backend/src/api/travel/policies/check-deletion.ts (view raw)
1import { errors } from "@strapi/utils";
2
3export default async (policyContext, config, { strapi }) => {
4 const travelId = policyContext.args?.id;
5 const travel = await strapi.entityService.findOne(
6 "api::travel.travel",
7 travelId,
8 {
9 populate: ["event", "user"],
10 }
11 );
12
13 if (!travel) throw new errors.NotFoundError(`Travel not found`);
14
15 const event = travel.event;
16
17 if (event.enabled_modules?.includes("caroster-plus")) {
18 const user = policyContext.state.user;
19 if (!user) throw new errors.ForbiddenError();
20
21 const admins = event.administrators?.split(/, ?/) || [];
22 const isAdmin = [...admins, event.email].includes(user.email);
23
24 if (isAdmin) {
25 // TODO Create notification to travel's linked user
26 return true;
27 } else if (travel.user?.email === user.email) return true;
28 else return false;
29 }
30};