthExpression = "$totalAuthExpression OR" )
        #end
      #end
    #end
    #if( $ownerAuthExpressionNames )
      $util.qr($authCondition.expressionNames.putAll($ownerAuthExpressionNames))
    #end
    #if( $ownerAuthExpressionValues )
      $util.qr($authCondition.expressionValues.putAll($ownerAuthExpressionValues))
    #end
    ## Set final expression if it has changed. **
    #if( $totalAuthExpression != "" )
      #if( $util.isNullOrEmpty($authCondition.expression) )
        #set( $authCondition.expression = "($totalAuthExpression)" )
      #else
        #set( $authCondition.expression = "$authCondition.expression AND ($totalAuthExpression)" )
      #end
    #end
    ## [End] Collect Auth Condition **
  #end


  ## [Start] Throw if unauthorized **
  #if( !($isStaticGroupAuthorized == true || ($totalAuthExpression != "")) )
    $util.unauthorized()
  #end
  ## [End] Throw if unauthorized **
 #end
 ## [End] Check authMode and execute owner/group checks **

 #if( $authCondition )
  #set( $condition = $authCondition )
  #if( $modelObjectKey )
    #foreach( $entry in $modelObjectKey.entrySet() )
      $util.qr($condition.put("expression", "$condition.expression AND attribute_exists(#keyCondition$velocityCount)"))
      $util.qr($condition.expressionNames.put("#keyCondition$velocityCount", "$entry.key"))
    #end
  #else
    $util.qr($condition.put("expression", "$condition.expression AND attribute_exists(#id)"))
    $util.qr($condition.expressionNames.put("#id", "id"))
  #end
 #else
  #if( $modelObjectKey )
    #set( $condition = {
  "expression": "",
  "expressionNames": {}
 } )
    #foreach( $entry in $modelObjectKey.entrySet() )
      #if( $velocityCount == 1 )
        $util.qr($condition.put("expression", "attribute_exists(#keyCondition$velocityCount)"))
      #else
        $util.qr($condition.put("expression", "$condition.expression AND attribute_exists(#keyCondition$velocityCount)"))
      #end
      $util.qr($condition.expressionNames.put("#keyCondition$velocityCount", "$entry.key"))
    #end
  #else
    #set( $condition = {
  "expression": "attribute_exists(#id)",
  "expressionNames": {
      "#id": "id"
  }
 } )
  #end
 #end
 #if( $versionedCondition )
  $util.qr($condition.put("expression", "($condition.expression) AND $versionedCondition.expression"))
  $util.qr($condition.expressionNames.putAll($versionedCondition.expressionNames))
  #set( $expressionValues = $util.defaultIfNull($condition.expressionValues, {}) )
  $util.qr($expressionValues.putAll($versionedCondition.expressionValues))
  #set( $condition.expressionValues = $expressionValues )
 #end
 #if( $context.args.condition )
  #set( $conditionFilterExpressions = $util.parseJson($util.transform.toDynamoDBConditionExpression($context.args.condition)) )
  $util.qr($condition.put("expression", "($condition.expression) AND $conditionFilterExpressions.expression"))
  $util.qr($condition.expressionNames.putAll($conditionFilterExpressions.expressionNames))
  #set( $conditionExpressionValues = $util.defaultIfNull($condition.expressionValues, {}) )
  $util.qr($conditionExpressionValues.putAll($conditionFilterExpressions.expressionValues))
  #set( $condition.expressionValues = $conditionExpressionValues )
  $util.qr($condition.expressionValues.putAll($conditionFilterExpressions.expressionValues))
 #end
 #if( $condition.expressionValues && $condition.expressionValues.size() == 0 )
  #set( $condition = {
  "expression": $condition.expression,
  "expressionNames": $condition.expressionNames
 } )
 #end
 {
  "version": "2017-02-28",
  "operation": "DeleteItem",
  "key": #if( $modelObjectKey ) $util.toJson($modelObjectKey) #else {
  "id": $util.dynamodb.toDynamoDBJson($ctx.args.input.id)
 } #end,
  "condition": $util.toJson($condition)
 }
	## [Start] Determine request authentication mode **
	#if( $util.isNullOrEmpty($authMode) && !$util.isNull($ctx.identity) && !$util.isNull($ctx.identity.sub) && !$util.isNull($ctx.identity.issuer) && !$util.isNull($ctx.identity.username) && !$util.isNull($ctx.identity.claims) && !$util.isNull($ctx.identity.sourceIp) && !$util.isNull($ctx.identity.defaultAuthStrategy) )
	#set( $authMode = "userPools" )
	#end
	## [End] Determine request authentication mode **
	## [Start] Check authMode and execute owner/group checks **
	#if( $authMode == "userPools" )
	## [Start] Static Group Authorization Checks **
	#set($isStaticGroupAuthorized = $util.defaultIfNull(
	$isStaticGroupAuthorized, false))
	## Authorization rule: { allow: groups, groups: ["mod","admin"], groupClaim: "cognito:groups" } **
	#set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) )
	#set( $allowedGroups = ["mod", "admin"] )
	#foreach( $userGroup in $userGroups )
	#if( $allowedGroups.contains($userGroup) )
	#set( $isStaticGroupAuthorized = true )
	#break
	#end
	#end
	## [End] Static Group Authorization Checks **


