I am using the flutter apply datastore. Members who have signed up by e-mail can write data according to the datastore model, and only the members who have written the data can edit it. In other words, I want to allow only the member to see, write, and erase what is written by the member.
To confirm the operation, I have signed up for two emails in one simulator and am testing them. I created data with ‘A’ email, logged out, and logged in with ‘B’ email. The objective should only be visible when data written with ‘A’ email is logged in with ‘A’ email. However, when you log in with the ‘B’ email, the data when you log in with the ‘A’ email is printed out. If you modify the data again and log in with the ‘A’ email, the data when you log in with the ‘B’ email will be output.
How can I divide this authority? I tried adjusting the Authorization Rules, Owner-based scopes in the DataStore section in the Amplify Admin, but they all failed. The data permissions of ‘A’ email users and ‘B’ email users could not be separated even though it seemed very simple.
I referred to all of the Amplify Document and followed the tutorial, but I couldn’t find the answer. Like the TODO app, data created by ‘user A’ should only be visible to ‘user A’ and editable.
Is there anyone who knows the answer? I kept thinking about this problem over the weekend. Please help me!