if ((user.role === 'MANAGER' || user.role === 'ADMIN') && !newWidgetCreation) {
        const permission = await WidgetService.hasPermission(ctx.params.widget, user, ctx.request.headers['x-api-key']);
        if (!permission) {
            ctx.throw(403, 'Forbidden');
            return;