Hey! i have a list as attr for request.ressource. So i tried to check whether all elements in a list match the principal id so i have this condition :

condition:
        match:
          expr: R.attr.all(content, content.author.user.employerId == V.user_employer_id)

# where user_employer_id = P.attr.user.employerId

but i got this error on cerbos console :

{
  "log.level": "error",
  "@timestamp": "2023-04-03T12:00:11.755Z",
  "log.logger": "cerbos.grpc",
  "message": "Policy check failed",
  "grpc.start_time": "2023-04-03T12:00:11Z",
  "system": "grpc",
  "span.kind": "server",
  "grpc.service": "cerbos.svc.v1.CerbosService",
  "grpc.method": "CheckResources",
  "peer.address": "172.17.0.1:36048",
  "cerbos": {
    "call_id": "01GX3FTCXCDAS2SXWCKCQX1P8V"
  },
  "error": "failed to get check for [article.default]: policy compilation error: 1 compilation errors:\npolicies/articles.yaml: Invalid expression in resource rule 'rule-005' (failed to compile `R.attr.all(article, article.author.user.employerId == V.user_employer_id)` [type 'primitive:STRING' does not support field selection])"
}

how can i check if user and author id are the same for every items of the list ?

What's your list attribute called? The expression

R.attr.all(...)

is iterating through all the attributes. I assume you want to iterate through just the list attribute, so it should be something like

R.attr.articles.all(...)

(assuming the attribute is called

articles

).

ok it works thank you. I was putting my document inside attr like that in nestJS

resource: {
  kind: access.resource,
  id: "document.id",
  attributes: document,
},

so i thought attr was like

attributes = [...content]

everything works when i change to

attributes: { document }

instead thanks!