At the moment, while testing the authenticated webpage, when a user creates policies without being signed in, then signs in, the pre-auth policies are then emitted to the API and saved for the user. However, this occurs even when the policies are duplicates of existing ones, pointing to an issue with how permissive the uniqueness check at the top of set_user_policy is
At the moment, while testing the authenticated webpage, when a user creates policies without being signed in, then signs in, the pre-auth policies are then emitted to the API and saved for the user. However, this occurs even when the policies are duplicates of existing ones, pointing to an issue with how permissive the uniqueness check at the top of
set_user_policy
is