backend/src/api/vehicle/policies/check-deletion.ts (view raw)
1import { errors } from "@strapi/utils";
2
3export default async (policyContext, config, { strapi }) => {
4 const vehicleId = policyContext.args?.id;
5 const vehicle = await strapi.entityService.findOne(
6 "api::vehicle.vehicle",
7 vehicleId,
8 {
9 populate: ["user"],
10 }
11 );
12
13 if (!vehicle) throw new errors.NotFoundError(`Vehicle not found`);
14
15 const user = policyContext.state.user;
16
17 if (vehicle.user?.id !== user.id)
18 throw new errors.UnauthorizedError(
19 "Can only delete vehicle linked to authenticated user."
20 );
21};