Hello @fbeiger
I just checked, and as per documentation smart actions should use the permissionMiddlewareCreator.smartAction() decorator.
Note that you may also need to add the request.user and request.query parameters to calls to the RecordsGetter constructor in smart action routes / route overrides if you are using those.
router.post('/actions/mark-as-live', permissionMiddlewareCreator.smartAction(), (req, res) => {
const recordsGetter = new RecordsGetter(companies, request.user, request.query);
return recordsGetter.getIdsFromRequest(req)
.then(companyIds => companies.update({ status: 'live' }, { where: { id: companyIds }}))
.then(() => res.send({ success: 'Company is now live!' }));
});