strict_check_result: {:ok, [ %{ {Ash.Policy.Check.RelatesToActorVia, [ relationship_path: [:organization, :admin_members, :user], field: nil, access_type: :filter ]} => true }, %{ {Ash.Policy.Check.RelatesToActorVia, [relationship_path: [:user], field: nil, access_type: :filter]} => true } ], %Ash.Policy.Authorizer{ actor: %CauseBeacon.Accounts.User{ confirmed_at: nil, translations: nil, id: "fd262dae-f00d-47b4-b718-05cdbd3552af", email: #Ash.CiString<"tania1941@bruen.com">, first_name: "Delmer", last_name: "Nicolas", nickname: nil, phone_number: "55555555", phone_country_code: "852", photo_url: "https://robohash.org/set_set2/bgset_bg2/jVykyA3pAFO3", locale: :en, super_admin: false, gender: :female, date_of_birth: ~D[2008-12-17], preferred_language: :zh_CN, nationality: :de, passport_number: "9XqKLoan", national_id_number: "UGCz7lGY", permanent_resident: true, inserted_at: ~U[2025-10-20 12:19:17.830585Z], updated_at: ~U[2025-10-20 12:19:17.830585Z], first_name_zh: #Ash.NotLoaded<:calculation, field: :first_name_zh>, last_name_zh: #Ash.NotLoaded<:calculation, field: :last_name_zh>, full_name: #Ash.NotLoaded<:calculation, field: :full_name>, display_name: #Ash.NotLoaded<:calculation, field: :display_name>, full_phone_number: #Ash.NotLoaded<:calculation, field: :full_phone_number>, age: #Ash.NotLoaded<:calculation, field: :age>, members: #Ash.NotLoaded<:relationship, field: :members>, activated_members: #Ash.NotLoaded<:relationship, field: :activated_members>, admin_members: #Ash.NotLoaded<:relationship, field: :admin_members>, accepted_admin_members: #Ash.NotLoaded<:relationship, field: :accepted_admin_members>, organizations: #Ash.NotLoaded<:relationship, field: :organizations>, notifications: #Ash.NotLoaded<:relationship, field: :notifications>, __meta__: #Ecto.Schema.Metadata<:loaded, "users"> }, resource: CauseBeacon.Organizations.AdminMember, query: #Ash.Query< resource: CauseBeacon.Organizations.AdminMember, action: :read, tenant: "478a0fde-d9d4-41a8-9d99-3e6dc262e213", filter: #Ash.Filter, select: [:default, :id, :status, :level, :inserted_at, :updated_at, :user_id, :organization_id, :role_id] >, changeset: nil, action_input: nil, data: nil, action: %Ash.Resource.Actions.Read{ arguments: [], description: nil, filter: nil, filters: [], get_by: [], get?: false, manual: nil, metadata: [], skip_unknown_inputs: [], skip_global_validations?: false, modify_query: nil, multitenancy: :enforce, name: :read, pagination: %Ash.Resource.Actions.Read.Pagination{ default_limit: nil, max_page_size: 250, countable: true, stable_sort: nil, required?: false, keyset?: true, offset?: true, __spark_metadata__: nil }, preparations: [], primary?: true, touches_resources: [], timeout: nil, transaction?: false, type: :read, __spark_metadata__: nil }, domain: CauseBeacon.Organizations, scenarios: nil, real_scenarios: nil, check_scenarios: nil, subject: #Ash.Query< resource: CauseBeacon.Organizations.AdminMember, action: :read, tenant: "478a0fde-d9d4-41a8-9d99-3e6dc262e213", filter: #Ash.Filter, select: [:default, :id, :status, :level, :inserted_at, :updated_at, :user_id, :organization_id, :role_id] >, for_fields: nil, solver_statement: {:or, {Ash.Policy.Check.RelatesToActorVia, [relationship_path: [:user], field: nil, access_type: :filter]}, {Ash.Policy.Check.RelatesToActorVia, [ relationship_path: [:organization, :admin_members, :user], field: nil, access_type: :filter ]}}, context: %{ private: %{ tracer: [], actor: %CauseBeacon.Accounts.User{ confirmed_at: nil, translations: nil, id: "fd262dae-f00d-47b4-b718-05cdbd3552af", email: #Ash.CiString<"tania1941@bruen.com">, first_name: "Delmer", last_name: "Nicolas", nickname: nil, phone_number: "55555555", phone_country_code: "852", photo_url: "https://robohash.org/set_set2/bgset_bg2/jVykyA3pAFO3", locale: :en, super_admin: false, gender: :female, date_of_birth: ~D[2008-12-17], preferred_language: :zh_CN, nationality: :de, passport_number: "9XqKLoan", national_id_number: "UGCz7lGY", permanent_resident: