From 876d3117062f3f801026d72c9359613eca7e46ed Mon Sep 17 00:00:00 2001 From: Dessalines Date: Thu, 5 Mar 2020 15:46:33 -0500 Subject: [PATCH] Remove email from GetUserDetails when not same user. Fixes #579 --- server/src/api/user.rs | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/server/src/api/user.rs b/server/src/api/user.rs index 99072a74..1d332b90 100644 --- a/server/src/api/user.rs +++ b/server/src/api/user.rs @@ -466,7 +466,7 @@ impl Perform for Oper { } }; - let user_view = UserView::read(&conn, user_details_id)?; + let mut user_view = UserView::read(&conn, user_details_id)?; let mut posts_query = PostQueryBuilder::create(&conn) .sort(&sort) @@ -502,6 +502,15 @@ impl Perform for Oper { let creator_user = admins.remove(creator_index); admins.insert(0, creator_user); + // If its not the same user, remove the email + if let Some(user_id) = user_id { + if user_details_id != user_id { + user_view.email = None; + } + } else { + user_view.email = None; + } + // Return the jwt Ok(GetUserDetailsResponse { user: user_view, -- 2.44.1