Custom Role Based Access Control weird behavior between find and findOne

System Information
  • Strapi Version: 4.24.4
  • Operating System: MacOS 14.1.2
  • Database: postgres
  • Node Version: 20.9.0
  • NPM Version: 10.1.0

For a project, I need to allow users to login and access their agency’s entry, but either I’m really doing something wrong, or something’s bugged.
Let me explain: I have a “agency” collection type where I have 3k+ entries, and an agency can be attached to a user (the user object used for login → from admin, not from users-permissions) as it has a “user” property which is a relation to the user from admin.
With this base, what I want to do is when a user with a specific role “franchisé” is connected, he can only access the agency entries it is attached to, and modify it.

To do this, I’ve created a custom role based access control condition in src/index.js:
(I’ve tested with the condition registered in register or bootstrap but no real change detected)

"use strict";

const conditions = [
  {
    displayName: "Est rattaché à l'agence",
    name: "isAttachedToAgency",
    async handler(user) {
      return { user: user.id };
    },
  },
];

module.exports = {
  async register({ strapi }) {
    await strapi.admin.services.permission.conditionProvider.registerMany(
      conditions
    );
  },
  async bootstrap({ strapi }) {},
};

It’s working well when I arrive on the page that lists the agencies but when I click on an agency I get a 403 error and I’m redirected back to the list page, so it seems that the condition does not always work…
So for the find() method it works, but not for findOne() or else, if that can help better understand the situation.
Here is an example of how I implemented it:

Both Read and Update have the same condition selected.

Feel free to ask any question if I wasn’t clear in any part of the message.