summaryrefslogtreecommitdiff
path: root/packages/backend/src/server/api/endpoints/notes
diff options
context:
space:
mode:
Diffstat (limited to 'packages/backend/src/server/api/endpoints/notes')
-rw-r--r--packages/backend/src/server/api/endpoints/notes/translate.ts13
1 files changed, 3 insertions, 10 deletions
diff --git a/packages/backend/src/server/api/endpoints/notes/translate.ts b/packages/backend/src/server/api/endpoints/notes/translate.ts
index a97542c063..d0d63518f7 100644
--- a/packages/backend/src/server/api/endpoints/notes/translate.ts
+++ b/packages/backend/src/server/api/endpoints/notes/translate.ts
@@ -20,11 +20,9 @@ import { ApiError } from '../../error.js';
export const meta = {
tags: ['notes'],
- // TODO allow unauthenticated if default template allows?
- // Maybe a value 'optional' that allows unauthenticated OR a token w/ appropriate role.
- // This will allow unauthenticated requests without leaking post data to restricted clients.
- requireCredential: true,
+ requireCredential: 'optional',
kind: 'read:account',
+ requiredRolePolicy: 'canUseTranslator',
res: {
type: 'object',
@@ -88,17 +86,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private readonly loggerService: ApiLoggerService,
) {
super(meta, paramDef, async (ps, me) => {
- const policies = await this.roleService.getUserPolicies(me.id);
- if (!policies.canUseTranslator) {
- throw new ApiError(meta.errors.unavailable);
- }
-
const note = await this.getterService.getNote(ps.noteId).catch(err => {
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw err;
});
- if (!(await this.noteEntityService.isVisibleForMe(note, me.id))) {
+ if (!(await this.noteEntityService.isVisibleForMe(note, me?.id ?? null))) {
throw new ApiError(meta.errors.cannotTranslateInvisibleNote);
}
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 12:45:36 +0000