Thanks.
I was searching in documentation about the other response errors but I never found and I used ‘unauthorized’ as generic error.
So the code could be:
/config/policies/is-owner.js:
// the content type must have field named "author" that is a relation N-1 to users-permission
module.exports = async (ctx, next) => {
// must be authenticated user
if (!ctx.state.user) {
return ctx.unauthorized()
}
const collection = ctx.request.route.controller
if (!strapi.services[collection])
return ctx.notFound(`Collection ${collection} not found`)
const [content] = await strapi.services[collection].find({
id: ctx.params.id,
'author.id': ctx.state.user.id
})
if (!content) {
return ctx.forbidden(`Only the author can do this`)
}
return await next()
}