diff options
author | Christopher Speller <crspeller@gmail.com> | 2016-09-02 12:24:20 -0400 |
---|---|---|
committer | Corey Hulen <corey@hulen.com> | 2016-09-02 08:24:20 -0800 |
commit | eb0111f6bbe2b0bf160a674dfe1b4d089f905cb9 (patch) | |
tree | 153eb3766b04b58171cad0f2e70136ff84c0d123 /api/user.go | |
parent | 717e8197ffd378d644d868a1b5e9f96c5385b41e (diff) | |
download | chat-eb0111f6bbe2b0bf160a674dfe1b4d089f905cb9.tar.gz chat-eb0111f6bbe2b0bf160a674dfe1b4d089f905cb9.tar.bz2 chat-eb0111f6bbe2b0bf160a674dfe1b4d089f905cb9.zip |
Fixing SanitizeProfile (#3930)
Diffstat (limited to 'api/user.go')
-rw-r--r-- | api/user.go | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/api/user.go b/api/user.go index b0d2c79b4..daa405ad4 100644 --- a/api/user.go +++ b/api/user.go @@ -898,8 +898,7 @@ func getInitialLoad(c *Context, w http.ResponseWriter, r *http.Request) { profiles := dp.Data.(map[string]*model.User) for k, p := range profiles { - p.SanitizeProfile(c.IsSystemAdmin(), false, true, true) - profiles[k] = p + profiles[k] = sanitizeProfile(c, p) } il.DirectProfiles = profiles @@ -974,8 +973,7 @@ func getProfilesForDirectMessageList(c *Context, w http.ResponseWriter, r *http. profiles := result.Data.(map[string]*model.User) for k, p := range profiles { - p.SanitizeProfile(c.IsSystemAdmin(), false, false, false) - profiles[k] = p + profiles[k] = sanitizeProfile(c, p) } w.Write([]byte(model.UserMapToJson(profiles))) @@ -1004,8 +1002,7 @@ func getProfiles(c *Context, w http.ResponseWriter, r *http.Request) { profiles := result.Data.(map[string]*model.User) for k, p := range profiles { - p.SanitizeProfile(c.IsSystemAdmin(), false, true, true) - profiles[k] = p + profiles[k] = sanitizeProfile(c, p) } w.Header().Set(model.HEADER_ETAG_SERVER, etag) @@ -1026,8 +1023,7 @@ func getDirectProfiles(c *Context, w http.ResponseWriter, r *http.Request) { profiles := result.Data.(map[string]*model.User) for k, p := range profiles { - p.SanitizeProfile(c.IsSystemAdmin(), false, true, true) - profiles[k] = p + profiles[k] = sanitizeProfile(c, p) } w.Header().Set(model.HEADER_ETAG_SERVER, etag) @@ -1276,7 +1272,7 @@ func uploadProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { l4g.Error(utils.T("api.user.get_me.getting.error"), c.Session.UserId) } else { user := result.Data.(*model.User) - user.SanitizeProfile(c.IsSystemAdmin(), false, true, true) + user = sanitizeProfile(c, user) message := model.NewWebSocketEvent("", "", c.Session.UserId, model.WEBSOCKET_EVENT_USER_UPDATED) message.Add("user", user) go Publish(message) @@ -1326,7 +1322,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { } updatedUser := rusers[0] - updatedUser.SanitizeProfile(c.IsSystemAdmin(), false, true, true) + updatedUser = sanitizeProfile(c, updatedUser) message := model.NewWebSocketEvent("", "", user.Id, model.WEBSOCKET_EVENT_USER_UPDATED) message.Add("user", updatedUser) @@ -2567,3 +2563,16 @@ func userTyping(req *model.WebSocketRequest) (map[string]interface{}, *model.App return nil, nil } + +func sanitizeProfile(c *Context, user *model.User) *model.User { + options := utils.Cfg.GetSanitizeOptions() + + if c.IsSystemAdmin() { + options["email"] = true + options["fullname"] = true + } + + user.SanitizeProfile(options) + + return user +} |