diff --git a/packages/backend/src/server/api/ApiCallService.ts b/packages/backend/src/server/api/ApiCallService.ts index 8dd0ba494555..809726226851 100644 --- a/packages/backend/src/server/api/ApiCallService.ts +++ b/packages/backend/src/server/api/ApiCallService.ts @@ -321,10 +321,10 @@ export class ApiCallService implements OnApplicationShutdown { if (ep.meta.requireRolePolicy != null && !user!.isRoot) { const policies = await this.roleService.getUserPolicies(user!.id); let denied: boolean; - if (Array.isArray(ep.meta.requireRolePolicy)) { - denied = ep.meta.requireRolePolicy.some(policy => !policies[policy]); - } else { + if (typeof ep.meta.requireRolePolicy === 'string') { denied = !policies[ep.meta.requireRolePolicy]; + } else { + denied = ep.meta.requireRolePolicy.some(policy => !policies[policy]); } if (denied) { throw new ApiError({