	#if( ! $isStaticGroupAuthorized )
	## No dynamic group authorization rules **


	## No owner authorization rules **


	## [Start] Collect Auth Condition **
	#set( $authCondition = $util.defaultIfNull($authCondition, {
	"expression": "",
	"expressionNames": {},
	"expressionValues": {}
	}) )
	#set( $totalAuthExpression = "" )
	## Add dynamic group auth conditions if they exist **
	#if( $groupAuthExpressions )
	#foreach( $authExpr in $groupAuthExpressions )
	#set( $totalAuthExpression = "$totalAuthExpression $authExpr" )
	#if( $foreach.hasNext )
	#set( $totalAuthExpression = "$totalAuthExpression OR" )
	#end
	#end
	#end
	#if( $groupAuthExpressionNames )
	$util.qr($authCondition.expressionNames.putAll($groupAuthExpressionNames))
	#end
	#if( $groupAuthExpressionValues )
	$util.qr($authCondition.expressionValues.putAll($groupAuthExpressionValues))
	#end
	## Add owner auth conditions if they exist **
	#if( $totalAuthExpression != "" && $ownerAuthExpressions && $ownerAuthExpressions.size() > 0 )
	#set( $totalAuthExpression = "$totalAuthExpression OR" )
	#end
	#if( $ownerAuthExpressions )
	#foreach( $authExpr in $ownerAuthExpressions )
	#set( $totalAuthExpression = "$totalAuthExpression $authExpr" )
	#if( $foreach.hasNext )
	#set( $totalAuthExpression = "$totalAuthExpression OR" )
	#end
	#end
	#end
	#if( $ownerAuthExpressionNames )
	$util.qr($authCondition.expressionNames.putAll($ownerAuthExpressionNames))
	#end
	#if( $ownerAuthExpressionValues )
	$util.qr($authCondition.expressionValues.putAll($ownerAuthExpressionValues))
	#end
	## Set final expression if it has changed. **
	#if( $totalAuthExpression != "" )
	#if( $util.isNullOrEmpty($authCondition.expression) )
	#set( $authCondition.expression = "($totalAuthExpression)" )
	#else
	#set( $authCondition.expression = "$authCondition.expression AND ($totalAuthExpression)" )
	#end
	#end
	## [End] Collect Auth Condition **
	#end


	## [Start] Throw if unauthorized **
	#if( !($isStaticGroupAuthorized == true \|\| ($totalAuthExpression != "")) )
	$util.unauthorized()
	#end
	## [End] Throw if unauthorized **
	#end
	## [End] Check authMode and execute owner/group checks **

	#if( $authCondition )
	#set( $condition = $authCondition )
	#if( $modelObjectKey )
	#foreach( $entry in $modelObjectKey.entrySet() )
	$util.qr($condition.put("expression", "$condition.expression AND attribute_exists(#keyCondition$velocityCount)"))
	$util.qr($condition.expressionNames.put("#keyCondition$velocityCount", "$entry.key"))
	#end
	#else
	$util.qr($condition.put("expression", "$condition.expression AND attribute_exists(#id)"))
	$util.qr($condition.expressionNames.put("#id", "id"))
	#end
	#else
	#if( $modelObjectKey )
	#set( $condition = {
	"expression": "",
	"expressionNames": {}
	} )
	#foreach( $entry in $modelObjectKey.entrySet() )
	#if( $velocityCount == 1 )
	$util.qr($condition.put("expression", "attribute_exists(#keyCondition$velocityCount)"))
	#else
	$util.qr($condition.put("expression", "$condition.expression AND attribute_exists(#keyCondition$velocityCount)"))
	#end
	$util.qr($condition.expressionNames.put("#keyCondition$velocityCount", "$entry.key"))
	#end
	#else
	#set( $condition = {
	"expression": "attribute_exists(#id)",
	"expressionNames": {
	"#id": "id"
	}
	} )
	#end
	#end
	#if( $versionedCondition )
	$util.qr($condition.put("expression", "($condition.expression) AND $versionedCondition.expression"))
	$util.qr($condition.expressionNames.putAll($versionedCondition.expressionNames))
	#set( $expressionValues = $util.defaultIfNull($condition.expressionValues, {}) )
	$util.qr($expressionValues.putAll($versionedCondition.expressionValues))
	#set( $condition.expressionValues = $expressionValues )
	#end
	#if( $context.args.condition )
	#set( $conditionFilterExpressions = $util.parseJson($util.transform.toDynamoDBConditionExpression($context.args.condition)) )
	$util.qr($condition.put("expression", "($condition.expression) AND $conditionFilterExpressions.expression"))
	$util.qr($condition.expressionNames.putAll($conditionFilterExpressions.expressionNames))
	#set( $conditionExpressionValues = $util.defaultIfNull($condition.expressionValues, {}) )
	$util.qr($conditionExpressionValues.putAll($conditionFilterExpressions.expressionValues))
	#set( $condition.expressionValues = $conditionExpressionValues )
	$util.qr($condition.expressionValues.putAll($conditionFilterExpressions.expressionValues))
	#end
	#if( $condition.expressionValues && $condition.expressionValues.size() == 0 )
	#set( $condition = {
	"expression": $condition.expression,
	"expressionNames": $condition.expressionNames
	} )
	#end
	{
	"version": "2017-02-28",
	"operation": "DeleteItem",
	"key": #if( $modelObjectKey ) $util.toJson($modelObjectKey) #else {
	"id": $util.dynamodb.toDynamoDBJson($ctx.args.input.id)
	} #end,
	"condition": $util.toJson($condition)
	}