diff --git a/app/routes/short-links.tsx b/app/routes/short-links.tsx
index 788df22..249c23d 100644
--- a/app/routes/short-links.tsx
+++ b/app/routes/short-links.tsx
@@ -32,9 +32,9 @@ export async function loader({ context }: { context: RequestContext }) {
     });
 
   if (
-    ![0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
+    typeof [0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
       (i) => context.data.current_user.permissions & (1 << i),
-    )
+    ) === "undefined"
   )
     throw new Response(null, {
       status: 403,
diff --git a/app/routes/short-links_.create.tsx b/app/routes/short-links_.create.tsx
index 930c504..01ee89a 100644
--- a/app/routes/short-links_.create.tsx
+++ b/app/routes/short-links_.create.tsx
@@ -27,9 +27,9 @@ export async function loader({ context }: { context: RequestContext }) {
     });
 
   if (
-    ![0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
+    typeof [0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
       (i) => context.data.current_user.permissions & (1 << i),
-    )
+    ) === "undefined"
   )
     throw new Response(null, {
       status: 403,
diff --git a/functions/api/short-links/_middleware.ts b/functions/api/short-links/_middleware.ts
index d639c1a..2558fb6 100644
--- a/functions/api/short-links/_middleware.ts
+++ b/functions/api/short-links/_middleware.ts
@@ -6,7 +6,9 @@ export async function onRequest(context: RequestContext) {
   if (!user) return jsonError("Unauthorized", 401);
 
   if (
-    ![0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find((i) => user.permissions & (1 << i))
+    typeof [0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
+      (i) => user.permissions & (1 << i),
+    ) === "undefined"
   )
     return jsonError("Forbidden", 403);