fix: ユーザー範囲一覧で凍結者が閲覧できるのは管理者のみ

packages/backend/src/server/api/endpoints/users/show.ts

@@ -90,14 +90,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 		super(meta, paramDef, async (ps, me, _1, _2, _3, ip) => {
 			let user;
 
-			const isModerator = await this.roleService.isModerator(me);
-
 			if (ps.userIds) {
 				if (ps.userIds.length === 0) {
 					return [];
 				}
 
-				const users = await this.usersRepository.findBy(isModerator ? {
+        const isAdministrator = await this.roleService.isAdministrator(me);
+
+				const users = await this.usersRepository.findBy(isAdministrator ? {
 					id: In(ps.userIds),
 				} : {
 					id: In(ps.userIds),
@@ -114,6 +114,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 					detail: true,
 				})));
 			} else {
+        const isModerator = await this.roleService.isModerator(me);
+
 				// Lookup user
 				if (typeof ps.host === 'string' && typeof ps.username === 'string') {
 					user = await this.remoteUserResolveService.resolveUser(ps.username, ps.host).catch(err => {