Setting up role privileges from JS drivers

Hello,
I have a bunch of documents from a collection named “Networks” where each network can have a state “public” or “private”.
I’m trying to set up an unauthenticated role that can only view public networks (and later logged in users who can also view their own private networks).

This is my code (using the JS drivers):

const faunadb = require("faunadb");
key = "adminKey" // this is just a placeholder for the real admin key
const client = new faunadb.Client({secret: key});
const q = faunadb.query;

let response = await client.query(q.CreateRole({
   name: "not_authenticated",
   membership: [{
        resource: q.Collection("users")
    }],
    privileges: [
        {
            resource: q.Collection("Networks"),
            actions: {
                read: client.query(data => {
                    q.Equals(
                         "public",
                          q.Select(["data", "state"], data)
                      )
                }),
                create: false,
                write: false,
                delete: false
            }
         }, 
         {
               resource: q.Index("NetworksStatus"),
               actions: {
                     read: true,
                     create: false,
                     write: false,
                     delete: false
              }
         }
    ]
}));

The actions read key(response[0].actions.read) inside the response variable doesn’t exist. On top of that, when querying the server with a not_authenticated key it returns an empty array instead of public networks (it’s querying a readble index “NetworksStatus” that contains all networks with exposed status).
I’ve also tryed with a q.Lambda() method instead but get the same result.

Thx in advance for your help.

@terazus Instead of

{
  resource: q.Collection("Networks"),
  actions: {
      read: client.query(data => {
          q.Equals(
                "public",
                q.Select(["data", "state"], data)
            )
      }),
      create: false,
      write: false,
      delete: false
  }
},

try

{
  resource: q.Collection("Networks"),
  actions: {
      read: q.Query(
        q.Lambda("data",
          q.Equals(
            "public",
            q.Select(["data", "state"], q.Var("data"))
          )
      ),
      create: false,
      write: false,
      delete: false
  }
},