1import { errors } from "@strapi/utils";
 2
 3export default async (policyContext, _config, { strapi }) => {
 4  const travelId = policyContext.args?.id;
 5  const travel = await strapi.entityService.findOne(
 6    "api::travel.travel",
 7    travelId,
 8    {
 9      populate: ["event", "user"],
10    }
11  );
12
13  if (!travel) throw new errors.NotFoundError(`Travel not found`);
14
15  const event = travel.event;
16
17  const eventId = policyContext.args?.data?.event;
18  if (!!eventId && eventId !== event.id)
19    throw new errors.UnauthorizedError("Can't change travel linked event");
20
21  if (event.enabled_modules?.includes("caroster-plus")) {
22    const user = policyContext.state.user;
23    if (!user) throw new errors.ForbiddenError();
24
25    const admins = event.administrators?.split(/, ?/) || [];
26    const isAdmin = [...admins, event.email].includes(user.email);
27
28    if (isAdmin) return true;
29    else if (travel.user?.email === user.email) return true;
30    else return false;
31  }
32};