## [Start] Authorization Steps. ** $util.qr($ctx.stash.put("hasAuth", true)) #set( $isAuthorized = false ) #set( $totalFields = ["id","subjectID","age","gender","ethnicity","races","location","encounters","issues","researchSubjectLocationId","groupsCanAccess","createdAt","updatedAt","studyLocationSubjectsId"] ) #set( $allowedAggFields = ["createdAt","updatedAt","studyLocationSubjectsId","id","subjectID","age","gender","ethnicity","races","location","encounters","issues","researchSubjectLocationId","groupsCanAccess"] ) #if( $util.authType() == "API Key Authorization" ) $util.unauthorized() #end #if( $util.authType() == "User Pool Authorization" ) #if( !$isAuthorized ) #set( $staticGroupRoles = [{"claim":"cognito:groups","entity":"admin"}] ) #foreach( $groupRole in $staticGroupRoles ) #set( $groupsInToken = $util.defaultIfNull($ctx.identity.claims.get($groupRole.claim), []) ) #if( $groupsInToken.contains($groupRole.entity) ) #set( $isAuthorized = true ) #if( $util.isNull($groupRole.allowedFields) ) #set( $allowedAggFields = $totalFields ) #break #else $util.qr($allowedAggFields.addAll($groupRole.allowedFields)) #end #end #end #end #set( $authFilterConditions = [] ) #set( $groupClaim0 = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) ) #if( !$groupClaim0.isEmpty() ) #set( $group0 = { "terms_set": { "groupsCanAccess": { "terms": $groupClaim0, "minimum_should_match_script": { "source": "1" } } } } ) $util.qr($authFilterConditions.add($group0)) #end #if( !$isAuthorized && !$authFilterConditions.isEmpty() ) $util.qr($ctx.stash.put("authFilter", { "bool": { "should": $authFilterConditions } })) #end #end $util.qr($ctx.stash.put("allowedAggFields", $allowedAggFields)) #if( !$isAuthorized && $util.isNull($ctx.stash.authFilter) ) $util.unauthorized() #end $util.toJson({"version":"2018-05-29","payload":{}}) ## [End] Authorization Steps. **