feat(datastore): support multi owner auth rules

[lawmicha]

Issue #

Taking this PR forward: #1606

Description

This PR enables the use case of having multiple "owner" auth rules on a single model type.

Instead of using the hand written swift types in the Integration test from #1606, it makes more sense to update the schema file for that test suite. In singleauth-cogniot-schema.graphql, I added the use case:

type TodoCognitoMultiOwner @model
    @auth(rules: [
        { allow: owner },
        { allow: owner, ownerField: "editors", operations: [update, read]} ]) {
  id: ID!
  title: String!
  content: String
  owner: String
  editors: [String]
}

• The Github Actions backend will have to be updated as well.

I believe the use cases are

1. Signed in Cognito User Pool user, "user1", can perform all operations on models created by them.
2. "user2" can subscribe to onCreate, onUpdate, onDelete subscriptions and read all models which they are an editor of
3. "user2" can perform updates to data that they are an editor of, since they have the "update" operation.

Think of "user1" as the admin user creating the Todo with "user2" assigned in the editors field, so "user2" can read, receive changes to the data, and perform updates to the Todo.

In the following examples, I've provisioned the backend using the steps from here https://github.com/aws-amplify/amplify-swift/pull/3223/files#diff-5d3a18e8865a6311b2ab88fa95415c905d81544fae2d44ba19295f0bfbd7fb17 so it is enabled for DataStore.

1. "michael" and "michael2" are my users..

"michael2" establishes subscription to this data:

subscription MySubscription {
  onCreateTodoCognitoMultiOwner(owner: "michael2") {
    _deleted
    _lastChangedAt
    _version
    content
    createdAt
    editors
    id
    owner
    title
    updatedAt
  }
}

"michael" creates the data

mutation MyMutation {
  createTodoCognitoMultiOwner(input: {editors: "michael2", owner: "michael", title: "titleByUser1"}) {
    _deleted
    _lastChangedAt
    _version
    content
    createdAt
    editors
    owner
    id
    title
    updatedAt
  }
}

"michael2" receives the data:

{
  "data": {
    "onCreateTodoCognitoMultiOwner": {
      "_deleted": null,
      "_lastChangedAt": 1695048189453,
      "_version": 1,
      "content": null,
      "createdAt": "2023-09-18T14:43:09.430Z",
      "editors": [
        "michael2"
      ],
      "id": "b7d763d3-9e64-456a-8631-6c39364efcdb",
      "owner": "michael",
      "title": "titleByUser1",
      "updatedAt": "2023-09-18T14:43:09.430Z"
    }
  }
}

"michael2" establiesh onUpdate:

subscription MySubscription {
  onUpdateTodoCognitoMultiOwner(owner: "michael2") {
    _deleted
    _lastChangedAt
    _version
    content
    createdAt
    editors
    id
    owner
    title
    updatedAt
  }
}

"michael2" tries to update the data:

mutation MyMutation {
  updateTodoCognitoMultiOwner(input: {title: "titleUpdatedByUser2", id: "b7d763d3-9e64-456a-8631-6c39364efcdb", _version: 1}) {
    _deleted
    _lastChangedAt
    _version
    content
    createdAt
    editors
    id
    owner
    title
    updatedAt
  }
}

"michael2" receives the update mutation

{
  "data": {
    "onUpdateTodoCognitoMultiOwner": {
      "_deleted": null,
      "_lastChangedAt": 1695048302918,
      "_version": 2,
      "content": null,
      "createdAt": "2023-09-18T14:43:09.430Z",
      "editors": [
        "michael2"
      ],
      "id": "b7d763d3-9e64-456a-8631-6c39364efcdb",
      "owner": "michael",
      "title": "titleUpdatedByUser2",
      "updatedAt": "2023-09-18T14:44:54.896Z"
    }
  }
}

General Checklist

• Added new tests to cover change, if needed
• Build succeeds with all target using Swift Package Manager
• All unit tests pass
• All integration tests pass
• Security oriented best practices and standards are followed (e.g. using input sanitization, principle of least privilege, etc)
• Documentation update for the change if required
• PR title conforms to conventional commit style
• New or updated tests include Given When Then inline code documentation and are named accordingly testThing_condition_expectation()
• If breaking change, documentation/changelog update with migration instructions

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov-commenter]

Codecov Report

Merging #3223 (3bf5780) into main (9a05bdd) will increase coverage by 0.19%.
The diff coverage is 100.00%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

@@            Coverage Diff             @@
##             main    #3223      +/-   ##
==========================================
+ Coverage   64.61%   64.80%   +0.19%     
==========================================
  Files        1091     1091              
  Lines       37071    37079       +8     
==========================================
+ Hits        23952    24030      +78     
+ Misses      13119    13049      -70     

Flag	Coverage Δ
API_plugin_unit_test	67.10% <ø> (ø)
AWSPluginsCore	69.35% <100.00%> (-0.21%)	⬇️
Amplify	47.86% <ø> (+0.01%)	⬆️
Analytics_plugin_unit_test	86.39% <ø> (ø)
Auth_plugin_unit_test	75.24% <ø> (+0.06%)	⬆️
CoreMLPredictions_plugin_unit_test	59.44% <ø> (ø)
DataStore_plugin_unit_test	81.03% <ø> (+1.04%)	⬆️
Geo_plugin_unit_test	54.06% <ø> (ø)
Logging_plugin_unit_test	63.18% <ø> (ø)
Predictions_plugin_unit_test	35.17% <ø> (ø)
PushNotifications_plugin_unit_test	69.69% <ø> (ø)
Storage_plugin_unit_test	54.10% <ø> (ø)
unit_tests	64.80% <100.00%> (+0.19%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed	Coverage Δ
...luginsCore/Model/Decorator/AuthRuleDecorator.swift	86.48% <100.00%> (-2.84%)	⬇️

... and 19 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more