Posted: 2 Jun 2018 14:13 EDT Last activity: 9 Apr 2019 9:42 EDT
Defining The Authorization Scheme exercise
Question about Access Control Policy Condition
In "Show exercise steps" there is a description of HasEventReadAccess along with a screenshot:
I don't understand why the D condition is such - it's every time true due to .pxCreateOperator is not null definitely. It means that OTHERWISE condition will return true every time. Why not just leave the field blank?
My question was not about technical logic of implementation (of course, building resilient systems is important), but more about business logic - seems that all logic before D allows access to read an event to only specific set of roles in system (Manager, Executives etc), but the last condition just throw all conditions out and allows it to everyone (except the ones who has pxCreateOperator empty by some technical issue)