func handleCreateCollection(cp utils.ContextProvider, exec boil.Executor, c Collection) (*Collection, *HttpError) {
    // check object level permissions
    if !can(cp, secureToPermission(c.Secure), common.PERM_WRITE) {
        return nil, NewForbiddenError()
    }