fix: fix incorrect examples (#1959)

Author: innerdvations

docusaurus/docs/dev-docs/backend-customization/examples/policies.md

@@ -168,17 +168,23 @@ module.exports = async (policyContext, config, { strapi }) => {
   /**
    * If the user submitting the request is the restaurant's owner,
    * we don't allow the review creation.
-   */ 
+   */
   if (user.id === restaurant.owner.id) {
     // highlight-start
     /**
      * Throws a custom policy error
      * instead of just returning false
      * (which would result into a generic Policy Error).
-     */ 
-    throw new PolicyError('The owner of the restaurant cannot submit reviews', {
-      errCode: 'RESTAURANT_OWNER_REVIEW', // can be useful for identifying different errors on the front end
-    });
+     */
+    const error = new ApplicationError(
+      "The owner of the restaurant cannot submit reviews",
+      {
+        policy: "is-owner-review",
+        errCode: "RESTAURANT_OWNER_REVIEW", // can be useful for identifying different errors on the front end
+      }
+    );
+    error.name = "OwnerReviewError";
+    throw error;
     // highlight-end
   }
 
@@ -200,7 +206,7 @@ When a policy refuses access to a route and a default error is thrown, the follo
   "data": null,
   "error": {
       "status": 403,
-      "name": "PolicyError",
+      "name": "ForbiddenError",
       "message": "Policy Failed",
       "details": {}
   }
@@ -213,12 +219,14 @@ When a policy refuses access to a route and a default error is thrown, the follo
 
 When a policy refuses access to a route and the custom policy throws the custom error defined in the code example above, the following response will be sent when trying to query the content-type through the REST API:
 
+Note that because `ForbiddenError` (403) is always replaced with a generic message, we used an `ApplicationError` (400) to send the custom message.
+
 ```jsx
 {
   "data": null,
   "error": {
-    "status": 403,
-    "name": "PolicyError",
+    "status": 400,
+    "name": "OwnerReviewError",
     "message": "The owner of the restaurant cannot submit reviews",
     "details": {
         "policy": "is-owner-review",

docusaurus/docs/dev-docs/error-handling.md

@@ -405,6 +405,8 @@ The `ForbiddenError` class is a specific error class used when a user either doe
 | --- | --- | --- | --- |
 | `message` | `string` | The error message | `Forbidden access` |
 
+Note: `ForbiddenError` message contents will not be displayed to the Content API and will be returned to the user as an empty `UnauthorizedError`
+
 ```js
 throw new ForbiddenError('Ah ah ah, you didn\'t say the magic word');
 ```
@@ -419,6 +421,8 @@ The `UnauthorizedError` class is a specific error class used when a user doesn't
 | --- | --- | --- | --- |
 | `message` | `string` | The error message | `Unauthorized` |
 
+Note: `UnauthorizedError` message contents will not be displayed to the Content API and will be returned to the user as an empty `UnauthorizedError`
+
 ```js
 throw new UnauthorizedError('You shall not pass!');
 ```
@@ -466,6 +470,8 @@ The `PolicyError` class is a specific error designed to be used with [route poli
 throw new PolicyError('Something went wrong', { policy: 'my-policy' });
 ```
 
+Note: Because `PolicyError` extends `ForbiddenError`, it will not be displayed to the Content API and will be returned to the user as an empty `ForbiddenError` and you will need to use a different error type in your policy if you want it to be visible in the Content API.
+
 </TabItem>
 
 </Tabs>