#Policy doesn't authorize requests on guests

Good day,

I am on the way to implement Policies to my app, to increase the security (for example, that no user can see the update form, if not allowed).

To ensure that a user can't open posts that are still a draft, I check this in the Policy for Post.
When I now try to open a post as a guest, I always get a 403 because the request isn't allowed, even if the post is published.

My policy looks like this at the moment:

https://gist.github.com/syntafin/28c6f37b75df38af98a030a7fbaeb4b8

The database field is_published is a boolean field.
I even tried it without the additional if(), but the results are the same. May I misunderstood something there?

Hello @tawdry sparrow ,

Can you verify if have the middleware auth on your Post route ?
Your guest won't even go through the Policy if you have the route requires the user to br authenticated