allow unauthenticated (logged-out) users to translate notes

1 files changed, 3 insertions, 10 deletions

diff --git a/packages/backend/src/server/api/endpoints/notes/translate.ts b/packages/backend/src/server/api/endpoints/notes/translate.ts
index a97542c063..d0d63518f7 100644
--- a/packages/backend/src/server/api/endpoints/notes/translate.ts
+++ b/packages/backend/src/server/api/endpoints/notes/translate.ts
@@ -20,11 +20,9 @@ import { ApiError } from '../../error.js';
 export const meta = {
 	tags: ['notes'],
 
-	// TODO allow unauthenticated if default template allows?
-	//   Maybe a value 'optional' that allows unauthenticated OR a token w/ appropriate role.
-	//   This will allow unauthenticated requests without leaking post data to restricted clients.
-	requireCredential: true,
+	requireCredential: 'optional',
 	kind: 'read:account',
+	requiredRolePolicy: 'canUseTranslator',
 
 	res: {
 		type: 'object',
@@ -88,17 +86,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		private readonly loggerService: ApiLoggerService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
-			const policies = await this.roleService.getUserPolicies(me.id);
-			if (!policies.canUseTranslator) {
-				throw new ApiError(meta.errors.unavailable);
-			}
-
 			const note = await this.getterService.getNote(ps.noteId).catch(err => {
 				if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
 				throw err;
 			});
 
-			if (!(await this.noteEntityService.isVisibleForMe(note, me.id))) {
+			if (!(await this.noteEntityService.isVisibleForMe(note, me?.id ?? null))) {
 				throw new ApiError(meta.errors.cannotTranslateInvisibleNote);
 			}