batchIsAuthorized method

Future<BatchIsAuthorizedOutput> batchIsAuthorized({
  1. required String policyStoreId,
  2. required List<BatchIsAuthorizedInputItem> requests,
  3. EntitiesDefinition? entities,
})

Makes a series of decisions about multiple authorization requests for one principal or resource. Each request contains the equivalent content of an IsAuthorized request: principal, action, resource, and context. Either the principal or the resource parameter must be identical across all requests. For example, Verified Permissions won't evaluate a pair of requests where bob views photo1 and alice views photo2. Authorization of bob to view photo1 and photo2, or bob and alice to view photo1, are valid batches.

The request is evaluated against all policies in the specified policy store that match the entities that you declare. The result of the decisions is a series of Allow or Deny responses, along with the IDs of the policies that produced each decision.

The entities of a BatchIsAuthorized API request can contain up to 100 principals and up to 100 resources. The requests of a BatchIsAuthorized API request can contain up to 30 requests.

May throw ResourceNotFoundException.

Parameter policyStoreId : Specifies the ID of the policy store. Policies in this policy store will be used to make the authorization decisions for the input.

To specify a policy store, use its ID or alias name. When using an alias name, prefix it with policy-store-alias/. For example:

  • ID: PSEXAMPLEabcdefg111111
  • Alias name: policy-store-alias/example-policy-store
To view aliases, use ListPolicyStoreAliases.

Parameter requests : An array of up to 30 requests that you want Verified Permissions to evaluate.

Parameter entities : (Optional) Specifies the list of resources and principals and their associated attributes that Verified Permissions can examine when evaluating the policies. These additional entities and their attributes can be referenced and checked by conditional elements in the policies in the specified policy store.

Implementation

Future<BatchIsAuthorizedOutput> batchIsAuthorized({
  required String policyStoreId,
  required List<BatchIsAuthorizedInputItem> requests,
  EntitiesDefinition? entities,
}) async {
  final headers = <String, String>{
    'Content-Type': 'application/x-amz-json-1.0',
    'X-Amz-Target': 'VerifiedPermissions.BatchIsAuthorized'
  };
  final jsonResponse = await _protocol.send(
    method: 'POST',
    requestUri: '/',
    exceptionFnMap: _exceptionFns,
    // TODO queryParams
    headers: headers,
    payload: {
      'policyStoreId': policyStoreId,
      'requests': requests,
      if (entities != null) 'entities': entities,
    },
  );

  return BatchIsAuthorizedOutput.fromJson(jsonResponse.body);
}