-
Jonathan Frederickson authored
Took me a while to figure this one out, but it feels obvious in retrospect. The `if` expression here is only run once, when the `^admin` object is spawned, meaning the `principal-policy` is never actually checked when methods are called on that object. It should instead be checked each time, as the intent here is to provide a mechanism to disable users' access to their admin object.
dbdf5ea7