func handleCreateContentUnit(cp utils.ContextProvider, exec boil.Executor, cu ContentUnit) (*ContentUnit, *HttpError) {
    // check object level permissions
    if !can(cp, secureToPermission(cu.Secure), common.PERM_WRITE) {
        return nil, NewForbiddenError()
    }