fix: #10906, allow `middleware.checkAccountPermissions` to be called with either uid or userslug in params

Previously, the middleware only worked with userslug params

src/middleware/user.js

@@ -165,7 +165,11 @@ module.exports = function (middleware) {
 			return controllers.helpers.notAllowed(req, res);
 		}
 
-		const uid = await user.getUidByUserslug(req.params.userslug);
+		if (!['uid', 'userslug'].some(param => req.params.hasOwnProperty(param))) {
+			return controllers.helpers.notAllowed(req, res);
+		}
+
+		const uid = req.params.uid || await user.getUidByUserslug(req.params.userslug);
 		let allowed = await privileges.users.canEdit(req.uid, uid);
 		if (allowed) {
 			return next();