diff --git a/src/routes/apps.js b/src/routes/apps.js
index c678e7df4..3d685ea01 100644
--- a/src/routes/apps.js
+++ b/src/routes/apps.js
@@ -147,7 +147,7 @@ function install(req, res, next) {
     apps.downloadManifest(data.appStoreId, data.manifest, function (error, appStoreId, manifest) {
         if (error) return next(BoxError.toHttpError(error));
 
-        if (safe.query(data, 'manifest.addons.docker') && req.user.role !== users.ROLE_OWNER) return next(new HttpError(403, 'Only owner can install app with docker addon'));
+        if (safe.query(manifest, 'addons.docker') && req.user.role !== users.ROLE_OWNER) return next(new HttpError(403, '"owner" role is required to install app with docker addon'));
 
         data.appStoreId = appStoreId;
         data.manifest = manifest;
@@ -382,7 +382,7 @@ function repair(req, res, next) {
     if ('manifest' in data) {
         if (!data.manifest || typeof data.manifest !== 'object') return next(new HttpError(400, 'manifest must be an object'));
 
-        if (safe.query(data, 'manifest.addons.docker') && req.user.role !== users.ROLE_OWNER) return next(new HttpError(403, 'Only owner can repair app with docker addon'));
+        if (safe.query(data.manifest, 'addons.docker') && req.user.role !== users.ROLE_OWNER) return next(new HttpError(403, '"owner" role is required to repair app with docker addon'));
     }
 
     if ('dockerImage' in data) {
@@ -529,7 +529,7 @@ function update(req, res, next) {
     apps.downloadManifest(data.appStoreId, data.manifest, function (error, appStoreId, manifest) {
         if (error) return next(BoxError.toHttpError(error));
 
-        if (safe.query(data, 'manifest.addons.docker') && req.user.role !== users.ROLE_OWNER) return next(new HttpError(403, 'Only owner can install app with docker addon'));
+        if (safe.query(manifest, 'addons.docker') && req.user.role !== users.ROLE_OWNER) return next(new HttpError(403, '"owner" role is required to update app with docker addon'));
 
         data.appStoreId = appStoreId;
         data.manifest = manifest;
@@ -643,7 +643,7 @@ function exec(req, res, next) {
 
     var tty = req.query.tty === 'true';
 
-    if (safe.query(req.resource, 'manifest.addons.docker') && req.user.role !== users.ROLE_OWNER) return next(new HttpError(403, 'Only owner can exec app with docker addon'));
+    if (safe.query(req.resource, 'manifest.addons.docker') && req.user.role !== users.ROLE_OWNER) return next(new HttpError(403, '"owner" role is requied to exec app with docker addon'));
 
     apps.exec(req.resource, { cmd: cmd, rows: rows, columns: columns, tty: tty }, function (error, duplexStream) {
         if (error) return next(BoxError.toHttpError(error));