Ash policies fail when they shouldn't

 Parameters: %{"form" => %{"role" => "admin"}}
[error] SimpleDemo.Accounts.User.change_role


forbidden:

SimpleDemo.Accounts.User.change_role


Policy Breakdown
  user: %{id: "8c51795a-cc42-412f-aceb-a8b3ce36137d"}

  Policy | 🔎:

    condition: action == :change_role

    forbid if: :admin == :super_admin | ? | 🔎

SAT Solver statement:

 "action == :change_role" and
  (("action == :change_role" and false) or not "action == :change_role")

    policy action(:change_role) do
      forbid_if expr(^arg(:role) == :super_admin)
    end