Took me a while to figure this one out, but it feels obvious in
retrospect. The `if` expression here is only run once, when the
`^admin` object is spawned, meaning the `principal-policy` is never
actually checked when methods are called on that object. It should
instead be checked each time, as the intent here is to provide a
mechanism to disable users' access to their admin object.