diff --git a/src/middleware/expose.js b/src/middleware/expose.js
index 3642465c01..b4ad1d7be4 100644
--- a/src/middleware/expose.js
+++ b/src/middleware/expose.js
@@ -18,9 +18,8 @@ module.exports = function (middleware) {
 			return next();
 		}
 
-		const isAdmin = await user.isAdministrator(req.user.uid);
-		res.locals.isAdmin = isAdmin;
-		return next();
+		res.locals.isAdmin = await user.isAdministrator(req.user.uid);
+		next();
 	};
 
 	middleware.exposePrivileges = async (req, res, next) => {
@@ -36,7 +35,7 @@ module.exports = function (middleware) {
 		}
 
 		res.locals.privileges = hash;
-		return next();
+		next();
 	};
 
 	middleware.exposePrivilegeSet = async (req, res, next) => {
@@ -45,6 +44,6 @@ module.exports = function (middleware) {
 			...await privileges.global.get(req.user.uid),
 			...await privileges.admin.get(req.user.uid),
 		};
-		return next();
+		next();
 	};
 };
diff --git a/src/plugins/hooks.js b/src/plugins/hooks.js
index 108b4750ac..04603b486d 100644
--- a/src/plugins/hooks.js
+++ b/src/plugins/hooks.js
@@ -109,7 +109,7 @@ Hooks.fire = async function (hook, params) {
 		Hooks.fire('action:plugins.firehook', payload);
 	}
 	if (result !== undefined) {
-		if (deleteCaller && result && result.caller) {
+		if (deleteCaller && result && result.hasOwnProperty('caller')) {
 			delete result.caller;
 		}
 		return result;
diff --git a/test/middleware.js b/test/middleware.js
new file mode 100644
index 0000000000..767d71b08b
--- /dev/null
+++ b/test/middleware.js
@@ -0,0 +1,96 @@
+'use strict';
+
+const assert = require('assert');
+const db = require('./mocks/databasemock');
+const middleware = require('../src/middleware');
+const user = require('../src/user');
+const groups = require('../src/groups');
+
+describe('Middlewares', () => {
+	let adminUid;
+	before(async () => {
+		adminUid = await user.create({ username: 'admin', password: '123456' });
+		await groups.join('administrators', adminUid);
+	});
+	describe('expose', () => {
+		it('should expose res.locals.isAdmin = false', (done) => {
+			const resMock = { locals: {} };
+			middleware.exposeAdmin({}, resMock, () => {
+				assert.strictEqual(resMock.locals.isAdmin, false);
+				done();
+			});
+		});
+
+		it('should expose res.locals.isAdmin = true', (done) => {
+			const reqMock = { user: { uid: adminUid } };
+			const resMock = { locals: {} };
+			middleware.exposeAdmin(reqMock, resMock, () => {
+				assert.strictEqual(resMock.locals.isAdmin, true);
+				done();
+			});
+		});
+
+		it('should expose privileges in res.locals.privileges and isSelf=true', (done) => {
+			const reqMock = { user: { uid: adminUid }, params: { uid: adminUid } };
+			const resMock = { locals: {} };
+			middleware.exposePrivileges(reqMock, resMock, () => {
+				assert(resMock.locals.privileges);
+				assert.strictEqual(resMock.locals.privileges.isAdmin, true);
+				assert.strictEqual(resMock.locals.privileges.isGmod, false);
+				assert.strictEqual(resMock.locals.privileges.isPrivileged, true);
+				assert.strictEqual(resMock.locals.privileges.isSelf, true);
+				done();
+			});
+		});
+
+		it('should expose privileges in res.locals.privileges and isSelf=false', (done) => {
+			const reqMock = { user: { uid: 0 }, params: { uid: adminUid } };
+			const resMock = { locals: {} };
+			middleware.exposePrivileges(reqMock, resMock, () => {
+				assert(resMock.locals.privileges);
+				assert.strictEqual(resMock.locals.privileges.isAdmin, false);
+				assert.strictEqual(resMock.locals.privileges.isGmod, false);
+				assert.strictEqual(resMock.locals.privileges.isPrivileged, false);
+				assert.strictEqual(resMock.locals.privileges.isSelf, false);
+				done();
+			});
+		});
+
+		it('should expose privilege set', (done) => {
+			const reqMock = { user: { uid: adminUid } };
+			const resMock = { locals: {} };
+			middleware.exposePrivilegeSet(reqMock, resMock, () => {
+				assert(resMock.locals.privileges);
+				console.log(resMock.locals.privileges);
+				assert.deepStrictEqual(resMock.locals.privileges, {
+					chat: true,
+					'upload:post:image': true,
+					'upload:post:file': true,
+					signature: true,
+					invite: true,
+					'group:create': true,
+					'search:content': true,
+					'search:users': true,
+					'search:tags': true,
+					'view:users': true,
+					'view:tags': true,
+					'view:groups': true,
+					'local:login': true,
+					ban: true,
+					'view:users:info': true,
+					'admin:dashboard': true,
+					'admin:categories': true,
+					'admin:privileges': true,
+					'admin:admins-mods': true,
+					'admin:users': true,
+					'admin:groups': true,
+					'admin:tags': true,
+					'admin:settings': true,
+					superadmin: true,
+				});
+				done();
+			});
+		});
+	});
+});
+