backend/src/api/passenger/policies/check-creation.ts (view raw)
1import { errors } from "@strapi/utils";
2
3export default async (policyContext, _config, { strapi }) => {
4 const user = policyContext.state.user;
5 const eventId = policyContext.args?.data?.event;
6
7 if (!eventId) throw new errors.ValidationError(`No event ID provided`);
8 const event = await strapi.entityService.findOne("api::event.event", eventId);
9 if (!event) throw new errors.NotFoundError(`Event not found`);
10
11 if (event.enabled_modules?.includes("caroster-plus")) {
12 const administrators = event.administrators?.split(/, ?/) || [];
13 const isEventAdmin = [...administrators, event.email].includes(user.email);
14 if (!isEventAdmin) {
15 if (user) policyContext.args.data.user = user.id;
16 else throw new errors.ForbiddenError();
17 }
18 }
19};