user_view: add fn to return sanitized fields

diff --git a/server/lemmy_db/src/user_view.rs b/server/lemmy_db/src/user_view.rs
index ce75ef4d22ea5b2584baf30bef2cea32ffeb7af0..f304b1769380575103e085cd90ff0e752786432c 100644 (file)
--- a/server/lemmy_db/src/user_view.rs
+++ b/server/lemmy_db/src/user_view.rs
@@ -223,4 +223,33 @@ impl UserView {
       .filter(banned.eq(true))
       .load::<Self>(conn)
   }
+
+  pub fn get_user_secure(conn: &PgConnection, user_id: i32) -> Result<Self, Error> {
+    use super::user_view::user_fast::dsl::*;
+    use diesel::sql_types::{Nullable, Text};
+    user_fast
+      .select((
+        id,
+        actor_id,
+        name,
+        preferred_username,
+        avatar,
+        banner,
+        "".into_sql::<Nullable<Text>>(),
+        matrix_user_id,
+        bio,
+        local,
+        admin,
+        banned,
+        show_avatars,
+        send_notifications_to_email,
+        published,
+        number_of_posts,
+        post_score,
+        number_of_comments,
+        comment_score,
+      ))
+      .find(user_id)
+      .first::<Self>(conn)
+  }
 }

diff --git a/server/src/api/user.rs b/server/src/api/user.rs
index ffdcee9a2002e0c3d6fd9094701434c37c5428b6..f5ab84c51846816f9f523ac1c43c9c77f61a02fa 100644 (file)
--- a/server/src/api/user.rs
+++ b/server/src/api/user.rs
@@ -857,7 +857,7 @@ impl Perform for Oper<BanUser> {
     blocking(pool, move |conn| ModBan::create(conn, &form)).await??;
 
     let user_id = data.user_id;
-    let user_view = blocking(pool, move |conn| UserView::read(conn, user_id)).await??;
+    let user_view = blocking(pool, move |conn| UserView::get_user_secure(conn, user_id)).await??;
 
     let res = BanUserResponse {
       user: user_view,