AND condition does not await async custom conditions passed as args

[kang-sctg]

Hi- your library is really enjoyable and intuitive to use! I ran into an issue with the AND condition; if you pass it any async custom conditions as args, it does not await those conditions.

Example- given the following grant definition:

{
  role: 'manager',
  resource: 'customers',
  action: 'PUT',
  attributes: ['*'],
  condition: {
    Fn: 'AND',
    args: [
      { Fn: 'custom:sameCustomer }, //sync
      { Fn: 'custom:userCanAccessResource' }, // async
    ],
  },
},

custom:userCanAccessResource is not awaited before permission is evaluated- permission.granted evaluates to "true" as long as all other conditions are met.

Even if you remove custom:sameOwner, you get the same result, so it doesn't seem to be an issue with combining sync with async conditions.

Looks like && Promise.resolve(elm) == elm in the containsPromises method is the culprit; if you comment out that condition, async custom functions passed to AND get awaited properly.

It would seem that removing this logic is the fix, but is there a reason that it's there & should not be removed?

[koladilip]

How are you checking for the grants? Please paste the code here.