backend/src/api/passenger/policies/check-update.ts (view raw)
1import { errors } from "@strapi/utils";
2
3export default async (policyContext, _config, { strapi }) => {
4 const passengerId = policyContext.args?.id;
5 const passenger = await strapi.entityService.findOne(
6 "api::passenger.passenger",
7 passengerId,
8 {
9 populate: ["event", "user"],
10 }
11 );
12
13 if (!passenger) throw new errors.NotFoundError("Passenger not found");
14
15 const event = passenger.event;
16
17 if (event.enabled_modules?.includes("caroster-plus")) {
18 const user = policyContext.state.user;
19 if (!user) throw new errors.ForbiddenError();
20 else if (!passenger.user) return true;
21
22 const admins = event.administrators?.split(/, ?/) || [];
23 const isAdmin = [...admins, event.email].includes(user.email);
24 if (isAdmin) return true;
25 else if (passenger.user.id == user.id) return true;
26 else return false;
27 }
28};