Why combine the action condition "*::*:(1=1)" with another one?

What is the purpose of having the following two action conditions simultaneously?
“actionConditions” : [
“Tenant:::(id == _context.tenant)",
"
::*:(1==1)”
]

It seems that the second one (1=1) make the tenant condition obsolete. Is that not the case?
Also, what is the default action condition if I leave this parameter empty?

ActionConditions (as Permissions) within a Role are ANDed, so in this case a Tenant.fetch() will have an ActionCondition that looks like (Tenant.id == _context.tenant && 1 == 1). Note that the Tenant ActionCondition applies to all Tenant actions whereas the 2nd ActionCondition applies to all types. Only Persistable types support ActionConditions.
In 7.9, if a Role grants access to a Persistable type action with no corresponding ActionCondition, it is the same as having a 1==1 if the type is not an AclEnabled type otherwise the Acl is used. Please refer to the AccessControl documentation (c3doc).

2 Likes