## [Start] Determine request authentication mode ** #if( $util.isNullOrEmpty($authMode) && !$util.isNull($ctx.identity) && !$util.isNull($ctx.identity.sub) && !$util.isNull($ctx.identity.issuer) && !$util.isNull($ctx.identity.username) && !$util.isNull($ctx.identity.claims) && !$util.isNull($ctx.identity.sourceIp) && !$util.isNull($ctx.identity.defaultAuthStrategy) ) #set( $authMode = "userPools" ) #end ## [End] Determine request authentication mode ** ## [Start] Check authMode and execute owner/group checks ** #if( $authMode == "userPools" ) ## [Start] Static Group Authorization Checks ** #set($isStaticGroupAuthorized = $util.defaultIfNull( $isStaticGroupAuthorized, false)) ## Authorization rule: { allow: groups, groups: ["AdminGroup"], groupClaim: "cognito:groups" } ** #set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) ) #set( $allowedGroups = ["AdminGroup"] ) #foreach( $userGroup in $userGroups ) #if( $allowedGroups.contains($userGroup) ) #set( $isStaticGroupAuthorized = true ) #break #end #end ## Authorization rule: { allow: groups, groups: ["ManagerGroup"], groupClaim: "cognito:groups" } ** #set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) ) #set( $allowedGroups = ["ManagerGroup"] ) #foreach( $userGroup in $userGroups ) #if( $allowedGroups.contains($userGroup) ) #set( $isStaticGroupAuthorized = true ) #break #end #end ## Authorization rule: { allow: groups, groups: ["AssociateGroup"], groupClaim: "cognito:groups" } ** #set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) ) #set( $allowedGroups = ["AssociateGroup"] ) #foreach( $userGroup in $userGroups ) #if( $allowedGroups.contains($userGroup) ) #set( $isStaticGroupAuthorized = true ) #break #end #end ## Authorization rule: { allow: groups, groups: ["EngineerGroup"], groupClaim: "cognito:groups" } ** #set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) ) #set( $allowedGroups = ["EngineerGroup"] ) #foreach( $userGroup in $userGroups ) #if( $allowedGroups.contains($userGroup) ) #set( $isStaticGroupAuthorized = true ) #break #end #end ## [End] Static Group Authorization Checks ** ## No Dynamic Group Authorization Rules ** ## No Owner Authorization Rules ** ## [Start] Throw if unauthorized ** #if( !($isStaticGroupAuthorized == true || $isDynamicGroupAuthorized == true || $isOwnerAuthorized == true) ) $util.unauthorized() #end ## [End] Throw if unauthorized ** #end ## [End] Check authMode and execute owner/group checks ** #if( $util.isNull($dynamodbNameOverrideMap) ) #set( $dynamodbNameOverrideMap = { "areaName#status#processName#stationName#deviceName#created": "areaNameStatusProcessNameStationNameDeviceNameCreated" } ) #else $util.qr($dynamodbNameOverrideMap.put("areaName#status#processName#stationName#deviceName#created", "areaNameStatusProcessNameStationNameDeviceNameCreated")) #end $util.qr($ctx.args.input.put("areaName#status#processName#stationName#deviceName#created","${ctx.args.input.areaName}#${ctx.args.input.status}#${ctx.args.input.processName}#${ctx.args.input.stationName}#${ctx.args.input.deviceName}#${ctx.args.input.created}")) #if( $util.isNull($dynamodbNameOverrideMap) ) #set( $dynamodbNameOverrideMap = { "areaName#status#processName#eventDescription#stationName#deviceName#created": "areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated" } ) #else $util.qr($dynamodbNameOverrideMap.put("areaName#status#processName#eventDescription#stationName#deviceName#created", "areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated")) #end $util.qr($ctx.args.input.put("areaName#status#processName#eventDescription#stationName#deviceName#created","${ctx.args.input.areaName}#${ctx.args.input.status}#${ctx.args.input.processName}#${ctx.args.input.eventDescription}#${ctx.args.input.stationName}#${ctx.args.input.deviceName}#${ctx.args.input.created}")) ## [Start] Set the primary @key. ** #set( $modelObjectKey = { "id": $util.dynamodb.toDynamoDB($ctx.args.input.id) } ) ## [End] Set the primary @key. ** ## [Start] Setting "version" to 1. ** $util.qr($ctx.args.input.put("version", 1)) ## [End] Setting "version" to 1. ** ## [Start] Prepare DynamoDB PutItem Request. ** $util.qr($context.args.input.put("createdDateUtc", $util.defaultIfNull($ctx.args.createdDateUtc, $util.time.nowFormatted("yyyy-MM-dd", "+00:00")))) $util.qr($context.args.input.put("createdAt", $util.defaultIfNull($ctx.args.input.createdAt, $util.time.nowISO8601()))) $util.qr($context.args.input.put("updatedAt", $util.defaultIfNull($ctx.args.input.updatedAt, $util.time.nowISO8601()))) $util.qr($context.args.input.put("deviceName#eventId", "${ctx.args.input.deviceName}#${ctx.args.input.eventId}")) #set( $condition = { "expression": "attribute_not_exists(#id)", "expressionNames": { "#id": "id" } } ) #if( $context.args.condition ) #set( $condition.expressionValues = {} ) #set( $conditionFilterExpressions = $util.parseJson($util.transform.toDynamoDBConditionExpression($context.args.condition)) ) $util.qr($condition.put("expression", "($condition.expression) AND $conditionFilterExpressions.expression")) $util.qr($condition.expressionNames.putAll($conditionFilterExpressions.expressionNames)) $util.qr($condition.expressionValues.putAll($conditionFilterExpressions.expressionValues)) #end #if( $condition.expressionValues && $condition.expressionValues.size() == 0 ) #set( $condition = { "expression": $condition.expression, "expressionNames": $condition.expressionNames } ) #end { "version": "2017-02-28", "operation": "PutItem", "key": #if( $modelObjectKey ) $util.toJson($modelObjectKey) #else { "id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.args.input.id, $util.autoId())) } #end, "attributeValues": $util.dynamodb.toMapValuesJson($context.args.input), "condition": $util.toJson($condition) } ## [End] Prepare DynamoDB PutItem Request. **