From: eiknat Date: Sat, 8 Aug 2020 02:43:33 +0000 (-0400) Subject: user_view: add fn to return sanitized fields X-Git-Url: http://these/git/%7B%60%24%7BwebArchiveUrl%7D/%22%7B%7D/%22https:/nerdica.net/search?a=commitdiff_plain;h=492e8ad655562bfba83132c419387f20ed876b2c;p=lemmy.git user_view: add fn to return sanitized fields --- diff --git a/server/lemmy_db/src/user_view.rs b/server/lemmy_db/src/user_view.rs index ce75ef4d..f304b176 100644 --- a/server/lemmy_db/src/user_view.rs +++ b/server/lemmy_db/src/user_view.rs @@ -223,4 +223,33 @@ impl UserView { .filter(banned.eq(true)) .load::(conn) } + + pub fn get_user_secure(conn: &PgConnection, user_id: i32) -> Result { + use super::user_view::user_fast::dsl::*; + use diesel::sql_types::{Nullable, Text}; + user_fast + .select(( + id, + actor_id, + name, + preferred_username, + avatar, + banner, + "".into_sql::>(), + matrix_user_id, + bio, + local, + admin, + banned, + show_avatars, + send_notifications_to_email, + published, + number_of_posts, + post_score, + number_of_comments, + comment_score, + )) + .find(user_id) + .first::(conn) + } } diff --git a/server/src/api/user.rs b/server/src/api/user.rs index ffdcee9a..f5ab84c5 100644 --- a/server/src/api/user.rs +++ b/server/src/api/user.rs @@ -857,7 +857,7 @@ impl Perform for Oper { blocking(pool, move |conn| ModBan::create(conn, &form)).await??; let user_id = data.user_id; - let user_view = blocking(pool, move |conn| UserView::read(conn, user_id)).await??; + let user_view = blocking(pool, move |conn| UserView::get_user_secure(conn, user_id)).await??; let res = BanUserResponse { user: user_view,