diff --git a/public/openapi/read/topic/topic_id.yaml b/public/openapi/read/topic/topic_id.yaml
index e2efbabac2..0117775f39 100644
--- a/public/openapi/read/topic/topic_id.yaml
+++ b/public/openapi/read/topic/topic_id.yaml
@@ -343,6 +343,10 @@ get:
                         type: boolean
                       posts:history:
                         type: boolean
+                      posts:upvote:
+                        type: boolean
+                      posts:downvote:
+                        type: boolean
                       posts:delete:
                         type: boolean
                       posts:view_deleted:
diff --git a/src/privileges/topics.js b/src/privileges/topics.js
index cabbf3dfed..5421876fb2 100644
--- a/src/privileges/topics.js
+++ b/src/privileges/topics.js
@@ -19,6 +19,7 @@ privsTopics.get = async function (tid, uid) {
 	const privs = [
 		'topics:reply', 'topics:read', 'topics:schedule', 'topics:tag',
 		'topics:delete', 'posts:edit', 'posts:history',
+		'posts:upvote', 'posts:downvote',
 		'posts:delete', 'posts:view_deleted', 'read', 'purge',
 	];
 	const topicData = await topics.getTopicFields(tid, ['cid', 'uid', 'locked', 'deleted', 'scheduled']);
@@ -43,6 +44,8 @@ privsTopics.get = async function (tid, uid) {
 		'topics:delete': (privData['topics:delete'] && (isOwner || isModerator)) || isAdministrator,
 		'posts:edit': (privData['posts:edit'] && (!topicData.locked || isModerator)) || isAdministrator,
 		'posts:history': privData['posts:history'] || isAdministrator,
+		'posts:upvote': privData['posts:upvote'] || isAdministrator,
+		'posts:downvote': privData['posts:downvote'] || isAdministrator,
 		'posts:delete': (privData['posts:delete'] && (!topicData.locked || isModerator)) || isAdministrator,
 		'posts:view_deleted': privData['posts:view_deleted'] || isAdministrator,
 		read: privData.read || isAdministrator,
diff --git a/test/controllers.js b/test/controllers.js
index 147b393500..a926f43e0f 100644
--- a/test/controllers.js
+++ b/test/controllers.js
@@ -421,7 +421,7 @@ describe('Controllers', () => {
 					interstitials: [],
 				});
 				assert.strictEqual(result.interstitials[0].template, 'partials/email_update');
-				assert.rejects(result.interstitials[0].callback({ uid }, {
+				await assert.rejects(result.interstitials[0].callback({ uid }, {
 					email: 'invalidEmail',
 				}), { message: '[[error:invalid-email]]' });
 			});
@@ -434,7 +434,7 @@ describe('Controllers', () => {
 					interstitials: [],
 				});
 				assert.strictEqual(result.interstitials[0].template, 'partials/email_update');
-				assert.rejects(result.interstitials[0].callback({ uid }, {
+				await assert.rejects(result.interstitials[0].callback({ uid }, {
 					email: '    ',
 				}), { message: '[[error:invalid-email]]' });
 			});
diff --git a/test/tokens.js b/test/tokens.js
index 2af4221bac..8ec1130a5c 100644
--- a/test/tokens.js
+++ b/test/tokens.js
@@ -30,7 +30,7 @@ describe('API tokens', () => {
 
 	describe('.create()', () => {
 		it('should fail to create a token for a user that does not exist', async () => {
-			assert.rejects(api.utils.tokens.generate({ uid: 1 }), { message: '[[error:no-user]]' });
+			await assert.rejects(api.utils.tokens.generate({ uid: 1 }), { message: '[[error:no-user]]' });
 		});
 
 		it('should create a token for a user that exists', async () => {
@@ -63,7 +63,7 @@ describe('API tokens', () => {
 		});
 
 		it('should fail if you pass in invalid data', async () => {
-			assert.rejects(api.utils.tokens.get(token), { message: '[[error:invalid-data]]' });
+			await assert.rejects(api.utils.tokens.get(token), { message: '[[error:invalid-data]]' });
 		});
 
 		it('should show lastSeen and lastSeenISO as undefined/null if it is a new token', async () => {