From 96f85d08e459e9a1c37bb5b2c10e60023ad79c94 Mon Sep 17 00:00:00 2001
From: LouPritch <94551508+LouPritch@users.noreply.github.com>
Date: Fri, 31 Jan 2025 16:38:13 +0000
Subject: [PATCH] fix: User revoke own session

Description of changes:

Fix issue with a user being able to revoke their own session. Added 'update' permissions to owners for the 'revokerId' field.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
---
 amplify/backend/api/team/schema.graphql | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/amplify/backend/api/team/schema.graphql b/amplify/backend/api/team/schema.graphql
index 7ad10ba..4ec7da1 100644
--- a/amplify/backend/api/team/schema.graphql
+++ b/amplify/backend/api/team/schema.graphql
@@ -95,7 +95,7 @@ type requests
   @auth(
     rules: [
       { allow: groups, groups: ["Auditors"], operations: [read] }
-      { allow: owner, operations: [read]}
+      { allow: owner, operations: [read, update]}
       { allow: owner, ownerField: "approver_ids", operations: [update,read] }
       { allow: private, provider: iam, operations: [read, update] }
     ]
@@ -369,4 +369,4 @@ type Query {
   validateRequest: requests
     @function(name: "teamvalidateRequest-${env}")
     @auth(rules: [{ allow: private }])
-}
\ No newline at end of file
+}