I would like users to be able to get a list of things that they own...but only the things that they own.
In the access control example, I thought that I could achieve that by substituting "$owner" for "admin" in the principalId property:
{
"accessType": "READ", "principalType": "ROLE", "principalId": "$owner", "permission": "ALLOW", "property": "find" },
but when I do this, and call GET /api/projects I get a 401 Authorization Required error, for both project owners and admins.
Alternatively, if I replace the principalId with $everyone, then the user is able to see thing which they do not own.
Is there a proper way to set up the ACL for this kind of owner filtering?
Thanks!
(sorry for cross posting with Gitter - but it seems like nobody is logged in there today)