From 90a330189f50255e6a5f8ddc9ff892a773831ba8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Alm=C3=A9ciga?= <wdavid12@gmail.com>
Date: Sat, 24 Feb 2024 21:33:32 -0500
Subject: [PATCH] Update auth-and-access-control.md

Another little corrections based in my experience using Keystone. Regards!.
---
 docs/pages/docs/guides/auth-and-access-control.md | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/docs/pages/docs/guides/auth-and-access-control.md b/docs/pages/docs/guides/auth-and-access-control.md
index e5d3d326d7d..c06ab90be9f 100644
--- a/docs/pages/docs/guides/auth-and-access-control.md
+++ b/docs/pages/docs/guides/auth-and-access-control.md
@@ -203,11 +203,12 @@ type Session = {
 We can now set up **operation** access control to restrict the **create**, **update** and **delete** operations to authenticated users with the `isAdmin` checkbox set:
 
 ```ts
-const isAdmin = ({ session }: { session: Session }) => session?.data.isAdmin;
+const isAdmin = ({ session }: { session: Session }) => Boolean(session?.data.isAdmin);
 
 const Post = list({
   access: {
     operation: {
+      query: isAdmin,
       create: isAdmin,
       update: isAdmin,
       delete: isAdmin,
@@ -432,11 +433,14 @@ When you need it, you can call `context.sudo()` to create a new context with ele
 For example, we probably want to block all public access to querying users in our system:
 
 ```ts
-const isAdmin = ({ session }: { session: Session }) => session?.data.isAdmin;
+const isAdmin = ({ session }: { session: Session }) => Boolean(session?.data.isAdmin);
 
 const Person = list({
   access: {
     query: isAdmin,
+    create: isAdmin,
+    update: isAdmin,
+    delete: isAdmin
   },
   fields: {
     // see above
@@ -515,7 +519,7 @@ const isUser = ({ session }: { session: Session }) =>
 
 // Validate the current user is an Admin
 const isAdmin = ({ session }: { session: Session }) =>
-  session?.data.isAdmin;
+  Boolean(session?.data.isAdmin);
 
 // Validate the current user is updating themselves
 const isPerson = ({ session, item }: { session: Session, item: PersonData }) =>
@@ -528,7 +532,9 @@ const isAdminOrPerson = ({ session, item }: { session: Session, item: PersonData
 const Person = list({
   access: {
     operation: {
+      query: isAdmin,
       create: isAdmin,
+      update: isAdmin,      
       delete: isAdmin,
     },
     item: {