40 replies

Weird policy behavior

Given the following policy:

    policy action_type(:read) do
      forbid_if expr(is_nil(^actor(:organization_id)))
      authorize_if expr(id == ^actor(:organization_id))
    end

    policy action_type(:read) do
      forbid_if expr(is_nil(^actor(:organization_id)))
      authorize_if expr(id == ^actor(:organization_id))
    end

    policy action_type(:read) do
      forbid_if expr(is_nil(^actor(:organization_id)))
      authorize_if expr(id == ^actor(:organization_id))
    end

    policy action_type(:read) do
      forbid_if expr(is_nil(^actor(:organization_id)))
      authorize_if expr(id == ^actor(:organization_id))
    end

I'd expect the call to

MyDomain.can_get_by_id?(user, resource)

MyDomain.can_get_by_id?(user, resource)

MyDomain.can_get_by_id?(user, resource)

MyDomain.can_get_by_id?(user, resource) to return false when

user.organization_id == nil

user.organization_id == nil

user.organization_id == nil

user.organization_id == nil but I'm getting a truthy value back.

What I'm doing wrong?

Solution

No, the way you're doing it makes sense.

Jump to solution

Weird policy behavior

Similar Threads

Similar Threads

Similar Threads