fix(api): use forbidden() without args to preserve original error messages

ggazzo · claude · ggazzo · commit 0b2adfd1dd9c · 2026-03-23T12:50:27.000-03:00
The migrated endpoints were using forbidden('error-not-allowed') as a
type workaround, but this changed the error response from 'unauthorized'
to 'error-not-allowed', breaking existing tests.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/apps/meteor/app/api/server/v1/commands.ts b/apps/meteor/app/api/server/v1/commands.ts
@@ -391,7 +391,7 @@ API.v1.post(
 		}
 
 		if (!(await canAccessRoomIdAsync(body.roomId, this.userId))) {
-			return API.v1.forbidden('Not allowed');
+			return API.v1.forbidden();
 		}
 
 		const params = body.params ? body.params : '';
@@ -439,7 +439,7 @@ API.v1.get(
 		}
 
 		if (!(await canAccessRoomIdAsync(query.roomId, this.userId))) {
-			return API.v1.forbidden('Not allowed');
+			return API.v1.forbidden();
 		}
 
 		const params = query.params ? query.params : '';
@@ -477,7 +477,7 @@ API.v1.post(
 		}
 
 		if (!(await canAccessRoomIdAsync(body.roomId, this.userId))) {
-			return API.v1.forbidden('Not allowed');
+			return API.v1.forbidden();
 		}
 
 		const { params = '' } = body;
diff --git a/apps/meteor/app/api/server/v1/im.ts b/apps/meteor/app/api/server/v1/im.ts
@@ -198,7 +198,7 @@ const dmCloseAction = <Path extends string>(_path: Path): TypedAction<typeof dmC
 		} else {
 			const canAccess = await canAccessRoomIdAsync(roomId, this.userId);
 			if (!canAccess) {
-				return API.v1.forbidden('error-not-allowed');
+				return API.v1.forbidden();
 			}
 
 			const { subscription: subs } = await findDirectMessageRoom({ roomId }, this.userId);
@@ -247,7 +247,7 @@ const dmOpenAction = <Path extends string>(_path: Path): TypedAction<typeof dmOp
 		const { roomId } = this.bodyParams;
 		const canAccess = await canAccessRoomIdAsync(roomId, this.userId);
 		if (!canAccess) {
-			return API.v1.forbidden('error-not-allowed');
+			return API.v1.forbidden();
 		}
 
 		const { room, subscription } = await findDirectMessageRoom({ roomId }, this.userId);
@@ -302,7 +302,7 @@ const dmSetTopicAction = <Path extends string>(_path: Path): TypedAction<typeof
 
 		const canAccess = await canAccessRoomIdAsync(roomId, this.userId);
 		if (!canAccess) {
-			return API.v1.forbidden('error-not-allowed');
+			return API.v1.forbidden();
 		}
 
 		const { room } = await findDirectMessageRoom({ roomId }, this.userId);
@@ -387,14 +387,14 @@ const dmCountersAction = <Path extends string>(_path: Path): TypedAction<typeof
 
 		if (ruserId) {
 			if (!access) {
-				return API.v1.forbidden('error-not-allowed');
+				return API.v1.forbidden();
 			}
 			user = ruserId;
 		}
 		const canAccess = await canAccessRoomIdAsync(roomId, user);
 
 		if (!canAccess) {
-			return API.v1.forbidden('error-not-allowed');
+			return API.v1.forbidden();
 		}
 
 		const { room, subscription } = await findDirectMessageRoom({ roomId }, user);
@@ -466,7 +466,7 @@ const dmFilesAction = <Path extends string>(_path: Path): TypedAction<typeof dmF
 
 		const canAccess = await canAccessRoomIdAsync(room._id, this.userId);
 		if (!canAccess) {
-			return API.v1.forbidden('error-not-allowed');
+			return API.v1.forbidden();
 		}
 
 		const filter = {
@@ -528,7 +528,7 @@ const dmMembersAction = <Path extends string>(_path: Path): TypedAction<typeof d
 
 		const canAccess = await canAccessRoomIdAsync(room._id, this.userId);
 		if (!canAccess) {
-			return API.v1.forbidden('error-not-allowed');
+			return API.v1.forbidden();
 		}
 
 		const { offset, count } = await getPaginationItems(this.queryParams);
@@ -641,7 +641,7 @@ const dmMessagesAction = <Path extends string>(_path: Path): TypedAction<typeof
 
 		const canAccess = await canAccessRoomIdAsync(room._id, this.userId);
 		if (!canAccess) {
-			return API.v1.forbidden('error-not-allowed');
+			return API.v1.forbidden();
 		}
 
 		const { offset, count } = await getPaginationItems(this.queryParams);
@@ -727,7 +727,7 @@ const dmHistoryAction = <Path extends string>(_path: Path): TypedAction<typeof d
 		const result = await getChannelHistory(objectParams);
 
 		if (!result) {
-			return API.v1.forbidden('error-not-allowed');
+			return API.v1.forbidden();
 		}
 
 		return API.v1.success(result as Record<string, unknown>);

Original file line number	Diff line number	Diff line change
`@@ -391,7 +391,7 @@ API.v1.post(`
`391`	`391`	`}`
`392`	`392`
`393`	`393`	`if (!(await canAccessRoomIdAsync(body.roomId, this.userId))) {`
`394`		`- return API.v1.forbidden('Not allowed');`
	`394`	`+ return API.v1.forbidden();`
`395`	`395`	`}`
`396`	`396`
`397`	`397`	`const params = body.params ? body.params : '';`
`@@ -439,7 +439,7 @@ API.v1.get(`
`439`	`439`	`}`
`440`	`440`
`441`	`441`	`if (!(await canAccessRoomIdAsync(query.roomId, this.userId))) {`
`442`		`- return API.v1.forbidden('Not allowed');`
	`442`	`+ return API.v1.forbidden();`
`443`	`443`	`}`
`444`	`444`
`445`	`445`	`const params = query.params ? query.params : '';`
`@@ -477,7 +477,7 @@ API.v1.post(`
`477`	`477`	`}`
`478`	`478`
`479`	`479`	`if (!(await canAccessRoomIdAsync(body.roomId, this.userId))) {`
`480`		`- return API.v1.forbidden('Not allowed');`
	`480`	`+ return API.v1.forbidden();`
`481`	`481`	`}`
`482`	`482`
`483`	`483`	`const { params = '' } = body;`