true, inserted_at: ~U[2025-10-20 12:19:17.830585Z], updated_at: ~U[2025-10-20 12:19:17.830585Z], first_name_zh: #Ash.NotLoaded<:calculation, field: :first_name_zh>, last_name_zh: #Ash.NotLoaded<:calculation, field: :last_name_zh>, full_name: #Ash.NotLoaded<:calculation, field: :full_name>, display_name: #Ash.NotLoaded<:calculation, field: :display_name>, full_phone_number: #Ash.NotLoaded<:calculation, field: :full_phone_number>, age: #Ash.NotLoaded<:calculation, field: :age>, members: #Ash.NotLoaded<:relationship, field: :members>, activated_members: #Ash.NotLoaded<:relationship, field: :activated_members>, ... }, authorize?: true, async_limiter: nil, loading_relationships?: true, pre_flight_authorization?: false, authorizer_log?: false }, shared: nil, accessing_from: %{ name: :admin_members, source: CauseBeacon.Organizations.Organization }, parent_stack: [CauseBeacon.Organizations.Organization] }, policies: [ %Ash.Policy.Policy{ condition: [ {Ash.Policy.Check.Action, [action: [:super_admin_reinvite], access_type: :filter]} ], policies: [ %Ash.Policy.Check{ check: {Ash.Policy.Check.ActorAttributeEquals, [attribute: :super_admin, value: true]}, check_module: Ash.Policy.Check.ActorAttributeEquals, check_opts: [ attribute: :super_admin, value: true, access_type: :filter ], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 184 ], properties_anno: %{} } } ], bypass?: nil, description: "Rejoin is only for superadmin!", access_type: :filter, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ end_location: 181, file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 182 ], properties_anno: %{ description: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 183 ] } } }, %Ash.Policy.Policy{ condition: [ {Ash.Policy.Check.Action, [action: [:invite, :set_rights], access_type: :filter]} ], policies: [ %Ash.Policy.Check{ check: {Ash.Policy.Check.ActorAttributeEquals, [attribute: :super_admin, value: true]}, check_module: Ash.Policy.Check.ActorAttributeEquals, check_opts: [ attribute: :super_admin, value: true, access_type: :filter ], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 188 ], properties_anno: %{} } }, %Ash.Policy.Check{ check: {CauseBeacon.Organizations.AdminMember.CanManageResource, []}, check_module: CauseBeacon.Organizations.AdminMember.CanManageResource, check_opts: [access_type: :filter], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 189 ], properties_anno: %{} } } ], bypass?: nil, description: nil, access_type: :filter, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ end_location: 181, file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 187 ], properties_anno: %{} } }, %Ash.Policy.Policy{ condition: [ {Ash.Policy.Check.Action, [action: [:reinvite], access_type: :filter]} ], policies: [ %Ash.Policy.Check{ check: {Ash.Policy.Check.Expression, [expr: not (status in [:refused, :removed])]}, check_module: Ash.Policy.Check.Expression, check_opts: [ expr: not (status in [:refused, :removed]), access_type: :filter ], type: :forbid_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 194 ], properties_anno: %{} } }, %Ash.Policy.Check{ check: {Ash.Policy.Check.Static, [result: true]}, check_module: Ash.Policy.Check.Static, check_opts: [result: true, access_type: :filter], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 195 ], properties_anno: %{} } } ], bypass?: nil, description: nil, access_type: :filter, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ end_location: 181, file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 193 ], properties_anno: %{} } }, %Ash.Policy.Policy{ condition: [ {Ash.Policy.Check.Action, [action: [:remove], access_type: :filter]} ], policies: [ %Ash.Policy.Check{ check: {Ash.Policy.Check.Expression, [expr: status == :removed]}, check_module: Ash.Policy.Check.Expression, check_opts: [expr: status == :removed, access_type: :filter], type: :forbid_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 199 ], properties_anno: %{} } }, %Ash.Policy.Check{ check: {Ash.Policy.Check.ActorAttributeEquals, [attribute: :super_admin, value: true]}, check_module: Ash.Policy.Check.ActorAttributeEquals, check_opts: [ attribute: :super_admin, value: true, access_type: :filter ], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 200 ], properties_anno: %{} } }, %Ash.Policy.Check{ check: {CauseBeacon.Organizations.AdminMember.CanManageResource, []}, check_module: CauseBeacon.Organizations.AdminMember.CanManageResource, check_opts: [access_type: :filter], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 201 ], properties_anno: %{} } } ], bypass?: nil, description: nil, access_type: :filter, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ end_location: 181, file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 198 ], properties_anno: %{} } }, %Ash.Policy.Policy{ condition: [ {Ash.Policy.Check.Action, [action: [:accept], access_type: :filter]} ], policies: [ %Ash.Policy.Check{ check: {Ash.Policy.Check.ActorAttributeEquals, [attribute: :super_admin, value: true]}, check_module: Ash.Policy.Check.ActorAttributeEquals, check_opts: [ attribute: :super_admin, value: true, access_type: :filter ], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 206 ], properties_anno: %{} } }, %Ash.Policy.Check{ check: {Ash.Policy.Check.Expression, [expr: not (status in [:invited, :refused])]}, check_module: Ash.Policy.Check.Expression, check_opts: [ expr: not (status in [:invited, :refused]), access_type: :filter ], type: :forbid_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 207 ], properties_anno: %{} } }, %Ash.Policy.Check{ check: {Ash.Policy.Check.RelatesToActorVia, [relationship_path: [:user], field: nil]}, check_module: Ash.Policy.Check.RelatesToActorVia, check_opts: [ relationship_path: [:user], field: nil, access_type: :filter ], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 208 ], properties_anno: %{} } }, %Ash.Policy.Check{ check: {Ash.Policy.Check.AccessingFrom, [source: CauseBeacon.Accounts.User, relationship: :admin_members]}, check_module: Ash.Policy.Check.AccessingFrom, check_opts: [ source: CauseBeacon.Accounts.User, relationship: :admin_members, access_type: :filter ], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 209 ], properties_anno: %{} } } ], bypass?: nil, description: nil, access_type: :filter, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ end_location: 181, file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 205 ], properties_anno: %{} } }, %Ash.Policy.Policy{ condition: [ {Ash.Policy.Check.Action, [action: [:refuse], access_type: :filter]} ], policies: [ %Ash.Policy.Check{ check: {Ash.Policy.Check.Expression, [expr: not (status in [:invited, :accepted])]}, check_module: Ash.Policy.Check.Expression, check_opts: [ expr: not (status in [:invited, :accepted]), access_type: :filter ], type: :forbid_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 213 ], properties_anno: %{} } }, %Ash.Policy.Check{ check: {Ash.Policy.Check.RelatesToActorVia, [relationship_path: [:user], field: nil]}, check_module: Ash.Policy.Check.RelatesToActorVia, check_opts: [ relationship_path: [:user], field: nil, access_type: :filter ], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 214 ], properties_anno: %{} } } ], bypass?: nil, description: nil, access_type: :filter, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ end_location: 181, file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 212 ], properties_anno: %{} } }, %Ash.Policy.Policy{ condition: [ {Ash.Policy.Check.Action, [ action: [:set_default_member, :unset_default_member], access_type: :filter ]} ], policies: [ %Ash.Policy.Check{ check: {Ash.Policy.Check.RelatesToActorVia, [relationship_path: [:user], field: nil]}, check_module: Ash.Policy.Check.RelatesToActorVia, check_opts: [ relationship_path: [:user], field: nil, access_type: :filter ], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 218 ], properties_anno: %{} } } ], bypass?: nil, description: nil, access_type: :filter, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ end_location: {218, 7}, file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 217 ], properties_anno: %{} } }, %Ash.Policy.Policy{ condition: [ {Ash.Policy.Check.Action, [action: [:read, :search], access_type: :filter]} ], policies: [ %Ash.Policy.Check{ check: {Ash.Policy.Check.RelatesToActorVia, [relationship_path: [:user], field: nil]}, check_module: Ash.Policy.Check.RelatesToActorVia, check_opts: [ relationship_path: [:user], field: nil, access_type: :filter ], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 228 ], properties_anno: %{} } }, %Ash.Policy.Check{ check: {Ash.Policy.Check.RelatesToActorVia, [ relationship_path: [:organization, :admin_members, :user], field: nil ]}, check_module: Ash.Policy.Check.RelatesToActorVia, check_opts: [ relationship_path: [:organization, :admin_members, :user], field: nil, access_type: :filter ], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 229 ], properties_anno: %{} } }, %Ash.Policy.Check{ check: {Ash.Policy.Check.AccessingFrom, [source: CauseBeacon.Accounts.User, relationship: :admin_members]}, check_module: Ash.Policy.Check.AccessingFrom, check_opts: [ source: CauseBeacon.Accounts.User, relationship: :admin_members, access_type: :filter ], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 230 ], properties_anno: %{} } }, %Ash.Policy.Check{ check: {Ash.Policy.Check.AccessingFrom, [ source: CauseBeacon.Accounts.User, relationship: :accepted_admin_members ]}, check_module: Ash.Policy.Check.AccessingFrom, check_opts: [ source: CauseBeacon.Accounts.User, relationship: :accepted_admin_members, access_type: :filter ], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 231 ], properties_anno: %{} } }, %Ash.Policy.Check{ check: {Ash.Policy.Check.AccessingFrom, [ source: CauseBeacon.Activities.AssigneeJoin, relationship: :admin_member ]}, check_module: Ash.Policy.Check.AccessingFrom, check_opts: [ source: CauseBeacon.Activities.AssigneeJoin, relationship: :admin_member, access_type: :filter ], type: :authorize_if, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 232 ], properties_anno: %{} } } ], bypass?: nil, description: nil, access_type: :filter, __spark_metadata__: %Spark.Dsl.Entity.Meta{ anno: [ end_location: 181, file: ~c"/Users/allen/Documents/clients/cause_beacon/cause_beacon/lib/cause_beacon/organizations/admin_member.ex", location: 226 ], properties_anno: %{} } } ], facts: %{ {Ash.Policy.Check.AccessingFrom, [ source: CauseBeacon.Accounts.User, relationship: :accepted_admin_members, access_type: :filter ]} => false, {Ash.Policy.Check.AccessingFrom, [ source: CauseBeacon.Accounts.User, relationship: :admin_members, access_type: :filter ]} => false, {Ash.Policy.Check.AccessingFrom, [ source: CauseBeacon.Activities.AssigneeJoin, relationship: :admin_member, access_type: :filter ]} => false, {Ash.Policy.Check.Action, [action: [:accept], access_type: :filter]} => false, {Ash.Policy.Check.Action, [action: [:invite], access_type: :filter]} => false, {Ash.Policy.Check.Action, [action: [:read], access_type: :filter]} => true, {Ash.Policy.Check.Action, [action: [:refuse], access_type: :filter]} => false, {Ash.Policy.Check.Action, [action: [:reinvite], access_type: :filter]} => false, {Ash.Policy.Check.Action, [action: [:remove], access_type: :filter]} => false, {Ash.Policy.Check.Action, [action: [:set_default_member], access_type: :filter]} => false, {Ash.Policy.Check.Action, [action: [:set_rights], access_type: :filter]} => false, {Ash.Policy.Check.Action, [action: [:super_admin_reinvite], access_type: :filter]} => false, {Ash.Policy.Check.Action, [action: [:unset_default_member], access_type: :filter]} => false, {Ash.Policy.Check.RelatesToActorVia, [ relationship_path: [:organization, :admin_members, :user], field: nil, access_type: :filter ]} => :unknown, {Ash.Policy.Check.RelatesToActorVia, [relationship_path: [:user], field: nil, access_type: :filter]} => :unknown }, data_facts: %{} }}