mirror of
https://github.com/mattermost/focalboard.git
synced 2024-12-21 13:38:56 +02:00
Merge pull request #4857 from mattermost/cp-4820-78
Sanitize user following config for ShowFullName and ShowEmailAddress …
This commit is contained in:
commit
627b73c1b0
@ -9,6 +9,8 @@ import (
|
||||
"github.com/mattermost/focalboard/server/model"
|
||||
"github.com/mattermost/focalboard/server/services/audit"
|
||||
"github.com/mattermost/focalboard/server/utils"
|
||||
|
||||
mmModel "github.com/mattermost/mattermost-server/v6/model"
|
||||
)
|
||||
|
||||
func (a *API) registerUsersRoutes(r *mux.Router) {
|
||||
@ -89,6 +91,18 @@ func (a *API) handleGetUsersList(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
}
|
||||
|
||||
ctx := r.Context()
|
||||
session := ctx.Value(sessionContextKey).(*model.Session)
|
||||
isSystemAdmin := a.permissions.HasPermissionTo(session.UserID, mmModel.PermissionManageSystem)
|
||||
|
||||
for _, user := range users {
|
||||
if user.ID == session.UserID {
|
||||
user.Sanitize(map[string]bool{})
|
||||
} else {
|
||||
a.app.SanitizeProfile(user, isSystemAdmin)
|
||||
}
|
||||
}
|
||||
|
||||
usersList, err := json.Marshal(users)
|
||||
if err != nil {
|
||||
a.errorResponse(w, r, err)
|
||||
@ -146,6 +160,7 @@ func (a *API) handleGetMe(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
}
|
||||
|
||||
user.Sanitize(map[string]bool{})
|
||||
userData, err := json.Marshal(user)
|
||||
if err != nil {
|
||||
a.errorResponse(w, r, err)
|
||||
@ -254,6 +269,12 @@ func (a *API) handleGetUser(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
if userID == session.UserID {
|
||||
user.Sanitize(map[string]bool{})
|
||||
} else {
|
||||
a.app.SanitizeProfile(user, a.permissions.HasPermissionTo(session.UserID, mmModel.PermissionManageSystem))
|
||||
}
|
||||
|
||||
userData, err := json.Marshal(user)
|
||||
if err != nil {
|
||||
a.errorResponse(w, r, err)
|
||||
|
@ -56,3 +56,15 @@ func (a *App) SearchUserChannels(teamID string, userID string, query string) ([]
|
||||
func (a *App) GetChannel(teamID string, channelID string) (*mmModel.Channel, error) {
|
||||
return a.store.GetChannel(teamID, channelID)
|
||||
}
|
||||
|
||||
func (a *App) SanitizeProfile(user *model.User, isAdmin bool) {
|
||||
options := map[string]bool{}
|
||||
if isAdmin {
|
||||
options["fullname"] = true
|
||||
options["email"] = true
|
||||
} else {
|
||||
options["fullname"] = a.config.ShowFullName
|
||||
options["email"] = a.config.ShowEmailAddress
|
||||
}
|
||||
user.Sanitize(options)
|
||||
}
|
||||
|
@ -98,3 +98,16 @@ func UserFromJSON(data io.Reader) (*User, error) {
|
||||
}
|
||||
return &user, nil
|
||||
}
|
||||
|
||||
func (u *User) Sanitize(options map[string]bool) {
|
||||
u.Password = ""
|
||||
u.MfaSecret = ""
|
||||
|
||||
if len(options) != 0 && !options["email"] {
|
||||
u.Email = ""
|
||||
}
|
||||
if len(options) != 0 && !options["fullname"] {
|
||||
u.FirstName = ""
|
||||
u.LastName = ""
|
||||
}
|
||||
}
|
||||
|
@ -93,6 +93,7 @@ func (s *MattermostAuthLayer) GetUserByID(userID string) (*model.User, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
user := mmUserToFbUser(mmuser)
|
||||
return &user, nil
|
||||
}
|
||||
|
@ -18,7 +18,6 @@ var errTest = errors.New("failed to patch bot")
|
||||
func TestGetBoardsBotID(t *testing.T) {
|
||||
ctrl := gomock.NewController(t)
|
||||
servicesAPI := mockservicesapi.NewMockServicesAPI(ctrl)
|
||||
|
||||
mmAuthLayer, _ := New("test", nil, nil, mlog.CreateConsoleTestLogger(true, mlog.LvlError), servicesAPI, "")
|
||||
|
||||
servicesAPI.EXPECT().EnsureBot(model.FocalboardBot).Return("", errTest)
|
||||
|
Loading…
Reference in New Issue
Block a user