Open ymc9 opened 5 months ago
I hit this same bug, assuming I understand it correctly. When you say "type-checker error," do you mean it should fail, or are you not allowed to use the "in" operator?
I have a case where using the in
operator does not add the proper check to the generated policy for using the check
function, but it blocks it properly on actual calls.
// this still passes even if role is STANDARD or Null when called using enhancedClient.model.check('create');
@@allow('all', auth().role in ['SYSTEM', 'ADMIN'])
// But using the following works properly
@@allow('all', auth().role == 'SYSTEM' || auth().role == 'ADMIN'])
Inside the
@@deny
rule, the "in" expression should result in a type-checker error.