Base de conocimiento
-
Invoca la Lambda de sincronización usando tu sesión autenticada.
From 6568376defb3904131ea9e02426bf6ad408d90e1 Mon Sep 17 00:00:00 2001
From: rcarvajalp <166424809+rcarvajalp@users.noreply.github.com>
Date: Sat, 16 May 2026 19:17:56 -0600
Subject: [PATCH 19/19] Restrict file deletion to eliminadores group
---
amplify/auth/resource.ts | 2 +-
amplify/storage/resource.ts | 27 ++++++++++++++++++++-------
2 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/amplify/auth/resource.ts b/amplify/auth/resource.ts
index 8bbd191..e10a2e5 100644
--- a/amplify/auth/resource.ts
+++ b/amplify/auth/resource.ts
@@ -8,5 +8,5 @@ export const auth = defineAuth({
loginWith: {
email: true,
},
- groups: ['admin']
+ groups: ['admin', 'eliminadores'],
});
diff --git a/amplify/storage/resource.ts b/amplify/storage/resource.ts
index 5ad5951..a31485c 100644
--- a/amplify/storage/resource.ts
+++ b/amplify/storage/resource.ts
@@ -6,19 +6,23 @@ export const storage = defineStorage({
access: (allow) => ({
'doctrina/*': [
allow.authenticated.to(['read']),
- allow.groups(['admin']).to(['read', 'write', 'delete']),
+ allow.groups(['admin']).to(['read', 'write']),
+ allow.groups(['eliminadores']).to(['delete']),
],
'medios/*': [
allow.authenticated.to(['read']),
- allow.groups(['admin']).to(['read', 'write', 'delete']),
+ allow.groups(['admin']).to(['read', 'write']),
+ allow.groups(['eliminadores']).to(['delete']),
],
'jurisprudencia/*': [
allow.authenticated.to(['read']),
- allow.groups(['admin']).to(['read', 'write', 'delete']),
+ allow.groups(['admin']).to(['read', 'write']),
+ allow.groups(['eliminadores']).to(['delete']),
],
'legislacion/*': [
allow.authenticated.to(['read']),
- allow.groups(['admin']).to(['read', 'write', 'delete']),
+ allow.groups(['admin']).to(['read', 'write']),
+ allow.groups(['eliminadores']).to(['delete']),
],
}),
});
@@ -26,8 +30,17 @@ export const storage = defineStorage({
export const secondaryStorage = defineStorage({
name: 'frauden-expedientes',
access: (allow) => ({
- 'publico/*': [allow.authenticated.to(['read', 'write', 'delete'])],
- 'confidencial/*': [allow.groups(['admin']).to(['read', 'write', 'delete'])],
- 'privado/{entity_id}/*': [allow.entity('identity').to(['read', 'write', 'delete'])],
+ 'publico/*': [
+ allow.authenticated.to(['read', 'write']),
+ allow.groups(['eliminadores']).to(['delete']),
+ ],
+ 'confidencial/*': [
+ allow.groups(['admin']).to(['read', 'write']),
+ allow.groups(['eliminadores']).to(['delete']),
+ ],
+ 'privado/{entity_id}/*': [
+ allow.entity('identity').to(['read', 'write']),
+ allow.groups(['eliminadores']).to(['delete']),
+ ],
}),
});