Allow data team to access user history

functions/api/game-bans/_middleware.ts

@@ -5,7 +5,8 @@ export async function onRequest(context: RequestContext) {
 
   if (!currentUser) return jsonError("Not logged in", 401);
 
-  if (!(currentUser.permissions & (1 << 5))) return jsonError("Forbidden", 403);
+  if (![1 << 5, 1 << 8].find((perm) => currentUser.permissions & perm))
+    return jsonError("Forbidden", 403);
 
   return await context.next();
 }