40 replies

Weird policy behavior

Given the following policy:

    policy action_type(:read) do
      forbid_if expr(is_nil(^actor(:organization_id)))
      authorize_if expr(id == ^actor(:organization_id))
    end

    policy action_type(:read) do
      forbid_if expr(is_nil(^actor(:organization_id)))
      authorize_if expr(id == ^actor(:organization_id))
    end

I'd expect the call to

MyDomain.can_get_by_id?(user, resource)

MyDomain.can_get_by_id?(user, resource)

to return false when

user.organization_id == nil

user.organization_id == nil

but I'm getting a truthy value back.

What I'm doing wrong?

Solution

No, the way you're doing it makes sense.

Jump to solution

Weird policy behavior

Similar Threads

Weird policy behavior

Similar Threads

Similar Threads

Similar Threads