+const ensureAuthUserOwnsAccountValidator = [
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ const user = res.locals.oauth.token.User
+
+ if (res.locals.account.id !== user.Account.id) {
+ return res.status(403)
+ .send({ error: 'Only owner can access ratings list.' })
+ .end()
+ }
+
+ return next()
+ }
+]
+